Try SpotterRenew a valid certificate
| "added in version" 0.3.0 of maxhoesel.smallstep"
Authors: Max Hösel (@maxhoesel)
Install with ansible-galaxy collection install maxhoesel.smallstep:==0.24.5
collections:
- name: maxhoesel.smallstep
version: 0.24.5Renew a valid certificate
# See https://smallstep.com/docs/step-cli/reference/ca/renew for more examples
- name: Renew a certificate
maxhoesel.smallstep.step_ca_renew:
crt_file: internal.crt
key_file: internal.key
ca_url: https://ca.smallstep.com:9000
force: yes
pid:
description: 'The process id to signal after the certificate has been renewed. By
default the the SIGHUP (1) signal will be used, but this can be configured with
the I(signal) parameter.
'
type: int
exec:
description: The command to run after the certificate has been renewed.
type: str
root:
description: 'The path to the PEM file used as the root certificate authority. Used
if the module is run in online mode (default) and the hosts C(step-cli) is not configured
to trust the CA.
'
type: path
force:
description: Force the overwrite of files without asking.
type: bool
ca_url:
description: 'URI of the targeted Step Certificate Authority. Used if the module is
run in online mode (default) and the hosts C(step-cli) is not configured to trust
the CA.
'
type: str
signal:
description: 'The signal number to send to the selected PID, so it can reload the
configuration and load the new certificate. Default value is SIGHUP (1).
'
type: int
offline:
description: 'Don''t contact the CA. Offline mode uses the configuration, certificates,
and keys created with step ca init, but can accept a different configuration file
using the I(ca_config) flag.
'
type: bool
crt_file:
description: The certificate in PEM format that we want to renew.
required: true
type: path
key_file:
description: They key file of the certificate.
required: true
type: path
pid_file:
description: 'The path from which to read the process id that will be signaled after
the certificate has been renewed. By default the the SIGHUP (1) signal will be used,
but this can be configured with the I(signal) parameter.
'
type: path
ca_config:
description: The path to the certificate authority configuration file on the host.
type: path
expires_in:
description: "The amount of time remaining before certificate expiration, at which\
\ point a renewal should be attempted. The certificate renewal will not be performed\
\ if the time to expiration is greater than the I(expires_in) value. A random jitter\
\ (duration/20) will be added to avoid multiple services hitting the renew endpoint\
\ at the same time. The duration is a sequence of decimal numbers, each with optional\
\ fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time\
\ units are \"ns\", \"us\" (or \"\xB5s\"), \"ms\", \"s\", \"m\", \"h\".\n"
type: str
output_file:
description: The new certificate file path. Defaults to overwriting the crt-file positional
argument.
type: path
password_file:
description: The path to the file containing the password to encrypt or decrypt the
private key.
type: path
step_cli_executable:
default: step-cli
description: Name (or absolute path) of the C(step-cli) executable to use
type: path