---
- name: install certbot package
  ansible.builtin.apt:
    name:
      - certbot
      - cron
    default_release: '{{ certbot_distribution|default(ansible_distribution_release) }}'
    state: present
  tags: certbot

- name: create webroot path directory
  ansible.builtin.file:
    path: '{{ certbot_path }}'
    owner: root
    group: root
    mode: 0755
    state: directory
  tags: certbot

- name: install hooks script
  ansible.builtin.copy:
    content: '{{ item.value|default("#!/bin/bash") }}'
    dest: '/etc/letsencrypt/hook-{{ item.key }}'
    owner: root
    group: root
    mode: 0700
  loop: '{{ certbot_domains|dict2items }}'
  loop_control:
    label: '{{ item.key }}'
  tags: certbot

- name: remove old cerbot renew cron
  ansible.builtin.file:
    path: /etc/cron.d/certbot
    state: absent
  tags: certbot

- name: add certbot renew cron
  ansible.builtin.cron:
    name: certbot-renew
    user: root
    hour: '*/12'
    minute: '0'
    job: perl -e 'sleep int(rand(3600))' && certbot -q renew
  tags: certbot