Add option to use alernative CA server for certbot

This could be achieved using the haproxy_ssl_letsencrypt_setup_extra_params variable, but this makes it a bit neater. Change-Id: Iee2d5a10e1762b23fcb3f3140950c76a754743b7
2021-10-18 08:50:27 +01:00 · 2021-10-18 08:50:27 +01:00 · 800254b354
parent 27efcbd7bd
commit 800254b354
2 changed files with 5 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -170,6 +170,8 @@ haproxy_ssl_letsencrypt_acl:
  letsencrypt-acl:
    rule: "path_beg /.well-known/acme-challenge/"
    backend_name: letsencrypt
+# Use alternative CA that supports ACME, can be a public or private CA
+# haproxy_ssl_letsencrypt_certbot_server: "https://acme-staging-v02.api.letsencrypt.org/directory"

 # hatop extra package URL and checksum
 haproxy_hatop_download_url: "https://github.com/jhunt/hatop/archive/v0.8.0.tar.gz"
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@ -76,6 +76,9 @@
    --rsa-key-size 4096
    --email {{ haproxy_ssl_letsencrypt_email }}
    --domains {{ haproxy_bind_external_lb_vip_address }}
+    {% if haproxy_ssl_letsencrypt_certbot_server is defined %}
+    --server {{ haproxy_ssl_letsencrypt_certbot_server }}
+    {% endif %}
    {% if haproxy_ssl_letsencrypt_certbot_challenge == 'http-01' %}
    --http-01-port {{ haproxy_ssl_letsencrypt_certbot_backend_port }}
    --http-01-address {{ haproxy_ssl_letsencrypt_certbot_bind_address }}