certbot-auto was removed from the certbot repo by EFF in 2021 (see issue
#204), which leaves certbot_install_method: source broken — the existing
install-from-source.yml still references {{ certbot_dir }}/certbot-auto,
a path that no longer exists after the git clone.
This adds a new install method `pip` that follows EFF's recommended
install path (https://certbot.eff.org/instructions?os=pip): create a
Python venv at {{ certbot_dir }}, pip install certbot, symlink the
binary onto PATH at /usr/local/bin/certbot.
Plugins (e.g. certbot-dns-rfc2136, certbot-dns-cloudflare) can be
opted into per-host via a new certbot_pip_extra_packages list, which
installs additional pip packages into the same venv after certbot.
The legacy `source` method is left in place for backwards compatibility
but is now documented as deprecated in the README and defaults file.
Tested on Debian 12 and Debian 13.
The command that will create the certificates need the hook script
ansible.sh to exist before it is run, elsewise an error will occur in
case of first run on a new host.
(cherry picked from commit 2346cd52a262bf2fa89419f29abba0e8ea95cdb7)
- introduces a variable certbot_from_git
- adds install from package tasks
- makes a variable called certbot_script available (to handle certbot vs certbot-auto naming)
- fixes#18
this is a preparation for installing certbot from package management
additionally, it might be useful when further tasks are added, e.g. for initial certificate retrieval
