---
- name: install certbot package
  ansible.builtin.apt:
    name:
      - certbot
      - cron
    default_release: '{{ certbot_distribution|default(ansible_distribution_release) }}'
    state: present
  tags: certbot

- name: create webroot path directory
  ansible.builtin.file:
    path: '{{ certbot_path }}'
    owner: root
    group: root
    mode: 0755
    state: directory
  tags: certbot

- name: install certbot-renew binary
  ansible.builtin.copy:
    src: certbot-renew
    dest: /usr/local/bin/certbot-renew
    owner: root
    group: root
    mode: 0755
  tags: certbot

- name: install certbot renew configuration
  ansible.builtin.template:
    src: renew.cfg.j2
    dest: /etc/letsencrypt/renew.cfg
    owner: root
    group: root
    mode: 0644
  tags: certbot

- name: remove old cerbot renew cron
  ansible.builtin.file:
    path: /etc/cron.d/certbot
    state: absent
  tags: certbot

- name: add certbot renew cron
  ansible.builtin.cron:
    name: certbot-renew
    user: root
    hour: '*/12'
    minute: '0'
    job: perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook /usr/local/bin/certbot-renew
  tags: certbot