- include_tasks: common_cert.yml

- set_fact:
    external_challange_type: "{{ map_challange_type_letsencrypt[cert_backend.challange]|d(cert_backend.challange) }}"

- name: "get challange for {{ certname }}"
  acme_certificate: &acmetask
    force: "{{ task_generate_csr is changed }}"
    acme_version: 2
    terms_agreed: yes
    acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
    account_key: /etc/ssl/letsencrypt_account.key
    csr: "{{ cert.csrpath }}"
    dest: "{{ cert.certpath }}"
    fullchain_dest: "{{ cert.chainpath }}"
    remaining_days: "{{ cert_backend.remainingdays }}"
    challenge: "{{ external_challange_type }}"
    deactivate_authzs: yes
  register: challenge

- name: "setup challenge server for {{ certname }} (dns challange)"
  when:
  - challenge is changed
  - cert_backend.challange == "dns-01"
  delegate_to: "{{ item.0 }}"
  loop: "{{ cert_backend.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
  command:
    argv:
    - "/usr/local/bin/pdns.py"
    - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
    - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"

- name: "setup challenge server for {{ certname }} (manual dns challange)"
  when:
  - challenge is changed
  - cert_backend.challange == "dns-01-manual"
  loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
  debug:
    msg: "add the following dns record: '{{ item.key }}.': { TXT: {{ item.value }} }"

- name: wait for challenges in dns (manual dns challange)
  pause:
    prompt: "When the relevant lines were added to dns and synced, press enter"
  when:
  - challenge is changed
  - cert_backend.challange == "dns-01-manual"

- name: "setup challenge server for {{ certname }} (http challange)"
  when:
  - challenge is changed
  - cert_backend.challange == "http-01"
  delegate_to: "{{ item.0 }}"
  loop: "{{ cert_backend.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
  copy:
    dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
    content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"

- name: "get certificate {{ certname }}"
  acme_certificate:
    <<: *acmetask
    data: "{{ challenge }}"

- set_fact:
    certchanged: "{{ challenge is changed }}"
- name: handle postflight
  include: common_post.yml