diff --git a/defaults/main.yml b/defaults/main.yml index bba711a..1a49cbc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,7 +35,7 @@ certbot_create_command: >- --email {{ cert_item.email | default(certbot_admin_email) }} {{ '--webroot-path ' if certbot_create_method == 'webroot' else '' }} {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }} - -d {{ cert_item.domains | join(',') }} + --domains {{ cert_item.domains | join(',') }} --expand {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services' if certbot_create_standalone_stop_services else '' }} diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml index 1d1f979..7f291e5 100644 --- a/tasks/create-cert-standalone.yml +++ b/tasks/create-cert-standalone.yml @@ -1,8 +1,19 @@ --- +- name: Get installed certificates. + shell: | + {{ certbot_script }} certificates | grep "Domains:" | awk '{ gsub(/ Domains: /,""); print }' + changed_when: false + register: letsencrypt_certs + +- name: Set cert_exists to false (to check if cert exists). + set_fact: + cert_exists: false + - name: Check if certificate already exists. - stat: - path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem - register: letsencrypt_cert + set_fact: + cert_exists: true + when: cert_item.domains | sort | difference(item) == [] + with_list: "{{ letsencrypt_certs.stdout_lines }}" - name: Ensure pre and post hook folders exist. file: @@ -39,4 +50,4 @@ - name: Generate new certificate if one doesn't exist. command: "{{ certbot_create_command }}" - when: not letsencrypt_cert.stat.exists + when: not cert_exists