From 63638f44716fab71d180137601fbb3389a201d83 Mon Sep 17 00:00:00 2001
From: theS1LV3R <me@s1lv3r.codes>
Date: Fri, 9 Feb 2024 16:29:19 +0100
Subject: [PATCH] Allow for certificates to be expanded to include new domains

---
 defaults/main.yml                | 2 ++
 tasks/create-cert-standalone.yml | 8 ++------
 tasks/create-cert-webroot.yml    | 8 ++------
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index dc1034e..ae56f19 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,6 +14,7 @@ certbot_hsts: false
 certbot_create_if_missing: false
 certbot_create_method: standalone
 certbot_admin_email: email@example.com
+certbot_expand: false
 
 # Default webroot, overwritten by individual per-cert webroot directories
 certbot_webroot: /var/www/letsencrypt
@@ -33,6 +34,7 @@ certbot_create_command: >-
   {{ '--test-cert' if certbot_testmode else '' }}
   --noninteractive --agree-tos
   --email {{ cert_item.email | default(certbot_admin_email) }}
+  {{ '--expand' if certbot_expand else '' }}
   {{ '--webroot-path ' if certbot_create_method == 'webroot'  else '' }}
   {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }}
   {{ certbot_create_extra_args }}
diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index 1d1f979..0fb9348 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -1,9 +1,4 @@
 ---
-- name: Check if certificate already exists.
-  stat:
-    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
-  register: letsencrypt_cert
-
 - name: Ensure pre and post hook folders exist.
   file:
     path: /etc/letsencrypt/renewal-hooks/{{ item }}
@@ -39,4 +34,5 @@
 
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
-  when: not letsencrypt_cert.stat.exists
+  register: certbot_create
+  changed_when: "'no action taken' not in certbot_create.stdout"
diff --git a/tasks/create-cert-webroot.yml b/tasks/create-cert-webroot.yml
index 8399872..6fca89b 100644
--- a/tasks/create-cert-webroot.yml
+++ b/tasks/create-cert-webroot.yml
@@ -1,9 +1,4 @@
 ---
-- name: Check if certificate already exists.
-  stat:
-    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
-  register: letsencrypt_cert
-
 - name: Create webroot directory if it doesn't exist yet
   file:
     path: "{{ cert_item.webroot | default(certbot_webroot) }}"
@@ -11,4 +6,5 @@
 
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
-  when: not letsencrypt_cert.stat.exists
+  register: certbot_create
+  changed_when: "'no action taken' not in certbot_create.stdout"