From cc9c24c195d73e81dc4c2b3029de0da6ccf9b817 Mon Sep 17 00:00:00 2001
From: Stanislav German-Evtushenko <ginermail@gmail.com>
Date: Thu, 23 Jan 2020 09:36:52 +0900
Subject: [PATCH] Do not try to stop services which don't exist yet

This solves a chicken and egg problem where a certificate needed for a service
to run does not exist yet and certbot role fails on stopping a service which is
not yet installed.
---
 tasks/create-cert-standalone.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index 6f25b8a..bda0e95 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -4,12 +4,15 @@
     path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
   register: letsencrypt_cert
 
+- name: Populate service facts
+  service_facts:
+
 - name: Stop services to allow certbot to generate a cert.
   service:
     name: "{{ item }}"
     state: stopped
   when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"
+  with_items: "{{ certbot_create_standalone_stop_services | intersect(services) }}"
 
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
@@ -20,4 +23,4 @@
     name: "{{ item }}"
     state: started
   when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"
+  with_items: "{{ certbot_create_standalone_stop_services | intersect(services) }}"