Remove Certbot

defaults/main.yml

@@ -1,10 +1,2 @@
 ---
 common__basics__additional_packages: []
-
-common__certbot__state: install
-common__certbot__run: true
-common__certbot__email: 'user@example.com'
-common__certbot__cert_name: 'example.com'
-common__certbot__cert_domains: ['example.com', 'www.example.com']
-common__certbot__post_hook: null
-common__certbot__pre_hook: null

tasks/certbot/install.yml

@@ -1,86 +0,0 @@
----
-- name: Create Let's Encrypt system group
-  group:
-    name: '{{ common__certbot__group }}'
-    system: true
-
-- name: Install Certbot
-  apt:
-    name: certbot
-
-- name: Create directories for Let's Encrypt configuration
-  file:
-    state: directory
-    path: '{{ item }}'
-    mode: 'u=rwx,go=rx'
-    owner: root
-    group: root
-  with_items:
-    - '{{ common__certbot__conf_dir }}'
-    - '{{ common__certbot__archive_dir }}'
-    - '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
-    - '{{ common__certbot__live_dir }}'
-    - '{{ common__certbot__live_dir }}/{{ common__certbot__cert_name }}'
-
-- name: Install Let's Encrypt config
-  template:
-    src: templates/certbot/cli.ini
-    dest: '{{ common__certbot__conf_cli }}'
-    mode: 'u=rw,go=r'
-    owner: root
-    group: root
-
-- name: Install Nginx SSL options
-  template:
-    src: templates/certbot/options-ssl-nginx.conf
-    dest: '{{ common__certbot__conf_nginx }}'
-    mode: 'u=rw,go=r'
-    owner: root
-    group: root
-
-- name: Obtain Let's Encrypt certificate
-  command: 'certbot certonly'
-  register: common__certbot__result
-  when: common__certbot__run|bool
-  changed_when: >-
-    common__certbot__result.stdout is
-    not search('Certificate not yet due for renewal; no action taken.')
-
-- name: Find Let's Encrypt certificates and chains
-  register: certs_and_chains
-  find:
-    paths: '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
-    patterns:
-      - 'cert*.pem'
-      - 'chain*.pem'
-      - 'fullchain*.pem'
-
-- name: Find Let's Encrypt private keys
-  register: privkeys
-  find:
-    paths: '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
-    patterns: 'privkey*.pem'
-
-- name: Display Let's Encrypt certificates and chains
-  debug:
-    msg: "{{ certs_and_chains.files | map(attribute='path') | list }}"
-
-- name: Display Let's Encrypt private keys
-  debug:
-    msg: "{{ privkeys.files | map(attribute='path') | list }}"
-
-- name: Change group of Let's Encrypt certificates and chains
-  file:
-    path: '{{ item }}'
-    mode: 'u=rw,go=r'
-    owner: root
-    group: root
-  with_items: "{{ certs_and_chains.files | map(attribute='path') | list }}"
-
-- name: Change group of Let's Encrypt private keys
-  file:
-    path: '{{ item }}'
-    mode: 'u=rw,g=r,o='
-    owner: root
-    group: '{{ common__certbot__group }}'
-  with_items: "{{ privkeys.files | map(attribute='path') | list }}"

tasks/certbot/purge.yml

@@ -1,11 +0,0 @@
----
-- name: Purge Certbot
-  apt:
-    name: certbot
-    state: absent
-    purge: true
-
-- name: Delete Certbot configuration
-  file:
-    state: absent
-    path: '{{ common__certbot__conf_dir }}'

tasks/certbot/remove.yml

@@ -1,6 +0,0 @@
----
-- name: Uninstall Certbot
-  apt:
-    name: certbot
-    state: absent
-    purge: false

tasks/main.yml

@@ -3,17 +3,3 @@
 - include_tasks: usability.yml
 - include_tasks: ssh.yml
 - meta: flush_handlers
-
-- fail:
-    msg: 'Invalid `common__certbot__state`: {{ common__certbot__state }}'
-  when: (common__certbot__state != None) and
-        (common__certbot__state != 'purge') and
-        (common__certbot__state != 'remove') and
-        (common__certbot__state != 'install')
-- include_tasks: certbot/purge.yml
-  when: common__certbot__state == 'purge'
-- include_tasks: certbot/remove.yml
-  when: common__certbot__state == 'remove'
-- include_tasks: certbot/install.yml
-  when: common__certbot__state == 'install'
-- meta: flush_handlers

templates/certbot/cli.ini

@@ -1,17 +0,0 @@
-# see https://certbot.eff.org/docs/using.html#certbot-command-line-options
-agree-tos = true
-cert-name = {{ common__certbot__cert_name }}
-domains = {{ common__certbot__cert_domains | join(',') }}
-email = {{ common__certbot__email }}
-max-log-backups = 0
-no-eff-email = true
-non-interactive = true
-{% if common__certbot__post_hook %}
-post-hook = {{ common__certbot__post_hook }}
-{% endif %}
-{% if common__certbot__pre_hook %}
-pre-hook = {{ common__certbot__pre_hook }}
-{% endif %}
-redirect = true
-rsa-key-size = 4096
-standalone = true

templates/certbot/options-ssl-nginx.conf

@@ -1,14 +0,0 @@
-# This file contains important security parameters. If you modify this file
-# manually, Certbot will be unable to automatically provide future security
-# updates. Instead, Certbot will print and log an error message with a path to
-# the up-to-date file that you will need to refer to when manually updating
-# this file.
-
-ssl_session_cache shared:le_nginx_SSL:10m;
-ssl_session_timeout 1440m;
-ssl_session_tickets off;
-
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_prefer_server_ciphers off;
-
-ssl_ciphers "{{ common__certbot__nginx_ssl_ciphers | join(':') }}";

vars/main.yml

@@ -1,17 +0,0 @@
----
-common__certbot__group: 'letsencrypt'
-common__certbot__conf_dir: '/etc/letsencrypt'
-common__certbot__conf_cli: '{{ common__certbot__conf_dir }}/cli.ini'
-common__certbot__conf_nginx: '{{ common__certbot__conf_dir }}/options-ssl-nginx.conf'
-common__certbot__archive_dir: '{{ common__certbot__conf_dir }}/archive'
-common__certbot__live_dir: '{{ common__certbot__conf_dir }}/live'
-
-common__certbot__nginx_ssl_ciphers:
-  - 'ECDHE-ECDSA-AES128-GCM-SHA256'
-  - 'ECDHE-RSA-AES128-GCM-SHA256'
-  - 'ECDHE-ECDSA-AES256-GCM-SHA384'
-  - 'ECDHE-RSA-AES256-GCM-SHA384'
-  - 'ECDHE-ECDSA-CHACHA20-POLY1305'
-  - 'ECDHE-RSA-CHACHA20-POLY1305'
-  - 'DHE-RSA-AES128-GCM-SHA256'
-  - 'DHE-RSA-AES256-GCM-SHA384'