From 993e742d5c71070a2c6d37a89e95cb9b3840641f Mon Sep 17 00:00:00 2001
From: Valentin Gostev <val@le.lc>
Date: Wed, 6 Feb 2019 22:16:39 +0300
Subject: [PATCH] Added method webroot to avoid restarting servers

---
 defaults/main.yml             |  1 +
 tasks/create-cert-webroot.yml | 13 +++++++++++++
 tasks/main.yml                |  8 ++++++++
 vars/webroot.yml              |  7 +++++++
 4 files changed, 29 insertions(+)
 create mode 100644 tasks/create-cert-webroot.yml
 create mode 100644 vars/webroot.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 3186d8e..1fd9eb6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -36,3 +36,4 @@ certbot_keep_updated: true
 
 # Where to put Certbot when installing from source.
 certbot_dir: /opt/certbot
+certbot_webroot: /var/www/letsencrypt
diff --git a/tasks/create-cert-webroot.yml b/tasks/create-cert-webroot.yml
new file mode 100644
index 0000000..5165acd
--- /dev/null
+++ b/tasks/create-cert-webroot.yml
@@ -0,0 +1,13 @@
+---
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
+  register: letsencrypt_cert
+
+- name: Override certbot command variable to use webroot
+  include_vars: "webroot.yml"
+  when: not letsencrypt_cert.stat.exists
+
+- name: Generate new certificate if one doesn't exist.
+  command: "{{ certbot_create_command }}"
+  when: not letsencrypt_cert.stat.exists
diff --git a/tasks/main.yml b/tasks/main.yml
index 680aeda..5e488d9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,5 +15,13 @@
   loop_control:
     loop_var: cert_item
 
+- include_tasks: create-cert-webroot.yml
+  with_items: "{{ certbot_certs }}"
+  when:
+    - certbot_create_if_missing
+    - certbot_create_method == 'webroot'
+  loop_control:
+    loop_var: cert_item
+
 - import_tasks: renew-cron.yml
   when: certbot_auto_renew
diff --git a/vars/webroot.yml b/vars/webroot.yml
new file mode 100644
index 0000000..2519797
--- /dev/null
+++ b/vars/webroot.yml
@@ -0,0 +1,7 @@
+---
+certbot_create_command: >-
+  {{ certbot_script }} certonly --webroot
+  --webroot-path {{ certbot_webroot }}
+  --noninteractive --agree-tos
+  --email {{ cert_item.email | default(certbot_admin_email) }}
+  -d {{ cert_item.domains | join(',') }}
\ No newline at end of file