0

I have the following Ansible playbook to issue and install certificate:

- name: Issue certificate
  shell: acme.sh --issue --dns dns_acmeproxy -d {{ server_name }}

- name: Install certificate
  shell: >-
    acme.sh --dns dns_acmeproxy -d {{ server_name }}
    --install-cert
    --key-file "/etc/pki/tls/private/{{ server_name }}.key"
    --fullchain-file "/etc/pki/tls/certs/{{ server_name }}.crt"
    --reloadcmd "systemctl restart nginx"
  register: installcert
  failed_when: installcert.rc != 0

Is there a way to write Molecule converge test with using fake server_name or/and without calling ACME?

Kirill
  • 33
  • 5
  • Are you aware there are [specific modules](https://docs.ansible.com/ansible/latest/collections/community/crypto/) for this ? Regarding your test in molecule, would the [acme staging environment](https://letsencrypt.org/docs/staging-environment/) somewhat solve your issue ? Note: if you intend to make tests on an environment that is not reachable from the acme server, I don't think it is possible. – Zeitounator Mar 10 '21 at 17:22
  • @Zeitounator, thanks for your notes. As for the specific modules, I use acmeproxy DNS API (https://github.com/acmesh-official/acme.sh/wiki/dnsapi#78-use-acmeproxy-dns-api) and set ACMEPROXY_ENDPOINT: `ACMEPROXY_ENDPOINT="https://acmeproxy.myhost.com:9096" acme.sh --issue --dns dns_acmeproxy -d {{ server_name }}` I've just checked your attached link with ansible modules, but I haven't found a way to set up the DNS API. – Kirill Mar 10 '21 at 17:47

0 Answers0