Registers and generates certificates

defaults/main.yml

@@ -1,7 +1,10 @@
 ---
+# Global options for configuration file
+certbot_config_file_options: {}
+
 # Certbot auto-renew cron job configuration (for certificate renewals).
 certbot_auto_renew: true
-certbot_auto_renew_user: "{{ ansible_user }}"
+certbot_auto_renew_user: "{{ lookup('env', 'USER') }}"
 certbot_auto_renew_hour: 3
 certbot_auto_renew_minute: 30
 
@@ -14,3 +17,18 @@ certbot_keep_updated: yes
 
 # Where to put Certbot when installing from source.
 certbot_dir: /opt/certbot
+
+# Set to true to have this role register and generate certificates for your
+# domains.
+certbot_handle_certs: true
+certbot_register_email: user@example.com
+
+# The command to run to register with Let's Encrypt
+certbot_register_command: certbot --non-interactive --agree-tos --email "{{ certbot_register_email }}"
+
+# The domains to generate certs for
+certbot_domains:
+- 'example.com'
+
+# The command to run to generate the certificates
+certbot_cert_command: certbot certonly --noninteractive --standalone

tasks/generate-certs.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Register with Let's Encrypt
+  command: "{{ certbot_register_command }}"
+
+- name: Generate certificates
+  command: "{{ certbot_cert_command }} -d {{ certbot_domains | join(' -d ') }}"

tasks/main.yml

@@ -7,5 +7,8 @@
 - include: install-from-source.yml
   when: certbot_install_from_source
 
+- include: generate-certs.yml
+  when: certbot_handle_certs
+
 - include: renew-cron.yml
   when: certbot_auto_renew