-1

I've tried to use acme_certificate module to generate cert on my server

I use it with the next params:

- name: "Generate a Let's Encrypt account key"
  shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/account.key"

- name: "install acme"
  acme_certificate:
    acme_version: 2
    challenge: http-01
    terms_agreed: 1
    csr: "/etc/letsencrypt/csrs/{{ domain_name }}.csr"
    account_key_content: "/etc/letsencrypt/account.key"
    fullchain_dest: "/etc/letsencrypt/certs/fullchain_{{ domain_name }}.crt"
    acme_directory: https://acme-v02.api.letsencrypt.org/directory 
    account_email: "/etc/letsencrypt/account.key""
  become: yes

But when I've executed playbook I saw the next

FAILED! => {"changed": false, "msg": "error while parsing account key: error while loading key: Could not unserialize key data.", "other": {}}

Why does it happen ?

TheArchitect
  • 1,160
  • 4
  • 15
  • 26
Andrew True
  • 1
  • Side note: rather than using openssl through shell, you should create your private key with the [`openssl_privatekey` module](https://docs.ansible.com/ansible/latest/modules/openssl_privatekey_module.html) – Zeitounator Jul 17 '20 at 06:34

1 Answers1

0

I've notice that I use wrong Parameter I should use account_key_src instead of account_key_content

Andrew True
  • 1
  • 1
    The parameter is not wrong, both exist. Meanwhile if you use `_content` instead of `_src` you must provide the key data directly, not the path to the containing file (e.g. `{{ lookup('file', '/etc/letsencrypt/account.key') }}`) – Zeitounator Jul 17 '20 at 06:32