Install Certbot via snap

girder · Apr 10, 2020 · 2464178 · 2464178
1 parent 6214534
commit 2464178
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 28 deletions.
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -34,9 +34,7 @@ platforms:
     groups:
       - targets
   - name: pebble
-    # Until Certbot >= 0.34.0 is used, Pebble needs an older version
-    # https://github.com/letsencrypt/pebble/issues/192
-    image: letsencrypt/pebble:v1.0.1
+    image: letsencrypt/pebble:latest
     pre_build_image: true
     override_command: false
     env:

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -30,32 +30,13 @@
   become: true
   become_user: root
 
-- name: Add Certbot PPA key
-  apt_key:
-    id: "{{ nginx_certbot_ubuntu_apt_key }}"
-    # https://unix.stackexchange.com/a/110594
-    keyserver: "hkps://keyserver.ubuntu.com:443"
-  become: true
-  become_user: root
-
-- name: Add Certbot PPA
-  apt_repository:
-    repo: >-
-      deb
-      http://ppa.launchpad.net/certbot/certbot/ubuntu
-      {{ ansible_distribution_release }}
-      main
-    update_cache: true
-  become: true
-  become_user: root
+- import_tasks: migrate.yml
 
-- name: Install Certbot package
-  apt:
-    # This is Python 3, but named differently in the PPA
-    name: python-certbot-nginx
-    force_apt_get: true
-  become: true
-  become_user: root
+- name: Install Certbot snap package
+  snap:
+    name: certbot
+    classic: true
+    channel: edge
 
 # Nginx must be already started via systemd, or running Certbot will start its
 # own instance, then orphan that Nginx process (still bound to ports) when it

diff --git a/tasks/migrate.yml b/tasks/migrate.yml
@@ -0,0 +1,34 @@
+---
+- name: Remove obsolete Certbot PPA key
+  apt_key:
+    id: "{{ nginx_certbot_ubuntu_apt_key }}"
+    # https://unix.stackexchange.com/a/110594
+    keyserver: "hkps://keyserver.ubuntu.com:443"
+    state: absent
+  become: true
+  become_user: root
+
+- name: Remove obsolete Certbot PPA
+  apt_repository:
+    repo: >-
+      deb
+      http://ppa.launchpad.net/certbot/certbot/ubuntu
+      {{ ansible_distribution_release }}
+      main
+    update_cache: true
+    state: absent
+  become: true
+  become_user: root
+
+- name: Remove obsolete Certbot packages
+  apt:
+    name:
+      # This is Python 3, but named differently in the PPA
+      - python-certbot-nginx
+      - python3-certbot-nginx
+      - certbot
+      - python3-certbot
+    force_apt_get: true
+    state: absent
+  become: true
+  become_user: root