Automating LetsEncrypt Certificates and OpenBSD’s HTTPD using Ansible
My newest side project involves the configuration of OpenBSDs HTTPD(8) to serve a clients domain via plain HTTP and via TLS using an automatically provisioned LetsEncrypt certificate.
The difficulty is that if we don’t have a certificate but we do have the config then httpd will fail to launch leaving the user in a worse situation than they were before.
The answer is to use Ansible’s stat module and liberal use of Jinja IF statements.