From: Alfredo Deza <adeza@redhat.com>
Date: Mon, 8 Aug 2016 19:02:20 +0000 (-0400)
Subject: ansible: use letsencrypt renew vs. asking for a new cert every 12 hours
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=918aa44dd238fe96c4a7901e45a837bd950b8a31;p=ceph-build.git

ansible: use letsencrypt renew vs. asking for a new cert every 12 hours

Signed-off-by: Alfredo Deza <adeza@redhat.com>
---

diff --git a/ansible/roles/nginx/tasks/letsencrypt.yml b/ansible/roles/nginx/tasks/letsencrypt.yml
index 4edcf980..7fad662a 100644
--- a/ansible/roles/nginx/tasks/letsencrypt.yml
+++ b/ansible/roles/nginx/tasks/letsencrypt.yml
@@ -42,9 +42,9 @@
 - name: setup a cron to renew the SSL cert every day
   cron:
     name: "renew letsencrypt cert for {{ item.app_name }}"
-    minute: "0"
+    minute: "21"
     hour: "6,18"
-    job: "letsencrypt certonly --webroot -w {{ ssl_webroot_base_path }}/{{ item.fqdn }} -d {{ item.fqdn }} --email {{ ssl_support_email }} --agree-tos --renew-by-default"
+    job: "letsencrypt renew"
   sudo: yes
   with_items: nginx_hosts