From 53d15320e6c8d1c1d327c94c0202243868fc37e9 Mon Sep 17 00:00:00 2001
From: Victor Seva <linuxmaniac@torreviejawireless.org>
Date: Wed, 1 Oct 2025 01:29:06 +0200
Subject: [PATCH] certbot_create_method 'nginx'

---
 README.md                   |  5 +++++
 tasks/create-cert-nginx.yml | 15 +++++++++++++++
 tasks/main.yml              |  8 ++++++++
 vars/default.yml            |  2 ++
 4 files changed, 30 insertions(+)
 create mode 100644 tasks/create-cert-nginx.yml

diff --git a/README.md b/README.md
index 5fe186b..6f69404 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Current methods supported for generating new certificates using this role:
 
   - `standalone`
   - `webroot`
+  - `nginx`
   - `dns-cloudflare`
 
 **For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
@@ -90,6 +91,10 @@ This install method is currently experimental and may or may not work across all
 
 When using the `webroot` creation method, a `webroot` item has to be provided for every `certbot_certs` item, specifying which directory to use for the authentication. Also, make sure your webserver correctly delivers contents from this directory.
 
+### nginx Certificate Generation
+
+When using the `nginx` creation method, `nginx` package will be installed as a dependency of `python3-certbot-nginx`.
+
 #### dns-cloudflare Certificate Generation
 
 When using the `dns-cloudflare` creation method, set `certbot_dns_cloudflare_api_token` with your Cloudflare API token.
diff --git a/tasks/create-cert-nginx.yml b/tasks/create-cert-nginx.yml
new file mode 100644
index 0000000..6fd7218
--- /dev/null
+++ b/tasks/create-cert-nginx.yml
@@ -0,0 +1,15 @@
+---
+- name: Determine certificate name
+  set_fact:
+    cert_item_name: "{{ cert_item.name | default(cert_item.domains | first | replace('*.', '')) }}"
+
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
+  register: letsencrypt_cert
+  become: true
+
+- name: Generate new certificate if one doesn't exist.
+  command: "{{ certbot_create_command }}"
+  when: not letsencrypt_cert.stat.exists
+  become: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 219e92e..b705132 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -40,6 +40,14 @@
   loop_control:
     loop_var: cert_item
 
+- include_tasks: create-cert-nginx.yml
+  with_items: "{{ certbot_certs }}"
+  when:
+    - certbot_create_if_missing
+    - certbot_create_method == 'nginx'
+  loop_control:
+    loop_var: cert_item
+
 - include_tasks: create-cert-dns-cloudflare.yml
   with_items: "{{ certbot_certs }}"
   when:
diff --git a/vars/default.yml b/vars/default.yml
index e394f90..b5a7c5f 100644
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -1,5 +1,7 @@
 ---
 certbot_package: certbot
 certbot_create_packages:
+  nginx:
+    - python3-certbot-nginx
   'dns-cloudflare':
     - python3-certbot-dns-cloudflare