Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs

This commit will also allow Caddy to properly generate certs with longer lifetimes than 12 hours, and by default it has been set to 1 month
2025-12-09 15:33:36 +02:00 · 2025-12-09 15:33:36 +02:00 · a2cdabb464
commit a2cdabb464
parent 733c3ed250
8 changed files with 37 additions and 35 deletions
--- a/README.MD
+++ b/README.MD
@ -1,7 +1,8 @@
 # Kifi Caddy

 Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing. 
-This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h). 
+By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.
+Pre-generated certificates can be found in `files/certs`, but you can also generate your own ones by using this role while the directory is empty, and then copy-pasting them from the VM to this directory. This is for mostly convenience, as multiple VM's might use this role so you only need to import theroot.crt to your browser once. 

 ## Example usage

@ -41,4 +42,8 @@ tasks:
 ``` 

 Note that the domains get looped over, so you can have multiple of them. 
-Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
+Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
+
+# Dependencies
+
+[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy
--- a/files/certs/intermediate.crt
+++ b/files/certs/intermediate.crt
@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIBtDCCAVqgAwIBAgIRAMHp+q/ddqH+S9fE5V7QhhkwCgYIKoZIzj0EAwIwJjEk
-MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwMTEz
-MTg1M1oXDTI1MTIwODEzMTg1M1owKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
-Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZL83Hyar
-iIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOCYo5I6E99zZiVD2SZNe1x
-uVXYV6mcERDnC6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwHQYDVR0OBBYEFJII7wjwySNFSJWt700GYE1JfsGxMB8GA1UdIwQYMBaAFHCv
-EafSET7wyiMUOd3eZrQx3lw8MAoGCCqGSM49BAMCA0gAMEUCIQCCj54nwceSHHJ+
-RCN2CyEByqMh/RdDd/FijJ800x3J6gIgemnp9J3CrKN/Fzy3JOhetVCRkVqjDNLc
-ZH4K1pYnDBA=
+MIIBtDCCAVqgAwIBAgIRALrzZ2s5VtqAmn4XFGu/r7owCgYIKoZIzj0EAwIwJjEk
+MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwOTEz
+MTYyMloXDTI2MTIwOTEzMTYyMlowKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
+Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5QvpDkl0
+/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0khYH+2WaT8/E9yfP5G9J5
+a4nDOM6rKsL/rqNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0OBBYEFBSQKBjweZcJtluzSEzdfA3rCMH+MB8GA1UdIwQYMBaAFLf7
+HOJMt7rcWgyNVQFwg1ibX4rkMAoGCCqGSM49BAMCA0gAMEUCIQCt4S/kc8bZ1amw
+NRkwxfNEJn8xWMeLVgT/t50PWTfA1gIgJ1/6IoyRmrsNmHdChA+WcINK/1jsAOMV
+CcvYlcfWNH0=
 -----END CERTIFICATE-----
--- a/files/certs/intermediate.key
+++ b/files/certs/intermediate.key
@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIDLfKjCXLIseInlVmkL1dx6K/Iv6uxjhJjRmI4xr9kXNoAoGCCqGSM49
-AwEHoUQDQgAEZL83HyariIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOC
-Yo5I6E99zZiVD2SZNe1xuVXYV6mcERDnCw==
+MHcCAQEEIDWrFHeV74K3DqFXy8kAxk/mNFXIU4ZASGof0zcJcmEfoAoGCCqGSM49
+AwEHoUQDQgAE5QvpDkl0/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0k
+hYH+2WaT8/E9yfP5G9J5a4nDOM6rKsL/rg==
 -----END EC PRIVATE KEY-----
--- a/files/certs/root.crt
+++ b/files/certs/root.crt
@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBjzCCATWgAwIBAgIQMNAFWqphrzOxuSOWVbSr4jAKBggqhkjOPQQDAjAmMSQw
-IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjAxMTMx
-ODUzWhcNMzUxMDEwMTMxODUzWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
-MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASD2byYNpauRUOg
-LggkyrY/ZRMZIQMT+rXlQMctxnV77VOdaXccTC2vfpOS2tqwcwySyP1NYg1DqvD0
-L4VjUb/To0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
-BgNVHQ4EFgQUcK8Rp9IRPvDKIxQ53d5mtDHeXDwwCgYIKoZIzj0EAwIDSAAwRQIh
-AI4rOGX/GNjlUnwixzcXM1FFrBrarzRZd/6+z99I+1yhAiAqxxK69h4ae0nylgVO
-pKlmiO5bk38ZfwjN6qAIqMaCcg==
+MIIBkDCCATWgAwIBAgIQdEKF0J4ML82roSwYCus/BjAKBggqhkjOPQQDAjAmMSQw
+IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjA5MTMx
+NjIyWhcNMzUxMDE4MTMxNjIyWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
+MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5wtXojFvtONCz
+UjwelJcZY+6Xvc3+/UIrzUreWxD1qSFxoB7l2U4bx5b6C2ETA/HbJJ5vf9eyW6tC
+B91MpfKao0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
+BgNVHQ4EFgQUt/sc4ky3utxaDI1VAXCDWJtfiuQwCgYIKoZIzj0EAwIDSQAwRgIh
+AKVHqPFqMh1fLY1h3ZRzOgoIiL0GlNZxKqF7LfaYOhzaAiEA7yTTzHsHLbKl6eHk
+T0OvbpceB13fDWHJmEo/SYtJQbo=
 -----END CERTIFICATE-----
--- a/files/certs/root.key
+++ b/files/certs/root.key
@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEICFWtuowkCW/82uhRaJUuisuQFQ3kQc6WH2xopi6aID8oAoGCCqGSM49
-AwEHoUQDQgAEg9m8mDaWrkVDoC4IJMq2P2UTGSEDE/q15UDHLcZ1e+1TnWl3HEwt
-r36TktrasHMMksj9TWINQ6rw9C+FY1G/0w==
+MHcCAQEEIKWFm7sak+X2jXs6gArHGn9g3QO1U+di1MHypsO7nScXoAoGCCqGSM49
+AwEHoUQDQgAEecLV6Ixb7TjQs1I8HpSXGWPul73N/v1CK81K3lsQ9akhcaAe5dlO
+G8eW+gthEwPx2ySeb3/XslurQgfdTKXymg==
 -----END EC PRIVATE KEY-----
--- a/meta/main.yml
+++ b/meta/main.yml
@ -9,4 +9,5 @@ galaxy_info:
    - caddy
    - tls
    - localca
-dependencies: []
+dependencies:
+  - role: nvjacobo.caddy
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,8 +1,3 @@
- name: Ensure Caddy is installed
-  ansible.builtin.package:
-    name: caddy
-    state: present
-
 - name: Create Caddy configuration directory
  become: yes
  ansible.builtin.file:
--- a/templates/Caddyfile.j2
+++ b/templates/Caddyfile.j2
@ -2,6 +2,7 @@
    pki {
        ca local {
            name "My Local CA"
+            intermediate_lifetime 365d
        }
    }
    http_port 8080
@ -11,6 +12,6 @@
 localhost:8443 {
    acme_server {
        ca local
-        lifetime 720h
+        lifetime 30d
    }
-}
+}