andreaswolf · jadjay · Feb 16, 2017 · Feb 16, 2017
diff --git a/README.md b/README.md
@@ -78,8 +78,7 @@ give you the certificate!):
 
 The certificate will be placed in the path given in the `certpath` attribute.
 The `chainedcertpath` option gives you a certificate file consisting of the actual certificate and the intermediate
-certificate. This is e.g. useful for nginx. There is also a `fullchainedcertpath` option that works much the same, but
-will include the private key in the output. Note that you always need to also have the `certpath` option set, even
+certificate. This is e.g. useful for nginx. Note that you always need to also have the `certpath` option set, even
 if you only want to use the chained certificate.
 
 For multidomain certificates, all mentioned names must point to the server where the certificate is being generated.

diff --git a/_config.yml b/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-minimal
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 acme_tiny_repo: 'https://github.com/diafygi/acme-tiny.git'
-acme_tiny_commit: '7a5a2558c8d6e5ab2a59b9fec9633d9e63127971'
+acme_tiny_commit: '69a457269a6392ac31b629b4e103e8ea7dd282c9'
 
 acme_tiny_software_directory: '/usr/local/letsencrypt'
 acme_tiny_data_directory: '/var/lib/letsencrypt'
@@ -23,9 +23,9 @@ acme_tiny_challenges_directory: '/var/www/letsencrypt'
 
 letsencrypt_account_key: '{{ acme_tiny_data_directory }}/account.key'
 
-letsencrypt_intermediate_cert_path: '/etc/ssl/certs/lets-encrypt-x3-cross-signed.pem'
-letsencrypt_intermediate_cert_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem'
-letsencrypt_intermediate_cert_sha256sum: 'e446c5e9dbef9d09ac9f7027c034602492437a05ff6c40011d7235fca639c79a'
+letsencrypt_intermediate_cert_path: '/etc/ssl/certs/lets-encrypt-x1-cross-signed.pem'
+letsencrypt_intermediate_cert_url: 'https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem'
+letsencrypt_intermediate_cert_sha256sum: '6c0a324bb803e9d66b8986ea2085bb9d6bdfe33f5c04a03a3f7024f4aa8e7a2d'
 
 letsencrypt_key_dir: '/etc/ssl/letsencrypt/keys'
 letsencrypt_certs_dir: '/etc/ssl/letsencrypt/certs'

diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info
@@ -0,0 +1 @@
+{install_date: 'Wed Feb 15 14:20:08 2017', version: v1.1}
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -14,18 +14,17 @@
     path: '{{ acme_tiny_data_directory }}/csrs'
     state: directory
 
-- name: create group
-  group:
-    name: '{{ letsencrypt_group }}'
-    system: yes
-
 - name: create user
   user:
     name: '{{ letsencrypt_user }}'
-    group: '{{ letsencrypt_group }}'
     home: '{{ acme_tiny_data_directory }}'
     system: yes
 
+- name: create group
+  group:
+    name: '{{ letsencrypt_group }}'
+    system: yes
+
 - name: create certs directory
   file:
     path: '{{ letsencrypt_certs_dir }}'
@@ -64,11 +63,6 @@
     group: '{{ letsencrypt_group }}'
     recurse: true
 
-- name: install pip dependencies
-  pip:
-    name: argparse
-    state: present
-
 - name: clone acme-tiny repository
   git:
     dest: '{{ acme_tiny_software_directory }}'
@@ -120,9 +114,6 @@
     dest={{ letsencrypt_intermediate_cert_path }}
     sha256sum={{ letsencrypt_intermediate_cert_sha256sum }}
 
-#################################################
-# key setup
-
 - name: generate private keys
   shell: >
     openssl genrsa 4096 > {{ item.keypath }}
@@ -151,7 +142,7 @@
   tags: ['letsencrypt_keys']
 
 - name: generate csrs for multi domain keys
-  shell: "openssl req -new -sha256 -key '{{ item.keypath }}' -subj '/' -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:{{ item.host|join(',DNS:') }}')) > {{ acme_tiny_data_directory }}/csrs/{{ item.name }}.csr"
+  shell: "openssl req -new -sha256 -key '{{ item.keypath }}' -subj '/' -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:{{ item.host|join(',DNS:') }}')) > {{ acme_tiny_data_directory }}/csrs/{{ item.name }}.csr"
   args:
     # we must use bash here because dash (default on Debian) throws an error "unexpected ( on line 1"
     executable: "/bin/bash"
@@ -171,22 +162,14 @@
       or 'Error' in generate_initial_cert.stderr))
   tags: ['letsencrypt_keys']
 
-- name: generate chained certificate
+- name: generated chained certificates
   shell: cat {{ item.certpath }} {{ letsencrypt_intermediate_cert_path }} > {{ item.chainedcertpath }}
   args:
     creates: "{{ item.chainedcertpath }}"
   when: item.chainedcertpath is defined
   with_items: "{{ letsencrypt_certs }}"
   tags: ['letsencrypt_keys']
 
-- name: generate full chained certificate
-  shell: cat {{ item.keypath }} {{ item.certpath }} {{ letsencrypt_intermediate_cert_path }} > {{ item.fullchainedcertpath }}
-  args:
-    creates: "{{ item.fullchainedcertpath }}"
-  when: item.fullchainedcertpath is defined
-  with_items: "{{ letsencrypt_certs }}"
-  tags: ['letsencrypt_keys']
-
 #################################################
 # cron setup
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{install_date: 'Wed Feb 15 14:20:08 2017', version: v1.1}