From 508832a1a698960ccbf48cf97afc0ae6a0fa8741 Mon Sep 17 00:00:00 2001 From: Waldemar Smirnow Date: Fri, 6 Feb 2026 12:33:38 +0100 Subject: [PATCH 1/2] The Lego Renew Certificate Service timer should be running. The Lego Renew systemd timer will be initialised and enabled for each certificate, but not started. A fix and test have been provided to check this. --- molecule/default/verify.yml | 21 +++++++++++++++++++-- tasks/main.yml | 1 + 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 742150f..e13dd31 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,10 +1,12 @@ --- - name: Verify hosts: all + vars: + lego_domain: molecule.lego.elan tasks: - name: Stat certificate file ansible.builtin.stat: - path: /etc/lego/certificates/molecule.lego.elan.crt + path: /etc/lego/certificates/{{ lego_domain }}.crt register: certificate_file - name: Check certificate exists @@ -23,6 +25,21 @@ that: - certificate_file.stat.exists - certificate_file.stat.islnk - - certificate_file.stat.lnk_target == '/etc/lego/certificates/molecule.lego.elan.crt' + - certificate_file.stat.lnk_target == '/etc/lego/certificates/{{ lego_domain }}.crt' fail_msg: certificate link not exists success_msg: certificate link exists + + - name: Check Lego renew timer is enabled and active + check_mode: true + ansible.builtin.systemd: + name: lego-renew@{{ lego_domain }}.timer + enabled: true + state: started + register: lego_renew_timer_state + + - name: Verify Lego renew timer state + ansible.builtin.assert: + that: + - lego_renew_timer_state is not changed + fail_msg: lego-renew@{{ lego_domain }}.timer wasn't enabled or running + success_msg: lego-renew@{{ lego_domain }}.timer is enabled and running diff --git a/tasks/main.yml b/tasks/main.yml index 8fd777c..615b2d1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -122,6 +122,7 @@ ansible.builtin.systemd: name: lego-renew@{{ lego_domains | first }}.timer enabled: true + state: started - name: Import link certificate tasks ansible.builtin.include_tasks: link_certificate.yml From 7d2f99a0f6aeaf3b17ec2bb695da0c90148ab146 Mon Sep 17 00:00:00 2001 From: Waldemar Smirnow Date: Wed, 11 Feb 2026 11:34:25 +0100 Subject: [PATCH 2/2] Fixed deprecation warning [WARNING]: Jinja constant strings should not contain embedded templates. This feature will be disabled by default in ansible-core 2.23. Origin: /home/runner/work/lego/lego/molecule/default/verify.yml:28:13 --- molecule/default/verify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index e13dd31..7147c69 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -25,7 +25,7 @@ that: - certificate_file.stat.exists - certificate_file.stat.islnk - - certificate_file.stat.lnk_target == '/etc/lego/certificates/{{ lego_domain }}.crt' + - certificate_file.stat.lnk_target == '/etc/lego/certificates/' + lego_domain + '.crt' fail_msg: certificate link not exists success_msg: certificate link exists