From 0b414a9d74afbd633ab97f05568ca14ecc2b7916 Mon Sep 17 00:00:00 2001
From: fliespl <a.rzadkowolski@gmail.com>
Date: Fri, 20 Sep 2024 22:44:16 +0200
Subject: [PATCH 1/4] expand variable

---
 defaults/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index dc1034e..cf12a24 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@ certbot_auto_renew_hour: "3"
 certbot_auto_renew_minute: "30"
 certbot_auto_renew_options: "--quiet"
 
+certbot_expand: false
 certbot_testmode: false
 certbot_hsts: false
 

From 6230e82ba926c0e57800286b62b3f1f9f7dede2c Mon Sep 17 00:00:00 2001
From: fliespl <a.rzadkowolski@gmail.com>
Date: Fri, 20 Sep 2024 22:45:47 +0200
Subject: [PATCH 2/4] handle expand in standalone

---
 tasks/create-cert-standalone.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index 1d1f979..259888e 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -40,3 +40,18 @@
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
   when: not letsencrypt_cert.stat.exists
+
+- name: Register certificate domains (if certbot_expand)
+  shell: "{{ certbot_script }} certificates --cert-name {{ cert_item.domains | first | replace('*.', '') }} | grep Domains | cut -d':' -f2"
+  changed_when: false
+  register: letsencrypt_cert_domains_dirty
+  when: certbot_expand and letsencrypt_cert.stat.exists
+
+- name: Cleanup domain list (if certbot_expand)
+  set_fact:
+    letsencrypt_cert_domains: "{{ letsencrypt_cert_domains_dirty.stdout | trim | split(' ') | map('trim') | select('!=', '') | list | sort }}"
+  when: certbot_expand and letsencrypt_cert.stat.exists
+
+- name: Expand certbot certificate (if certbot_expand)
+  command: "{{ certbot_create_command }}"
+  when: certbot_expand and letsencrypt_cert.stat.exists and letsencrypt_cert_domains != cert_item.domains | map('trim') | select('!=', '') | list | sort

From 48941fe2a0b5ef4ce4620f8cfafb383651091b72 Mon Sep 17 00:00:00 2001
From: fliespl <a.rzadkowolski@gmail.com>
Date: Fri, 20 Sep 2024 22:46:05 +0200
Subject: [PATCH 3/4] handle certbot expand in webroot

---
 tasks/create-cert-webroot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tasks/create-cert-webroot.yml b/tasks/create-cert-webroot.yml
index 8399872..00e5e12 100644
--- a/tasks/create-cert-webroot.yml
+++ b/tasks/create-cert-webroot.yml
@@ -12,3 +12,18 @@
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
   when: not letsencrypt_cert.stat.exists
+
+- name: Register certificate domains (if certbot_expand)
+  shell: "{{ certbot_script }} certificates --cert-name {{ cert_item.domains | first | replace('*.', '') }} | grep Domains | cut -d':' -f2"
+  changed_when: false
+  register: letsencrypt_cert_domains_dirty
+  when: certbot_expand and letsencrypt_cert.stat.exists
+
+- name: Cleanup domain list (if certbot_expand)
+  set_fact:
+    letsencrypt_cert_domains: "{{ letsencrypt_cert_domains_dirty.stdout | trim | split(' ') | map('trim') | select('!=', '') | list | sort }}"
+  when: certbot_expand and letsencrypt_cert.stat.exists
+
+- name: Expand certbot certificate (if certbot_expand)
+  command: "{{ certbot_create_command }}"
+  when: certbot_expand and letsencrypt_cert.stat.exists and letsencrypt_cert_domains != cert_item.domains | map('trim') | select('!=', '') | list | sort

From 49e18182a7eb8c5d55d8af31082d658c5fc50f0e Mon Sep 17 00:00:00 2001
From: fliespl <a.rzadkowolski@gmail.com>
Date: Fri, 20 Sep 2024 22:46:37 +0200
Subject: [PATCH 4/4] certbot expand in command

---
 defaults/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index cf12a24..19272a1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,6 +38,7 @@ certbot_create_command: >-
   {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }}
   {{ certbot_create_extra_args }}
   -d {{ cert_item.domains | join(',') }}
+  {{ '--expand' if certbot_expand else '' }}
   {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services'
     if certbot_create_standalone_stop_services and certbot_create_method == 'standalone'
   else '' }}