32 lines
767 B
Django/Jinja
32 lines
767 B
Django/Jinja
## Managed by Ansible ##
|
|
|
|
[Unit]
|
|
Description=Renew Lets Encrypt certificate for {{ item.0.cn }}
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
{% if lego_provider == "ionos" %}
|
|
Environment={{ lego_provider|upper }}_API_KEY={{ vault_ionos_token_dns }}
|
|
{% endif %}
|
|
ExecStart={{ lego_install_dir }}/lego \
|
|
--domains="{{ item.0.cn }}" \
|
|
{% if item.0.sans is defined and item.0.sans %}
|
|
{% for san in item.0.sans %}
|
|
--domains="{{ san }}" \
|
|
{% endfor %}
|
|
{% endif %}
|
|
{{ lego_cli_params | join(' ') }} \
|
|
renew \
|
|
--renew-hook="{{ lego_config_dir }}/renew-hook.sh {{ item.0.cn }}"
|
|
User=root
|
|
|
|
# Restart if renewal fails, but not too quickly
|
|
RestartSec=12h
|
|
Restart=on-failure
|
|
StartLimitInterval=72h
|
|
StartLimitBurst=3
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|