From 800254b3549ed9c772798637bca7695a294dd869 Mon Sep 17 00:00:00 2001
From: James Gibson <james.gibson@bbc.co.uk>
Date: Mon, 18 Oct 2021 08:50:27 +0100
Subject: [PATCH] Add option to use alernative CA server for certbot

This could be achieved using the
haproxy_ssl_letsencrypt_setup_extra_params variable, but this
makes it a bit neater.

Change-Id: Iee2d5a10e1762b23fcb3f3140950c76a754743b7
---
 defaults/main.yml                 | 2 ++
 tasks/haproxy_ssl_letsencrypt.yml | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index c5e9d63..78eea78 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -170,6 +170,8 @@ haproxy_ssl_letsencrypt_acl:
   letsencrypt-acl:
     rule: "path_beg /.well-known/acme-challenge/"
     backend_name: letsencrypt
+# Use alternative CA that supports ACME, can be a public or private CA
+# haproxy_ssl_letsencrypt_certbot_server: "https://acme-staging-v02.api.letsencrypt.org/directory"
 
 # hatop extra package URL and checksum
 haproxy_hatop_download_url: "https://github.com/jhunt/hatop/archive/v0.8.0.tar.gz"
diff --git a/tasks/haproxy_ssl_letsencrypt.yml b/tasks/haproxy_ssl_letsencrypt.yml
index 67ca48c..ab6191a 100644
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@@ -76,6 +76,9 @@
     --rsa-key-size 4096
     --email {{ haproxy_ssl_letsencrypt_email }}
     --domains {{ haproxy_bind_external_lb_vip_address }}
+    {% if haproxy_ssl_letsencrypt_certbot_server is defined %}
+    --server {{ haproxy_ssl_letsencrypt_certbot_server }}
+    {% endif %}
     {% if haproxy_ssl_letsencrypt_certbot_challenge == 'http-01' %}
     --http-01-port {{ haproxy_ssl_letsencrypt_certbot_backend_port }}
     --http-01-address {{ haproxy_ssl_letsencrypt_certbot_bind_address }}