---

- include_tasks: key.yml
- include_tasks: csr.yml

- name: letsencrypt account private key
  openssl_privatekey:
    path: "{{certificate_letsencrypt_account_key_file}}"
    type: RSA
    size: 4096

- name: letsencrypt request
  acme_certificate:
    account_key_src: "{{certificate_letsencrypt_account_key_file}}"
    csr: "{{certificate_signing_request_file}}"
    dest: "{{certificate_file}}"
    chain_dest: "{{ certificate_chain_file }}"
    fullchain_dest: "{{ certificate_fullchain_file }}"
    challenge: http-01
    acme_directory: https://acme-v02.api.letsencrypt.org/directory
    acme_version: 2
    terms_agreed: yes
  register: _letsencrypt_request

- block:

    - name: acme http directory
      file:
        path: /var/www/default/.well-known/acme-challenge
        state: directory
    - name: copy acme challenge resource
      copy:
        dest: /var/www/default/{{ item.resource }}
        content: "{{ item.resource_value }}"
      with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"
    - name: letsencrypt certificate
      acme_certificate:
        account_key_src: "{{certificate_letsencrypt_account_key_file}}"
        csr: "{{certificate_signing_request_file}}"
        dest: "{{certificate_file}}"
        chain_dest: "{{ certificate_chain_file }}"
        fullchain_dest: "{{ certificate_fullchain_file }}"
        challenge: http-01
        acme_directory: https://acme-v02.api.letsencrypt.org/directory
        acme_version: 2
        terms_agreed: yes
        data: "{{ _letsencrypt_request }}"
      register: _letsencrypt
      
  when: _letsencrypt_request.changed