- include_tasks: common_cert.yml

- name: "get challange for {{ certname }}"
  acme_certificate: &acmetask
    force: "{{ task_generate_csr is changed }}"
    acme_version: 2
    terms_agreed: yes
    acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
    account_key: /etc/ssl/letsencrypt_account.key
    csr: "{{ cert.csrpath }}"
    dest: "{{ cert.certpath }}"
    fullchain_dest: "{{ cert.chainpath }}"
    remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
    challenge: "{{ certificates.backends.letsencrypt.challange }}"
    deactivate_authzs: yes
  register: challenge

- name: "setup challenge server for {{ certname }} (dns challange)"
  when:
  - challenge is changed
  - certificates.backends.letsencrypt.challange == "dns-01"
  delegate_to: "{{ item.0 }}"
  loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
  command:
    argv:
    - "/usr/local/bin/pdns.py"
    - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
    - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"

- name: "setup challenge server for {{ certname }} (http challange)"
  when:
  - challenge is changed
  - certificates.backends.letsencrypt.challange == "http-01"
  delegate_to: "{{ item.0 }}"
  loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
  copy:
    dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
    content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"

- name: "get certificate {{ certname }}"
  acme_certificate:
    <<: *acmetask
    data: "{{ challenge }}"