--- - name: Check if certificate already exists. stat: path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem register: letsencrypt_cert - name: Ensure pre,post,deploy hook folders exist. file: path: /etc/letsencrypt/renewal-hooks/{{ item }} state: directory mode: 0755 owner: root group: root with_items: - deploy - name: Create deploy hook to execute tasks post cert generatation. template: src: deploy_hook.j2 dest: /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh owner: root group: root mode: 0750 when: - certbot_create_dns_deploy_hook_services is defined - name: "Create DNS RFC {{ certbot_dns_plugin }} Credentials File." template: src: dns_plugin_credentials.j2 dest: "{{ certbot_dns_credentials_file }}" owner: root group: root mode: 0600 when: - certbot_dns_plugin is in certbot_supported_dns_plugins - name: Upload custom dns credential file copy: src: "{{ certbot_dns_credentials_custom_file }}" dest: "{{ certbot_dns_credentials_file }}" state: file mode: 0600 owner: root group: root when: - certbot_dns_plugin != 'rfc2136' - certbot_dns_credentials_custom_file is defined - name: Generate new certificate if one doesn't exist. command: "{{ certbot_dns_create_command }}" when: not letsencrypt_cert.stat.exists