From da2572ddb144086034eba1989ae909763e95c680 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 20 Dec 2015 14:13:08 +0100 Subject: Use the Let's Encrypt CA for our public certs. --- roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 2 +- roles/IMAP/tasks/imap.yml | 19 +++---------------- 2 files changed, 4 insertions(+), 17 deletions(-) (limited to 'roles/IMAP') diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index dc0b5bf..114388e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ ssl = required # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = 1 - notify: - - Restart Dovecot - tags: - - genkey - name: Fetch Dovecot's X.509 certificate # Ensure we don't fetch private data @@ -105,7 +92,7 @@ dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 - register: r2 + register: r1 with_items: - conf.d/10-auth.conf - conf.d/10-logging.conf @@ -132,14 +119,14 @@ create=yes owner=root group=root mode=0644 - register: r3 + register: r2 when: "'IMAP' in group_names and 'webmail' not in group_names" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started - when: not (r1.changed or r2.changed or r3.changed) + when: not (r1.changed or r2.changed) - meta: flush_handlers -- cgit v1.2.3