From 52578507a141ab94af8445c8d2a5fcd87c2d0e80 Mon Sep 17 00:00:00 2001 From: Santeri Kainulainen Date: Tue, 9 Dec 2025 15:33:36 +0200 Subject: [PATCH] Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs This commit will also allow Caddy to properly generate certs with longer lifetimes than 12 hours, and by default it has been set to 1 month --- README.MD | 6 +++++- files/certs/intermediate.crt | 20 ++++++++++---------- files/certs/intermediate.key | 6 +++--- files/certs/root.crt | 18 +++++++++--------- files/certs/root.key | 6 +++--- meta/main.yml | 3 ++- tasks/main.yml | 5 ----- templates/Caddyfile.j2 | 5 +++-- 8 files changed, 35 insertions(+), 34 deletions(-) diff --git a/README.MD b/README.MD index c112245..6767616 100644 --- a/README.MD +++ b/README.MD @@ -41,4 +41,8 @@ tasks: ``` Note that the domains get looped over, so you can have multiple of them. -Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this \ No newline at end of file +Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this + +# Dependencies + +[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy diff --git a/files/certs/intermediate.crt b/files/certs/intermediate.crt index 5ef5a67..e5e08ba 100644 --- a/files/certs/intermediate.crt +++ b/files/certs/intermediate.crt @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtDCCAVqgAwIBAgIRAMHp+q/ddqH+S9fE5V7QhhkwCgYIKoZIzj0EAwIwJjEk -MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwMTEz -MTg1M1oXDTI1MTIwODEzMTg1M1owKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF -Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZL83Hyar -iIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOCYo5I6E99zZiVD2SZNe1x -uVXYV6mcERDnC6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C -AQAwHQYDVR0OBBYEFJII7wjwySNFSJWt700GYE1JfsGxMB8GA1UdIwQYMBaAFHCv -EafSET7wyiMUOd3eZrQx3lw8MAoGCCqGSM49BAMCA0gAMEUCIQCCj54nwceSHHJ+ -RCN2CyEByqMh/RdDd/FijJ800x3J6gIgemnp9J3CrKN/Fzy3JOhetVCRkVqjDNLc -ZH4K1pYnDBA= +MIIBtDCCAVqgAwIBAgIRALrzZ2s5VtqAmn4XFGu/r7owCgYIKoZIzj0EAwIwJjEk +MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwOTEz +MTYyMloXDTI2MTIwOTEzMTYyMlowKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF +Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5QvpDkl0 +/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0khYH+2WaT8/E9yfP5G9J5 +a4nDOM6rKsL/rqNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C +AQAwHQYDVR0OBBYEFBSQKBjweZcJtluzSEzdfA3rCMH+MB8GA1UdIwQYMBaAFLf7 +HOJMt7rcWgyNVQFwg1ibX4rkMAoGCCqGSM49BAMCA0gAMEUCIQCt4S/kc8bZ1amw +NRkwxfNEJn8xWMeLVgT/t50PWTfA1gIgJ1/6IoyRmrsNmHdChA+WcINK/1jsAOMV +CcvYlcfWNH0= -----END CERTIFICATE----- diff --git a/files/certs/intermediate.key b/files/certs/intermediate.key index 4c6898d..c69e3e0 100644 --- a/files/certs/intermediate.key +++ b/files/certs/intermediate.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIDLfKjCXLIseInlVmkL1dx6K/Iv6uxjhJjRmI4xr9kXNoAoGCCqGSM49 -AwEHoUQDQgAEZL83HyariIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOC -Yo5I6E99zZiVD2SZNe1xuVXYV6mcERDnCw== +MHcCAQEEIDWrFHeV74K3DqFXy8kAxk/mNFXIU4ZASGof0zcJcmEfoAoGCCqGSM49 +AwEHoUQDQgAE5QvpDkl0/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0k +hYH+2WaT8/E9yfP5G9J5a4nDOM6rKsL/rg== -----END EC PRIVATE KEY----- diff --git a/files/certs/root.crt b/files/certs/root.crt index 55ab77e..c8091df 100644 --- a/files/certs/root.crt +++ b/files/certs/root.crt @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBjzCCATWgAwIBAgIQMNAFWqphrzOxuSOWVbSr4jAKBggqhkjOPQQDAjAmMSQw -IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjAxMTMx -ODUzWhcNMzUxMDEwMTMxODUzWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw -MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASD2byYNpauRUOg -LggkyrY/ZRMZIQMT+rXlQMctxnV77VOdaXccTC2vfpOS2tqwcwySyP1NYg1DqvD0 -L4VjUb/To0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd -BgNVHQ4EFgQUcK8Rp9IRPvDKIxQ53d5mtDHeXDwwCgYIKoZIzj0EAwIDSAAwRQIh -AI4rOGX/GNjlUnwixzcXM1FFrBrarzRZd/6+z99I+1yhAiAqxxK69h4ae0nylgVO -pKlmiO5bk38ZfwjN6qAIqMaCcg== +MIIBkDCCATWgAwIBAgIQdEKF0J4ML82roSwYCus/BjAKBggqhkjOPQQDAjAmMSQw +IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjA5MTMx +NjIyWhcNMzUxMDE4MTMxNjIyWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw +MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5wtXojFvtONCz +UjwelJcZY+6Xvc3+/UIrzUreWxD1qSFxoB7l2U4bx5b6C2ETA/HbJJ5vf9eyW6tC +B91MpfKao0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd +BgNVHQ4EFgQUt/sc4ky3utxaDI1VAXCDWJtfiuQwCgYIKoZIzj0EAwIDSQAwRgIh +AKVHqPFqMh1fLY1h3ZRzOgoIiL0GlNZxKqF7LfaYOhzaAiEA7yTTzHsHLbKl6eHk +T0OvbpceB13fDWHJmEo/SYtJQbo= -----END CERTIFICATE----- diff --git a/files/certs/root.key b/files/certs/root.key index 173930c..277aa00 100644 --- a/files/certs/root.key +++ b/files/certs/root.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICFWtuowkCW/82uhRaJUuisuQFQ3kQc6WH2xopi6aID8oAoGCCqGSM49 -AwEHoUQDQgAEg9m8mDaWrkVDoC4IJMq2P2UTGSEDE/q15UDHLcZ1e+1TnWl3HEwt -r36TktrasHMMksj9TWINQ6rw9C+FY1G/0w== +MHcCAQEEIKWFm7sak+X2jXs6gArHGn9g3QO1U+di1MHypsO7nScXoAoGCCqGSM49 +AwEHoUQDQgAEecLV6Ixb7TjQs1I8HpSXGWPul73N/v1CK81K3lsQ9akhcaAe5dlO +G8eW+gthEwPx2ySeb3/XslurQgfdTKXymg== -----END EC PRIVATE KEY----- diff --git a/meta/main.yml b/meta/main.yml index d960394..6a2a7f0 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -9,4 +9,5 @@ galaxy_info: - caddy - tls - localca -dependencies: [] +dependencies: + - role: nvjacobo.caddy diff --git a/tasks/main.yml b/tasks/main.yml index 34238b2..1187f95 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,3 @@ -- name: Ensure Caddy is installed - ansible.builtin.package: - name: caddy - state: present - - name: Create Caddy configuration directory become: yes ansible.builtin.file: diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2 index 0ed25e9..6faef42 100644 --- a/templates/Caddyfile.j2 +++ b/templates/Caddyfile.j2 @@ -2,6 +2,7 @@ pki { ca local { name "My Local CA" + intermediate_lifetime 365d } } http_port 8080 @@ -11,6 +12,6 @@ localhost:8443 { acme_server { ca local - lifetime 720h + lifetime 30d } -} \ No newline at end of file +}