---
- name: check if certificate exist
  ansible.builtin.stat:
    path: '/etc/letsencrypt/live/{{ item.key }}'
  loop: '{{ certbot_domains|dict2items }}'
  loop_control:
    label: '{{ item.key }}'
  register: st
  tags: certbot

- name: check if a webservice is started
  ansible.builtin.wait_for:
    port: '{{ certbot_port }}'
    state: started
    timeout: 2
  ignore_errors: true
  register: web
  tags: certbot

- name: create a new certificate
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
    --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
  loop: '{{ st.results }}'
  loop_control:
    label: '{{ item.item.key }}'
  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and not web.failed
  tags: certbot

- name: create a new certificate (standalone)
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
    --http-01-port {{ certbot_port }}
  loop: '{{ st.results }}'
  loop_control:
    label: '{{ item.item.key }}'
  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and web.failed
  tags: certbot