Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs

This commit will also allow Caddy to properly generate certs
with longer lifetimes than 12 hours, and by default it has been set to 1
month

README.MD

@@ -1,12 +1,14 @@
 # Kifi Caddy
 
-Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing. 
-This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h). 
+Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.\
+By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.\
+Pre-generated certificates can be found in `files/certs`, but you can also generate your own ones by using this role while the directory is empty, and then copy-pasting them from the VM to this directory.
+This is for mostly convenience, as multiple VM's might use this role so you only need to import the `root.crt` to your browser once.
 
 ## Example usage
 
-In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs. 
- 
+In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs.\
+\
 Example for tilastot.kirjastot.fi.local:
 ```
 - role: kifi.caddy
@@ -41,4 +43,8 @@ tasks:
 ``` 
 
 Note that the domains get looped over, so you can have multiple of them. 
-Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
+Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
+
+# Dependencies
+
+[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy

files/certs/intermediate.crt

@@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIBtDCCAVqgAwIBAgIRAMHp+q/ddqH+S9fE5V7QhhkwCgYIKoZIzj0EAwIwJjEk
-MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwMTEz
-MTg1M1oXDTI1MTIwODEzMTg1M1owKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
-Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZL83Hyar
-iIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOCYo5I6E99zZiVD2SZNe1x
-uVXYV6mcERDnC6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwHQYDVR0OBBYEFJII7wjwySNFSJWt700GYE1JfsGxMB8GA1UdIwQYMBaAFHCv
-EafSET7wyiMUOd3eZrQx3lw8MAoGCCqGSM49BAMCA0gAMEUCIQCCj54nwceSHHJ+
-RCN2CyEByqMh/RdDd/FijJ800x3J6gIgemnp9J3CrKN/Fzy3JOhetVCRkVqjDNLc
-ZH4K1pYnDBA=
+MIIBtDCCAVqgAwIBAgIRALrzZ2s5VtqAmn4XFGu/r7owCgYIKoZIzj0EAwIwJjEk
+MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwOTEz
+MTYyMloXDTI2MTIwOTEzMTYyMlowKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
+Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5QvpDkl0
+/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0khYH+2WaT8/E9yfP5G9J5
+a4nDOM6rKsL/rqNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0OBBYEFBSQKBjweZcJtluzSEzdfA3rCMH+MB8GA1UdIwQYMBaAFLf7
+HOJMt7rcWgyNVQFwg1ibX4rkMAoGCCqGSM49BAMCA0gAMEUCIQCt4S/kc8bZ1amw
+NRkwxfNEJn8xWMeLVgT/t50PWTfA1gIgJ1/6IoyRmrsNmHdChA+WcINK/1jsAOMV
+CcvYlcfWNH0=
 -----END CERTIFICATE-----

files/certs/intermediate.key

@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIDLfKjCXLIseInlVmkL1dx6K/Iv6uxjhJjRmI4xr9kXNoAoGCCqGSM49
-AwEHoUQDQgAEZL83HyariIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOC
-Yo5I6E99zZiVD2SZNe1xuVXYV6mcERDnCw==
+MHcCAQEEIDWrFHeV74K3DqFXy8kAxk/mNFXIU4ZASGof0zcJcmEfoAoGCCqGSM49
+AwEHoUQDQgAE5QvpDkl0/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0k
+hYH+2WaT8/E9yfP5G9J5a4nDOM6rKsL/rg==
 -----END EC PRIVATE KEY-----

files/certs/root.crt

@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBjzCCATWgAwIBAgIQMNAFWqphrzOxuSOWVbSr4jAKBggqhkjOPQQDAjAmMSQw
-IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjAxMTMx
-ODUzWhcNMzUxMDEwMTMxODUzWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
-MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASD2byYNpauRUOg
-LggkyrY/ZRMZIQMT+rXlQMctxnV77VOdaXccTC2vfpOS2tqwcwySyP1NYg1DqvD0
-L4VjUb/To0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
-BgNVHQ4EFgQUcK8Rp9IRPvDKIxQ53d5mtDHeXDwwCgYIKoZIzj0EAwIDSAAwRQIh
-AI4rOGX/GNjlUnwixzcXM1FFrBrarzRZd/6+z99I+1yhAiAqxxK69h4ae0nylgVO
-pKlmiO5bk38ZfwjN6qAIqMaCcg==
+MIIBkDCCATWgAwIBAgIQdEKF0J4ML82roSwYCus/BjAKBggqhkjOPQQDAjAmMSQw
+IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjA5MTMx
+NjIyWhcNMzUxMDE4MTMxNjIyWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
+MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5wtXojFvtONCz
+UjwelJcZY+6Xvc3+/UIrzUreWxD1qSFxoB7l2U4bx5b6C2ETA/HbJJ5vf9eyW6tC
+B91MpfKao0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
+BgNVHQ4EFgQUt/sc4ky3utxaDI1VAXCDWJtfiuQwCgYIKoZIzj0EAwIDSQAwRgIh
+AKVHqPFqMh1fLY1h3ZRzOgoIiL0GlNZxKqF7LfaYOhzaAiEA7yTTzHsHLbKl6eHk
+T0OvbpceB13fDWHJmEo/SYtJQbo=
 -----END CERTIFICATE-----

files/certs/root.key

@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEICFWtuowkCW/82uhRaJUuisuQFQ3kQc6WH2xopi6aID8oAoGCCqGSM49
-AwEHoUQDQgAEg9m8mDaWrkVDoC4IJMq2P2UTGSEDE/q15UDHLcZ1e+1TnWl3HEwt
-r36TktrasHMMksj9TWINQ6rw9C+FY1G/0w==
+MHcCAQEEIKWFm7sak+X2jXs6gArHGn9g3QO1U+di1MHypsO7nScXoAoGCCqGSM49
+AwEHoUQDQgAEecLV6Ixb7TjQs1I8HpSXGWPul73N/v1CK81K3lsQ9akhcaAe5dlO
+G8eW+gthEwPx2ySeb3/XslurQgfdTKXymg==
 -----END EC PRIVATE KEY-----

meta/main.yml

@@ -9,4 +9,5 @@ galaxy_info:
     - caddy
     - tls
     - localca
-dependencies: []
+dependencies:
+  - role: nvjacobo.caddy

tasks/main.yml

@@ -1,8 +1,3 @@
-- name: Ensure Caddy is installed
-  ansible.builtin.package:
-    name: caddy
-    state: present
-
 - name: Create Caddy configuration directory
   become: yes
   ansible.builtin.file:

templates/Caddyfile.j2

@@ -2,6 +2,7 @@
     pki {
         ca local {
             name "My Local CA"
+            intermediate_lifetime 365d
         }
     }
     http_port 8080
@@ -11,6 +12,6 @@
 localhost:8443 {
     acme_server {
         ca local
-        lifetime 720h
+        lifetime 30d
     }
-}
+}