fix(lego): compare pubkey against merged configuration and provide a default key type

2024-11-10 06:24:17 +00:00 · 2023-06-19 09:02:40 +02:00 · 2023-06-19 09:02:40 +02:00 · 12eb1aa48b
commit 12eb1aa48b
parent 2ff5fac58d
2 changed files with 4 additions and 2 deletions
--- a/roles/lego/defaults/main.yml
+++ b/roles/lego/defaults/main.yml
@ -72,6 +72,7 @@ lego_acme_account_defaults:
        - "mailto:{{ lego_certificate.email }}"

 lego_certificate_renewal_days: 30
+lego_configuration_default_key_type: "ec256"

 lego_configuration_defaults:
  command_parameters:
@ -80,6 +81,7 @@ lego_configuration_defaults:
      accept-tos: true
      email: "{{ lego_certificate.email }}"
      path: "{{ lego_base_path }}"
+      key-type: "{{ lego_configuration_default_key_type }}"
    run: {}
    renew:
      days: "{{ lego_certificate_renewal_days }}"
--- a/roles/lego/tasks/main.yml
+++ b/roles/lego/tasks/main.yml
@ -162,8 +162,8 @@
      vars:
        lego_certificate_wanted_keytype: >-2
          {{
-            "ECC" if "ec" in lego_configuration.command_parameters.global["key-type"]
-            else "RSA" if "rsa" in lego_configuration.command_parameters.global["key-type"]
+            "ECC" if "ec" in lego_configuration_merged.command_parameters.global["key-type"]
+            else "RSA" if "rsa" in lego_configuration_merged.command_parameters.global["key-type"]
          }}
      when: "lego_certificate_stat.stat.exists"
      changed_when: "lego_certificate_pubkey_type_differs"