From 8241da27196237e902cdaba7e4e9b5c6c54f96c2 Mon Sep 17 00:00:00 2001
From: Szymon Cader <szymon.sc.cader@gmail.com>
Date: Sun, 26 Jul 2020 22:25:05 +0200
Subject: [PATCH] Add support for issuing fake certificates from letsencrypt
 staging environment

---
 defaults/main.yml              |  2 ++
 tasks/delete-existing-cert.yml | 29 +++++++++++++++++++++++++++++
 tasks/main.yml                 |  6 ++++++
 3 files changed, 37 insertions(+)
 create mode 100644 tasks/delete-existing-cert.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 7002b26..96e576a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,6 +8,7 @@ certbot_auto_renew_options: "--quiet --no-self-upgrade"
 
 # Parameters used when creating new Certbot certs.
 certbot_create_if_missing: false
+certbot_staging_mode: false
 certbot_create_method: standalone
 certbot_admin_email: email@example.com
 certbot_certs: []
@@ -19,6 +20,7 @@ certbot_certs: []
 #     - example3.com
 certbot_create_command: >-
   {{ certbot_script }} certonly --standalone --noninteractive --agree-tos
+   {% if certbot_staging_mode %} --staging {% endif %}
   --email {{ cert_item.email | default(certbot_admin_email) }}
   -d {{ cert_item.domains | join(',') }}
 
diff --git a/tasks/delete-existing-cert.yml b/tasks/delete-existing-cert.yml
new file mode 100644
index 0000000..3ac0d69
--- /dev/null
+++ b/tasks/delete-existing-cert.yml
@@ -0,0 +1,29 @@
+---
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/fullchain.pem
+  register: letsencrypt_cert
+
+- name: Get information about certificate
+  openssl_certificate_info:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/fullchain.pem
+  register: letsencrypt_cert_data
+  when: letsencrypt_cert.stat.exists
+
+- name: Set letsencrypt_cert_is_fake var
+  set_fact:
+    letsencrypt_cert_is_fake: "{{ 'yes' if letsencrypt_cert_data.issuer.commonName == 'Fake LE Intermediate X1' else 'no' }}"
+  when:
+    - letsencrypt_cert.stat.exists
+
+- name: Delete existing certificates if needed
+  file:
+    path: /etc/letsencrypt/{{ item }}
+    state: absent
+  loop:
+    - "live/{{ cert_item.domains | first | replace('*.', '') }}"
+    - "archive/{{ cert_item.domains | first | replace('*.', '') }}"
+    - "renewal/{{ cert_item.domains | first | replace('*.', '') }}.conf"
+  when:
+    - letsencrypt_cert.stat.exists
+    - letsencrypt_cert_is_fake | default(false) and not certbot_staging_mode
diff --git a/tasks/main.yml b/tasks/main.yml
index 52aa6af..0cc7f19 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,6 +10,12 @@
 - import_tasks: install-from-source.yml
   when: certbot_install_from_source
 
+- include_tasks:
+    file: delete-existing-cert.yml
+  loop: "{{ certbot_certs }}"
+  loop_control:
+    loop_var: cert_item
+
 - include_tasks: create-cert-standalone.yml
   with_items: "{{ certbot_certs }}"
   when: