Merge remote-tracking branch 'upstream/master'

README.md

@@ -8,6 +8,8 @@ An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu.
 
 If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
 
+If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
+
 ## Role Variables
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
@@ -90,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi
 
 Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
 
+    apache_ignore_missing_ssl_certificate: true
+
+If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
+
 ## Dependencies
 
 None.

defaults/main.yml

@@ -28,6 +28,8 @@ apache_vhosts_ssl: []
   #   # Optional.
   #   certificate_chain_file: "/path/to/certificate_chain.crt"
 
+apache_ignore_missing_ssl_certificate: true
+
 apache_ssl_protocol: "All -SSLv2 -SSLv3"
 apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
 

tasks/configure-Debian.yml

@@ -23,6 +23,11 @@
   with_items: apache_mods_disabled
   notify: restart apache
 
+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: apache_vhosts_ssl
+
 - name: Add apache vhosts configuration.
   template:
     src: "vhosts-{{ apache_vhosts_version }}.conf.j2"

tasks/configure-RedHat.yml

@@ -8,6 +8,11 @@
   with_items: apache_ports_configuration_items
   notify: restart apache
 
+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: apache_vhosts_ssl
+
 - name: Add apache vhosts configuration.
   template:
     src: "vhosts-{{ apache_vhosts_version }}.conf.j2"

templates/vhosts-2.4.conf.j2

@@ -30,6 +30,7 @@
 
 {# Set up SSL VirtualHosts #}
 {% for vhost in apache_vhosts_ssl %}
+{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
 <VirtualHost *:{{ apache_listen_port_ssl }}>
   ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
@@ -65,4 +66,5 @@
 {% endif %}
 </VirtualHost>
 
+{% endif %}
 {% endfor %}