Update to 2022-01-26 16:00

roles/rabbitmq_server/tasks/conf.yml

@@ -6,8 +6,8 @@
   notify: restart rabbitmq-server
   tags: rabbit
 
-  # Create a self signed cert. This is needed even if a cert is later obtained with dehydrated as
-  # turnserver must be started before that
+# Create a self signed cert. This is needed even if a cert is later obtained with dehydrated as
+# rabbitmq must be started before that
 - import_tasks: ../includes/create_selfsigned_cert.yml
   vars:
     - cert_path: /etc/rabbitmq/ssl/cert.pem
@@ -15,6 +15,16 @@
     - cert_user: rabbitmq
   tags: rabbitmq
 
+- name: Check if the cert chain exists
+  stat: path=/etc/rabbitmq/ssl/chain.pem
+  register: rabbitmq_ssl_chain
+  tags: rabbitmq
+
+- name: Copy the cert on the chain file
+  copy: src=/etc/rabbitmq/ssl/cert.pem dest=/etc/rabbitmq/ssl/chain.pem remote_src=True
+  when: not rabbitmq_ssl_chain.stat.exists
+  tags: rabbitmq
+
 - name: Deploy configuration
   template: src={{ rabbitmq_conf }}.j2 dest=/etc/rabbitmq/{{ rabbitmq_conf }}
   notify: restart rabbitmq-server

roles/rabbitmq_server/tasks/facts.yml

@@ -1,12 +1,14 @@
 ---
 
-  # On EL8 and newer, rabbitmq config uses the new format
+# On EL8 and newer, rabbitmq config uses the new format
 - set_fact: rabbitmq_conf={{ ansible_distribution_major_version is version('8','>=') | ternary('rabbitmq.conf','rabbitmq.config') }}
   tags: rabbitmq
 
-- when: rabbitmq_letsencrypt_cert is defined or rabbitmq_ssl_cert_path is not defined or rabbitmq_ssl_key_path is not defined
+# When obtaining the cert with Let's Encrypt, or when using the default self-signed certificate
+- when: rabbitmq_letsencrypt_cert is defined or (rabbitmq_ssl_cert_path is not defined or rabbitmq_ssl_key_path is not defined)
   block:
     - set_fact: rabbitmq_ssl_cacert_path='/etc/rabbitmq/ssl/chain.pem'
     - set_fact: rabbitmq_ssl_cert_path='/etc/rabbitmq/ssl/cert.pem'
     - set_fact: rabbitmq_ssl_key_path='/etc/rabbitmq/ssl/key.pem'
   tags: rabbitmq
+