diff --git a/roles/sendmail/tasks/main.yml b/roles/sendmail/tasks/main.yml index c65d0bf..d46a43b 100644 --- a/roles/sendmail/tasks/main.yml +++ b/roles/sendmail/tasks/main.yml @@ -34,18 +34,32 @@ - name: copy certificate copy: src: "{{ item }}" - dest: "{{ tls_certs }}/{{ mail_server }}-fullchain.crt" + dest: "{{ tls_certs }}/{{ mail_server }}.crt" mode: 0644 owner: root group: "{{ ansible_wheel }}" validate: /usr/bin/openssl x509 -in %s -noout with_first_found: - - "/srv/letsencrypt/live/{{ mail_server }}/fullchain.pem" + - "/srv/letsencrypt/live/{{ mail_server }}/cert.pem" - "/srv/ca/certs/{{ mail_server }}.crt" - "/srv/ca/certs/{{ inventory_hostname }}.crt" tags: certificates notify: restart sendmail +- name: copy certificate chain + copy: + src: "{{ item }}" + dest: "{{ tls_certs }}/{{ mail_server }}-chain.crt" + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + validate: /usr/bin/openssl x509 -in %s -noout + with_first_found: + - "/srv/letsencrypt/live/{{ mail_server }}/chain.pem" + - "/srv/ca/certs/ca.crt" + tags: certificates + notify: restart sendmail + - name: copy sendmail config template template: src: sendmail.mc.j2 diff --git a/roles/sendmail/templates/sendmail.mc.j2 b/roles/sendmail/templates/sendmail.mc.j2 index 79e3f38..08b04d3 100644 --- a/roles/sendmail/templates/sendmail.mc.j2 +++ b/roles/sendmail/templates/sendmail.mc.j2 @@ -23,7 +23,8 @@ TRUST_AUTH_MECH(`GSSAPI LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI LOGIN PLAIN')dnl dnl # define(`confCACERT_PATH', `/etc/mail/certs')dnl -define(`confSERVER_CERT', `/etc/pki/tls/certs/{{ mail_server }}-fullchain.crt')dnl +define(`confCACERT', `/etc/pki/tls/certs/{{ mail_server }}-chain.crt')dnl +define(`confSERVER_CERT', `/etc/pki/tls/certs/{{ mail_server }}.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/{{ mail_server }}.key')dnl define(`confCLIENT_CERT', `/etc/pki/tls/certs/{{ mail_server }}.crt')dnl define(`confCLIENT_KEY', `/etc/pki/tls/private/{{ mail_server }}.key')dnl