Clean up old cronjob to avoid failures

Author: swalkinshaw

roles/nginx/defaults/main.yml

@@ -27,3 +27,6 @@ acme_certificate_key_type: ecdsa:256
 acme_ssl_verify: "on"
 nginx_acme_state_path: /var/lib/nginx/acme
 nginx_acme_zone_size: 1M
+
+# SSL certificate cache for variable-based certs (ACME)
+nginx_ssl_certificate_cache_max: 10

roles/nginx/tasks/main.yml

@@ -81,6 +81,12 @@
     state: absent
   notify: reload nginx
 
+- name: Remove legacy Let's Encrypt cron job
+  file:
+    path: /etc/cron.d/letsencrypt-certificate-renewal
+    state: absent
+  when: sites_using_letsencrypt | length > 0
+
 - name: Enable Nginx to start on boot
   service:
     name: nginx

roles/nginx/templates/h5bp/directive-only/ssl.conf

@@ -40,7 +40,3 @@ keepalive_timeout 300s; # up from 75 secs default
 #ssl_certificate      /etc/nginx/default_ssl.crt;
 #ssl_certificate_key  /etc/nginx/default_ssl.key;
 
-# Caches SSL certificates and secret keys that are specified by variables
-# (specifically used for ACME / Let's Encrypt certificates).
-# The more servers you have with SSL, the higher the max value should be.
-ssl_certificate_cache max=2

roles/nginx/templates/nginx.conf.j2

@@ -67,13 +67,11 @@ http {
   }
   {% endblock %}
 
-  {% block resolver -%}
+  {% block acme -%}
+  {% if sites_using_letsencrypt | length > 0 -%}
   resolver {{ nginx_resolver }};
   resolver_timeout {{ nginx_resolver_timeout }};
-  {% endblock %}
 
-  {% block acme -%}
-  {% if sites_using_letsencrypt | length > 0 -%}
   acme_issuer letsencrypt {
     uri             {{ acme_server }};
     state_path      {{ nginx_acme_state_path }};
@@ -83,6 +81,8 @@ http {
   }
 
   acme_shared_zone zone=acme:{{ nginx_acme_zone_size }};
+
+  ssl_certificate_cache max={{ nginx_ssl_certificate_cache_max }};
   {% endif %}
   {% endblock %}