- name: generate letsencrypt account key
  register: letsencrypt_account_key
  openssl_privatekey:
    path: /etc/ssl/letsencrypt_account.key
    size: 4096
    owner: root
    group: root
    mode: 0600

- name: register letsencrypt account
  when: letsencrypt_account_key is changed
  acme_account:
    account_key_src: /etc/ssl/letsencrypt_account.key
    state: present
    terms_agreed: yes
    acme_version: 2
    acme_directory: "https://acme-v02.api.letsencrypt.org/directory"

- name: ensure config folders exist
  file:
    path: /etc/letsencrypt/
    state: directory
    owner: root
    group: root
    mode: 0755

- name: generate letsencrypt auto renew ssh key
  register: letsencrypt_renewkey
  openssh_keypair:
    owner: root
    group: root
    path: /etc/letsencrypt/renewkey
    type: ed25519
    comment: "letsencrypt-renew@{{ inventory_hostname }}"

- name: copy challenge deployment script
  copy:
    src: letsencrypt_deploy_challenge.sh
    dest: /usr/local/bin/letsencrypt_deploy_challenge.sh
    owner: root
    group: root
    mode: 0755

- name: copy letsencrypt renew skript
  copy:
    src: letsencrypt_renew.sh
    dest: /usr/local/bin/letsencrypt_renew.sh
    owner: root
    group: root
    mode: 0755

- name: copy acme primitives
  copy:
    src: acme-primitives.py
    dest: /usr/local/bin/acme-primitives.py
    owner: root
    group: root
    mode: 0755