---
- name: Install certbot package
  ansible.builtin.apt:
    name:
      - certbot
      - cron
    default_release: "{{ certbot_distribution | default(ansible_distribution_release) }}"
    state: present
  tags: certbot

- name: Create webroot path directory
  ansible.builtin.file:
    path: "{{ certbot_path }}"
    owner: root
    group: root
    mode: 0755
    state: directory
  tags: certbot

- name: Install hooks script
  ansible.builtin.copy:
    content: "{{ item.value | default('#!/bin/bash') }}"
    dest: "/etc/letsencrypt/hook-{{ item.key }}"
    owner: root
    group: root
    mode: 0700
  loop: "{{ certbot_domains | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  tags: certbot

- name: Remove old cerbot renew cron
  ansible.builtin.file:
    path: /etc/cron.d/certbot
    state: absent
  tags: certbot

- name: Add certbot renew cron
  ansible.builtin.cron:
    name: certbot-renew
    user: root
    hour: "*/12"
    minute: "0"
    job: "perl -e 'sleep int(rand(3600))' && certbot -q renew"
  tags: certbot