---
- name: Check if certificate exist
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ item.key }}"
  loop: "{{ certbot_domains | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  register: st
  tags: certbot

- name: Check if a webservice is started
  ansible.builtin.wait_for:
    port: "{{ certbot_port }}"
    state: started
    timeout: 2
  ignore_errors: true
  register: web
  tags: certbot

- name: Create a new certificate  # noqa no-changed-when
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
    --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
  loop: "{{ st.results }}"
  loop_control:
    label: "{{ item.item.key }}"
  when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and not web.failed
  tags: certbot

- name: Create a new certificate (standalone)  # noqa no-changed-when
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
    --http-01-port {{ certbot_port }}
  loop: "{{ st.results }}"
  loop_control:
    label: "{{ item.item.key }}"
  when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and web.failed
  tags: certbot