From b469b40ed6c1481c3a7215f5a1477d0cfc0fc5ff Mon Sep 17 00:00:00 2001
From: Yoan Tournade <yoan@ytotech.com>
Date: Fri, 16 Feb 2018 00:18:18 +0100
Subject: [PATCH] Actually update certificate when domain list file is absent
 or has changed

---
 tasks/create-cert-standalone.yml |  7 ++++---
 tasks/test-cert-exists.yml       | 12 +++++++++---
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index b84204c..1347dd9 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -6,23 +6,24 @@
   service:
     name: "{{ item }}"
     state: stopped
-  when: not letsencrypt_cert_exists.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
   with_items: "{{ certbot_create_standalone_stop_services }}"
 
 - name: Generate new certificate if one doesn't exist.
   shell: "{{ certbot_create_command }}"
-  when: not letsencrypt_cert_exists.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
 
 - name: Persist domain list to host
   lineinfile:
     path: /etc/letsencrypt/domains-{{ cert_item.domains | first }}
     line: "{{ cert_item.domains }}"
     state: present
+    create: yes
   when: letsencrypt_cert_updated
 
 - name: Start services after cert has been generated.
   service:
     name: "{{ item }}"
     state: started
-  when: not letsencrypt_cert_exists.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
   with_items: "{{ certbot_create_standalone_stop_services }}"
diff --git a/tasks/test-cert-exists.yml b/tasks/test-cert-exists.yml
index eca752e..02553af 100644
--- a/tasks/test-cert-exists.yml
+++ b/tasks/test-cert-exists.yml
@@ -4,15 +4,21 @@
     path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
   register: letsencrypt_cert_exists
 
-- name: Check if certificate has changed.
+- name: Check if certificate domain list exists.
+  stat:
+    path: /etc/letsencrypt/domains-{{ cert_item.domains | first }}
+  register: letsencrypt_cert_list_exists
+  when: letsencrypt_cert_exists.stat.exists
+
+- name: Check if certificate domain list has changed.
   lineinfile:
     path: /etc/letsencrypt/domains-{{ cert_item.domains | first }}
     line: "{{ cert_item.domains }}"
     state: present
   check_mode: yes
   register: letsencrypt_cert_contents
-  when: letsencrypt_cert_exists.stat.exists
+  when: letsencrypt_cert_exists.stat.exists and letsencrypt_cert_list_exists.stat.exists
 
 - set_fact:
-    letsencrypt_cert_updated: "{{ (letsencrypt_cert_contents | changed) or (letsencrypt_cert_contents | failed) }}"
+    letsencrypt_cert_updated: "{{ not letsencrypt_cert_list_exists.stat.exists or (letsencrypt_cert_contents | changed) or (letsencrypt_cert_contents | failed) }}"
   when: letsencrypt_cert_exists.stat.exists