---
- name: Clone Certbot into configured directory.
  git:
    repo: "{{ certbot_repo }}"
    dest: "{{ certbot_dir }}"
    version: "{{ certbot_version }}"
    update: "{{ certbot_keep_updated }}"

- name: Ensure certbot-auto is executable.
  file:
    path: "{{ certbot_dir }}/certbot-auto"
    mode: 0755

- name: Include OS-specific variables.
  include_vars: "{{ ansible_os_family }}.yml"

- name: Stop nginx
  service:
    name: nginx
    state: stopped
  when: certbot_webserver == 'nginx'

- name: Stop apache
  service:
    name: "{{ apache_service }}"
    state: stopped
  when: certbot_webserver == 'apache'

- name: Check if letsencrypt certificate file exists
  stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem"
  register: r_cert_domain

- name: Run certbot generation for each host
  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}"
  when: not r_cert_domain.stat.exists

- name: Run certbot generation for additional subdomains
  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}"
  with_items: "{{ certbot_subdomains }}"
  when: not r_cert_domain.stat.exists

- name: Start nginx
  service:
    name: nginx
    state: started
  when: certbot_webserver == 'nginx'

- name: Start apache
  service:
    name: "{{ apache_service }}"
    state: started
  when: certbot_webserver == 'apache'

- name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
    cron_file: certbot-cron
  when: certbot_auto_renew and certbot_webserver == 'nginx'

- name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service {{ apache_service }} stop' --post-hook 'service {{ apache_service }} start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
    cron_file: certbot-cron
  when: certbot_auto_renew and certbot_webserver == 'apache'