Add support for installing an existing ACME account

defaults/main.yml

@@ -3,6 +3,24 @@
 # Perform setup step; set false to disable
 letsencrypt_setup: True
 
+# Provide existing account data to be copied over
+letsencrypt_account: ""
+# letsencrypt_account:
+#   hash: 1234567890abcdef1234567890abcdef
+#   id: 123456789
+#   creation_host: localhost
+#   creation_dt: 2020-12-13T13:12:00Z
+#   private_key:
+#     n: 1234
+#     e: 5678
+#     d: 90ab
+#     p: cdef
+#     q: 1234
+#     dp: 5678
+#     dq: 90ab
+#     qi: cdef
+#     kty: RSA
+
 # Set the email address associated with the Let's Encrypt account
 letsencrypt_account_email: ""
 

molecule/default/converge.yml

@@ -4,3 +4,19 @@
   become: true
   roles:
     - role: ansible-role-letsencrypt
+      vars:
+        letsencrypt_account:
+          hash: 1234567890abcdef1234567890abcdef
+          id: 123456789
+          creation_host: localhost
+          creation_dt: 2020-12-13T13:12:00Z
+          private_key:
+            n: 1234
+            e: 5678
+            d: 90ab
+            p: cdef
+            q: 1234
+            dp: 5678
+            dq: 90ab
+            qi: cdef
+            kty: RSA

tasks/account.yml

@@ -0,0 +1,65 @@
+---
+
+- name: Install provided Let's Encrypt ACME account
+  block:
+
+  - name: Create ACME v02 account directory
+    ansible.builtin.file:
+      path: "{{ letsencrypt_directory }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0700
+      state: directory
+    with_items:
+      - accounts
+      - accounts/acme-v02.api.letsencrypt.org
+      - accounts/acme-v02.api.letsencrypt.org/directory
+      - accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }}
+
+  - name: Copy Let's Encrypt account data files
+    ansible.builtin.template:
+      src: "account/{{ item }}.j2"
+      dest: "{{ letsencrypt_directory }}/accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0644
+    with_items:
+      - meta.json
+      - regr.json
+
+  - name: Copy Let's Encrypt account key file
+    ansible.builtin.template:
+      src: account/private_key.json.j2
+      dest: "{{ letsencrypt_directory }}/accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }}/private_key.json"
+      owner: root
+      group: root
+      mode: 0400
+
+  when: letsencrypt_account
+
+- name: Create new Let's Encrypt ACME account
+  block:
+
+  - name: Check if a Let's Encrypt account exists
+    ansible.builtin.stat:
+      path: "{{ letsencrypt_directory }}/accounts"
+    register: letsencrypt_reg_accounts_dir
+
+  - name: Prepare optional account email option
+    ansible.builtin.set_fact:
+      letsencrypt_opt_email: "{{ letsencrypt_account_email | ternary('--email ' + letsencrypt_account_email, '') }}"
+
+  - name: Create new Let's Encrypt account
+    ansible.builtin.command: >
+      certbot register
+      {{ letsencrypt_opt_test_cert }}
+      {{ letsencrypt_opt_email }}
+      {{ letsencrypt_opts_extra }}
+      --non-interactive --agree-tos --quiet
+    register: letsencrypt_reg_account
+    changed_when: letsencrypt_reg_account.rc != 0
+    when: not letsencrypt_reg_accounts_dir.stat.exists
+
+  when: not letsencrypt_account
+  tags:
+    - molecule-notest

tasks/install.yml

@@ -66,28 +66,5 @@
   tags:
     - molecule-notest
 
-- name: Check if a Let's Encrypt account exists
-  ansible.builtin.stat:
-    path: "{{ letsencrypt_directory }}/accounts"
-  register: letsencrypt_reg_accounts_dir
-
-- name: Prepare optional test cert option
-  ansible.builtin.set_fact:
-    letsencrypt_opt_email: "{{ letsencrypt_account_email | ternary('--email ' + letsencrypt_account_email, '') }}"
-
-- name: Prepare optional test cert option
-  ansible.builtin.set_fact:
-    letsencrypt_opt_test_cert: "{{ letsencrypt_test | default() | ternary('--test-cert', '') }}"
-
-- name: Create Let's Encrypt account
-  ansible.builtin.command: >
-    certbot register
-    {{ letsencrypt_opt_test_cert }}
-    {{ letsencrypt_opt_email }}
-    {{ letsencrypt_opts_extra }}
-    --non-interactive --agree-tos --quiet
-  register: letsencrypt_reg_account
-  changed_when: letsencrypt_reg_account.rc != 0
-  when: not letsencrypt_reg_accounts_dir.stat.exists
-  tags:
-    - molecule-notest
+- name: Import account setup tasks
+  ansible.builtin.import_tasks: account.yml

templates/account/meta.json.j2

@@ -0,0 +1 @@
+{"creation_dt": "{{ letsencrypt_account.creation_dt }}","creation_host": "{{ letsencrypt_account.creation_host }}"}

templates/account/private_key.json.j2

@@ -0,0 +1,11 @@
+{
+    "n": "{{ letsencrypt_account.private_key.n }}",
+    "e": "{{ letsencrypt_account.private_key.e }}",
+    "d": "{{ letsencrypt_account.private_key.d }}",
+    "p": "{{ letsencrypt_account.private_key.p }}",
+    "q": "{{ letsencrypt_account.private_key.q }}",
+    "dp": "{{ letsencrypt_account.private_key.dp }}",
+    "dq": "{{ letsencrypt_account.private_key.dq }}",
+    "qi": "{{ letsencrypt_account.private_key.qi }}",
+    "kty": "{{ letsencrypt_account.private_key.kty }}"
+}

templates/account/regr.json.j2

@@ -0,0 +1 @@
+{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/{{ letsencrypt_account.id }}"}