diff --git a/ansible/roles/ssl_cert/tasks/main.yaml b/ansible/roles/ssl_cert/tasks/main.yaml index 7458957241b92e18fa39a724090dfd77a1087ba9..aa562aa448b7a62554bc8e9ae27d6eac2b916c04 100644 --- a/ansible/roles/ssl_cert/tasks/main.yaml +++ b/ansible/roles/ssl_cert/tasks/main.yaml @@ -15,6 +15,17 @@ - "{{ ssl_cert_file }}" - "{{ ssl_cert_chain_file }}" +- name: Change cert files permissions + ansible.builtin.file: + path: "{{ ssl_cert_file_location }}/{{ item }}" + owner: root + group: root + mode: '0600' + when: ssl_cert_s3_bucket | length > 0 and item | length > 0 + loop: + - "{{ ssl_cert_file }}" + - "{{ ssl_cert_chain_file }}" + - name: Download SSL key from S3 aws_s3: mode: get @@ -28,6 +39,14 @@ ansible_python_interpreter: /usr/bin/python3 when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0 +- name: Change key file permissions + ansible.builtin.file: + path: "{{ ssl_cert_key_location }}/{{ ssl_cert_key }}" + owner: root + group: root + mode: '0400' + when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0 + - name: Update SSL in Apache config ansible.builtin.replace: path: "{{ ssl_apache_config }}"