From 6fff2fd6b2366c455a5951a055c3bdb010cae9fa Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Tue, 6 Jun 2017 08:56:46 +0200
Subject: [PATCH] fix revocation

---
 roles/vpn/tasks/openssl.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/roles/vpn/tasks/openssl.yml b/roles/vpn/tasks/openssl.yml
index ed2b9990..a1709bc0 100644
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@@ -145,19 +145,14 @@
 
   - name: Revoke non-existing users
     shell: >
-      openssl ca
-      -config openssl.cnf
-      -passin pass:"{{ easyrsa_CA_password }}"
-      -revoke certs/{{ item }}.crt &&
       openssl ca -gencrl
       -config openssl.cnf
       -passin pass:"{{ easyrsa_CA_password }}"
       -revoke certs/{{ item }}.crt
-      -out crl/{{ item }}.crt &&
-      touch crl/{{ item }}_revoked
+      -out crl/{{ item }}.crt
     args:
       chdir: configs/{{ IP_subject_alt_name }}/pki/
-      creates: crl/{{ item }}_revoked
+      creates: crl/{{ item }}.crt
     environment:
       subjectAltName: "DNS:{{ item }}"
     when: item not in users