lilik_playbook/roles/certbot/tasks/main.yaml

---
- name: install certbot
  apt:
    name: "{{ item }}"
    state: present
    update_cache: true
    cache_valid_time: 3600
  with_items:
    - certbot
    - sendmail-bin
    - cron

- name: Shutdown webservers
  service:
    name: "{{ webserver_name }}"
    state: stopped
  ignore_errors: yes

- name: request certificate
  command: >
    certbot
        certonly
        -a standalone
        --agree-tos
        --email roots@lists.lilik.it
        --preferred-challenges http
        -d {{ server_fqdn }}
        -d www.{{ server_fqdn }}
        -n
  args:
    creates: /etc/letsencrypt/live/{{ server_fqdn }}/cert.pem

- name: Restart webservers
  service:
    name: "{{ webserver_name }}"
    state: started
  ignore_errors: yes

- name: Add systemd timer for cert renewal
  template:
    src: certbot.timer
    dest: /etc/systemd/system/certbot.timer

- name: Add systemd service for cert renewal
  template:
    src: certbot.service
    dest: /etc/systemd/system/certbot.service

- name: Enable timer
  systemd:
    name: certbot.timer
    state: started
    enabled: true
    daemon_reload: true