- name: install certbot package
  apt:
    name: '{{ packages }}'
    default_release: '{{ certbot_distribution|default(ansible_distribution_release) }}'
    state: present
  vars:
    packages:
      - certbot
      - cron
  tags: certbot

- name: create webroot path directory
  file:
    path: '{{ certbot_path }}'
    owner: root
    group: root
    mode: 0755
    state: directory
  tags: certbot

- name: install certbot-renew binary
  copy:
    src: certbot-renew
    dest: /usr/local/bin/certbot-renew
    owner: root
    group: root
    mode: 0755
  tags: certbot

- name: install certbot renew configuration
  template:
    src: renew.cfg.j2
    dest: /etc/letsencrypt/renew.cfg
    owner: root
    group: root
    mode: 0644
  tags: certbot

- name: remove old cerbot renew cron
  file:
    path: /etc/cron.d/certbot
    state: absent
  tags: certbot

- name: add certbot renew cron
  cron:
    name: certbot-renew
    user: root
    hour: '*/12'
    minute: 0
    job: perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook /usr/local/bin/certbot-renew
  tags: certbot