From 00927c9aff4e293927aa40314abeebe841ac4b48 Mon Sep 17 00:00:00 2001
From: Guilherme Balzana <gb637@cam.ac.uk>
Date: Thu, 25 Feb 2021 14:55:51 +0000
Subject: [PATCH] Add certbot_cli_options to populate cli.ini

When using snap and systemd timers to run certbot renew it is useful to
have the cli.ini file populated so we can define options, i.e. pre-hook,
post-hook, etc.
---
 defaults/main.yml                | 9 +++++++++
 tasks/create-cert-standalone.yml | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 230eccb..2166d50 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -37,3 +37,12 @@ certbot_keep_updated: true
 
 # Where to put Certbot when installing from source.
 certbot_dir: /opt/certbot
+
+# Certbot global options for command line execution. Useful as a substitute for
+# certbot_auto_renew_options when using  snap install method
+# certbot_cli_options: |
+#   quiet
+#   no-self-upgrade
+#   pre-hook = systemctl stop httpd
+#   post-hook = systemctl stop httpd
+
diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index 6f25b8a..279e5b8 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -11,6 +11,12 @@
   when: not letsencrypt_cert.stat.exists
   with_items: "{{ certbot_create_standalone_stop_services }}"
 
+- name: Add renew options to cli.ini file
+  copy:
+    path: /etc/letsencrypt/cli.ini
+    content:  {{ certbot_cli_options }}
+  when: certbot_cli_options is defined
+
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
   when: not letsencrypt_cert.stat.exists