added support to restart services and for manual letsencrypt challange

tasks/letsencrypt_cert.yml

@@ -1,5 +1,8 @@
 - include_tasks: common_cert.yml
 
+- set_fact:
+    external_challange_type: "{{ map_challange_type_letsencrypt[certificates.backends.letsencrypt.challange]|d(certificates.backends.letsencrypt.challange) }}"
+
 - name: "get challange for {{ certname }}"
   acme_certificate: &acmetask
     force: "{{ task_generate_csr is changed }}"
@@ -11,7 +14,7 @@
     dest: "{{ cert.certpath }}"
     fullchain_dest: "{{ cert.chainpath }}"
     remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
-    challenge: "{{ certificates.backends.letsencrypt.challange }}"
+    challenge: "{{ external_challange_type }}"
     deactivate_authzs: yes
   register: challenge
 
@@ -27,6 +30,21 @@
     - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
     - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
 
+- name: "setup challenge server for {{ certname }} (manual dns challange)"
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "dns-01-manual"
+  loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
+  debug:
+    msg: "add the following dns record: '{{ item.key }}.': { TXT: '{{ item.value[0] }}' }"
+
+- name: wait for challenges in dns (manual dns challange)
+  pause:
+    prompt: "When the relevant lines were added to dns and synced, press enter"
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "dns-01-manual"
+
 - name: "setup challenge server for {{ certname }} (http challange)"
   when:
   - challenge is changed
@@ -41,3 +59,8 @@
   acme_certificate:
     <<: *acmetask
     data: "{{ challenge }}"
+
+- set_fact:
+    certchanged: "{{ challenge is changed }}"
+- name: handle postflight
+  include: common_post.yml