Merge 9dcabdc972d4b906908015b89b57926a9cb664e1 into 1749d0ace0856064f59dccc9b22f98f0c664e768

defaults/main.yml

@@ -9,6 +9,12 @@ certbot_auto_renew_options: "--quiet"
 certbot_testmode: false
 certbot_hsts: false
 
+certbot_renewal_hook_post: ""
+certbot_renewal_hook_pre: ""
+certbot_renewal_hook_deploy: ""
+certbot_renewal_hook_post_filename: "post.sh"
+certbot_renewal_hook_pre_filename: "pre.sh"
+certbot_renewal_hook_deploy_filename: "deploy.sh"
 
 # Parameters used when creating new Certbot certs.
 certbot_create_if_missing: false

tasks/main.yml

@@ -29,5 +29,7 @@
   loop_control:
     loop_var: cert_item
 
+- import_tasks: setup-hooks.yml
+
 - import_tasks: renew-cron.yml
   when: certbot_auto_renew

tasks/setup-hooks.yml

@@ -0,0 +1,30 @@
+---
+- name: Ensure renewal hook directories exist
+  file:
+    path: "/etc/letsencrypt/renewal-hooks/{{ item }}"
+    state: directory
+  with_items:
+    - post
+    - pre
+    - deploy
+
+- name: Create post-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_post }}"
+    dest: "/etc/letsencrypt/renewal-hooks/post/{{ certbot_renewal_hook_post_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_post != ""
+
+- name: Create pre-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_pre }}"
+    dest: "/etc/letsencrypt/renewal-hooks/pre/{{ certbot_renewal_hook_pre_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_pre != ""
+
+- name: Create deploy-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_deploy }}"
+    dest: "/etc/letsencrypt/renewal-hooks/deploy/{{ certbot_renewal_hook_deploy_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_deploy != ""