Add a test for domain list change using grep

tasks/create-cert-standalone.yml

@@ -1,23 +1,27 @@
 ---
-- name: Check if certificate already exists.
-  stat:
-    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
-  register: letsencrypt_cert
+- name: Check if certificate exists or has been changed
+  import_tasks: test-cert-exists.yml
 
 - name: Stop services to allow certbot to generate a cert.
   service:
     name: "{{ item }}"
     state: stopped
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
   with_items: "{{ certbot_create_standalone_stop_services }}"
 
 - name: Generate new certificate if one doesn't exist.
   shell: "{{ certbot_create_command }}"
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
+
+- name: Persist domain list to host
+  copy:
+    content: "{{ cert_item.domains }}"
+    dest: /etc/letsencrypt/domains-{{ cert_item.domains | first }}
+  when: letsencrypt_cert_updated.rc != 0
 
 - name: Start services after cert has been generated.
   service:
     name: "{{ item }}"
     state: started
-  when: not letsencrypt_cert.stat.exists
+  when: not letsencrypt_cert_exists.stat.exists
   with_items: "{{ certbot_create_standalone_stop_services }}"

tasks/test-cert-exists.yml

@@ -0,0 +1,21 @@
+---
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
+  register: letsencrypt_cert_exists
+
+- name: Check if certificate has changed.
+  command: grep -Fxq "{{ cert_item.domains }}" /etc/letsencrypt/domains-{{ cert_item.domains | first }}
+  register: letsencrypt_cert_updated
+  check_mode: no
+  ignore_errors: yes
+  changed_when: no
+  when: letsencrypt_cert_exists.stat.exists
+
+- debug:
+    msg: Not changed
+  when: letsencrypt_cert_updated.rc == 0
+
+- debug:
+    msg: Changed
+  when: letsencrypt_cert_updated.rc != 0