diff --git a/defaults/main.yml b/defaults/main.yml index 8542e3b..2e991ea 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,6 @@ certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_hour: "3" certbot_auto_renew_minute: "30" certbot_auto_renew_options: "--quiet --no-self-upgrade" -certbot_nginx_conf_path: /etc/nginx/conf.d/ # Parameters used when creating new Certbot certs. certbot_force: false certbot_create_if_missing: false diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml index 517f4a2..2750ec3 100644 --- a/tasks/create-cert-standalone.yml +++ b/tasks/create-cert-standalone.yml @@ -45,15 +45,3 @@ openssl_dhparam: path: /etc/letsencrypt/ssl-dhparams.pem size: 2048 - -- name: ensure conf.d exist - file: - mode: 0750 - path: "{{ certbot_nginx_conf_path }}" - state: directory - -- name: create nginx config ssl file - template: - mode: 0750 - dest: "{{ certbot_nginx_conf_path }}/{% if certbot_cert_name %}{{ certbot_cert_name }}{% else %}{{ cert_item.domains | first | replace('*.', '') }}{% endif %}.ssl" - src: nginx_ssl_config.j2 diff --git a/templates/nginx_ssl_config.j2 b/templates/nginx_ssl_config.j2 deleted file mode 100644 index 5bd4299..0000000 --- a/templates/nginx_ssl_config.j2 +++ /dev/null @@ -1,10 +0,0 @@ -ssl_certificate /etc/letsencrypt/live/{% if certbot_cert_name %}{{certbot_cert_name}}{% else %}{{ cert_item.domains | first | replace('*.', '') }}{% endif %}/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/{% if certbot_cert_name %}{{certbot_cert_name}}{% else %}{{ cert_item.domains | first | replace('*.', '') }}{% endif %}/privkey.pem; -ssl_session_cache shared:le_nginx_SSL:10m; -ssl_session_timeout 1440m; -ssl_session_tickets off; -ssl_protocols TLSv1.2 TLSv1.3; -ssl_prefer_server_ciphers off; -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; -ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; \ No newline at end of file