maxhoesel / maxhoesel.smallstep / 0.23.1 / module / step_ca_renew Renew a valid certificate | "added in version" 0.3.0 of maxhoesel.smallstep" Authors: Max Hösel (@maxhoesel)maxhoesel.smallstep.step_ca_renew (0.23.1) — module
Install with ansible-galaxy collection install maxhoesel.smallstep:==0.23.1
collections: - name: maxhoesel.smallstep version: 0.23.1
Renew a valid certificate
# See https://smallstep.com/docs/step-cli/reference/ca/renew for more examples - name: Renew a certificate maxhoesel.smallstep.step_ca_renew: crt_file: internal.crt key_file: internal.key ca_url: https://ca.smallstep.com:9000 force: yes
pid: description: 'The process id to signal after the certificate has been renewed. By default the the SIGHUP (1) signal will be used, but this can be configured with the I(signal) parameter. ' type: int exec: description: The command to run after the certificate has been renewed. type: str root: description: 'The path to the PEM file used as the root certificate authority. Used if the module is run in online mode (default) and the hosts C(step-cli) is not configured to trust the CA. ' type: path force: description: Force the overwrite of files without asking. type: bool ca_url: description: 'URI of the targeted Step Certificate Authority. Used if the module is run in online mode (default) and the hosts C(step-cli) is not configured to trust the CA. ' type: str signal: description: 'The signal number to send to the selected PID, so it can reload the configuration and load the new certificate. Default value is SIGHUP (1). ' type: int offline: description: 'Don''t contact the CA. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using the I(ca_config) flag. ' type: bool crt_file: description: The certificate in PEM format that we want to renew. required: true type: path key_file: description: They key file of the certificate. required: true type: path pid_file: description: 'The path from which to read the process id that will be signaled after the certificate has been renewed. By default the the SIGHUP (1) signal will be used, but this can be configured with the I(signal) parameter. ' type: path ca_config: description: The path to the certificate authority configuration file on the host. type: path expires_in: description: "The amount of time remaining before certificate expiration, at which\ \ point a renewal should be attempted. The certificate renewal will not be performed\ \ if the time to expiration is greater than the I(expires_in) value. A random jitter\ \ (duration/20) will be added to avoid multiple services hitting the renew endpoint\ \ at the same time. The duration is a sequence of decimal numbers, each with optional\ \ fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time\ \ units are \"ns\", \"us\" (or \"\xB5s\"), \"ms\", \"s\", \"m\", \"h\".\n" type: str output_file: description: The new certificate file path. Defaults to overwriting the crt-file positional argument. type: path password_file: description: The path to the file containing the password to encrypt or decrypt the private key. type: path step_cli_executable: default: step-cli description: Name (or absolute path) of the C(step-cli) executable to use type: path