Hello,
I’m new to Ansible and have been giving it some attention in my test environment to see how feasible it is to utilize in production… Mainly to provision/configure/manage 30 or so Windows web-servers.
I was able to copy and install my cert and bind it to my site with win_iis_webbinding; however, testing if I need to update the cert for whatever reason, I upload a new cert, change the certificate_hash, and nothing happens. The old cert is still in play. It’s my understanding from looking around on other sites that the certificate_hash isn’t inspected when reviewing pending changes on a playbook play regarding this module, so I’m curious if there’s a way to accomplish updating the cert if the certificate_hash is different.
I attempted to run a play in the playbook to mark the port binding as absent before setting the new thumbprint in the certificate_hash, but received an error stating that it “Cannot create a file when that file already exists.”
Digging deeper I found that if I remove the play below that adds SSL Binding for new site, and only set state of the binding to absent, then the SSL binding is removed. If I try to add the play below in with the new thumbprint, I get the error that the file already exists and the binding reappears with the original cert, not the new updated one. So regardless of what I define the certificate_hash, the original hash always gets added.
Portion of Playbook:
#- name: Remove SSL Binding for newSite
win_iis_webbinding:
name: newSite
protocol: https
port: 443
state: absent
- name: Add SSL Binding for newSite
win_iis_webbinding:
name: newSite
protocol: https
port: 443
certificate_hash: thumbprint (when changed, it gets skipped and never updates on IIS sites)
state: present
Does anyone know of a way to update the cert on a site? Or would it just be best to explore options outside of the module to accomplish this task, such as running a win_shell command with an args, or something else along those lines…?
Thanks,
John