---
- name: Clone Certbot into configured directory.
  git:
    repo: "{{ certbot_repo }}"
    dest: "{{ certbot_dir }}"
    version: "{{ certbot_version }}"
    update: "{{ certbot_keep_updated }}"

- name: Ensure certbot-auto is executable.
  file:
    path: "{{ certbot_dir }}/certbot-auto"
    mode: 0755

- name: Stop nginx
  service:
    name: nginx
    state: stopped
  when: certbot_webserver == 'nginx'

- name: Stop apache2
  service:
    name: apache2
    state: stopped
  when: certbot_webserver == 'apache' and ansible_os_family == 'Debian'

- name: Stop httpd
  service:
    name: httpd
    state: stopped
  when: certbot_webserver == 'apache' and ansible_os_family == 'RedHat'

- name: Check if letsencrypt certificate file exists
  stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem"
  register: r_cert_domain

- name: Run certbot generation for each host
  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}"
  when: not r_cert_domain.stat.exists

- name: Run certbot generation for additional subdomains
  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}"
  with_items: "{{ certbot_subdomains }}"
  when: not r_cert_domain.stat.exists

- name: Start nginx
  service:
    name: nginx
    state: started
  when: certbot_webserver == 'nginx'

- name: Start apache2
  service:
    name: apache2
    state: started
  when: certbot_webserver == 'apache' and ansible_os_family == 'Debian'

- name: Start httpd
  service:
    name: httpd
    state: started
  when: certbot_webserver == 'apache' and ansible_os_family == 'RedHat'

- name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
    cron_file: certbot-cron
  when: certbot_auto_renew and certbot_webserver == 'nginx'

- name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
    cron_file: certbot-cron
  when: certbot_auto_renew and certbot_webserver == 'apache'  and ansible_os_family == 'Debian'

- name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service httpd stop' --post-hook 'service httpd start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
    cron_file: certbot-cron
  when: certbot_auto_renew and certbot_webserver == 'apache'  and ansible_os_family == 'RedHat'