From fa59772ab16809163302dbf235b1b170dd008765 Mon Sep 17 00:00:00 2001
From: Yoan Tournade <yoan@ytotech.com>
Date: Thu, 15 Feb 2018 23:59:05 +0100
Subject: [PATCH] Add a test for domain list change using grep

---
 tasks/create-cert-standalone.yml | 18 +++++++++++-------
 tasks/test-cert-exists.yml       | 21 +++++++++++++++++++++
 2 files changed, 32 insertions(+), 7 deletions(-)
 create mode 100644 tasks/test-cert-exists.yml

diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml
index b92faec..1e813d5 100644
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@@ -1,23 +1,27 @@
 ---
-- name: Check if certificate already exists.
-  stat:
-    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
-  register: letsencrypt_cert
+- name: Check if certificate exists or has been changed
+  import_tasks: test-cert-exists.yml
 
 - name: Stop services to allow certbot to generate a cert.
   service:
     name: "{{ item }}"
     state: stopped
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
   with_items: "{{ certbot_create_standalone_stop_services }}"
 
 - name: Generate new certificate if one doesn't exist.
   shell: "{{ certbot_create_command }}"
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
+
+- name: Persist domain list to host
+  copy:
+    content: "{{ cert_item.domains }}"
+    dest: /etc/letsencrypt/domains-{{ cert_item.domains | first }}
+  when: letsencrypt_cert_updated.rc != 0
 
 - name: Start services after cert has been generated.
   service:
     name: "{{ item }}"
     state: started
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
   with_items: "{{ certbot_create_standalone_stop_services }}"
diff --git a/tasks/test-cert-exists.yml b/tasks/test-cert-exists.yml
new file mode 100644
index 0000000..518f8b4
--- /dev/null
+++ b/tasks/test-cert-exists.yml
@@ -0,0 +1,21 @@
+---
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
+  register: letsencrypt_cert_exists
+
+- name: Check if certificate has changed.
+  command: grep -Fxq "{{ cert_item.domains }}" /etc/letsencrypt/domains-{{ cert_item.domains | first }}
+  register: letsencrypt_cert_updated
+  check_mode: no
+  ignore_errors: yes
+  changed_when: no
+  when: letsencrypt_cert_exists.stat.exists
+
+- debug:
+    msg: Not changed
+  when: letsencrypt_cert_updated.rc == 0
+
+- debug:
+    msg: Changed
+  when: letsencrypt_cert_updated.rc != 0