More cert fixes.
--- a/certbot-dns-cloudflare/tasks/main.yaml Thu May 29 20:01:29 2025 -0500
+++ b/certbot-dns-cloudflare/tasks/main.yaml Thu May 29 21:34:48 2025 -0500
@@ -13,20 +13,21 @@
owner: "root"
group: "root"
-- name: make renewal dir
- become: yes
- file:
- path: "/etc/letsencrypt/renewal/"
- state: "directory"
+# - name: make renewal dir
+# become: yes
+# file:
+# path: "/etc/letsencrypt/renewal/"
+# state: "directory"
-- name: configure renewal
- become: yes
- template:
- src: "{{certbot_dns_cloudflare_conf}}"
- dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
- mode: "0644"
- owner: "root"
- group: "root"
+## I dont think this is needed anymore. I think it get's installed automatically now.
+# - name: configure renewal
+# become: yes
+# template:
+# src: "letsencrypt.conf.j2"
+# dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
+# mode: "0644"
+# owner: "root"
+# group: "root"
- name: check if cert exists
become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 Thu May 29 21:34:48 2025 -0500
@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 2.9.0
+archive_dir = /etc/letsencrypt/archive/{{certbot_dns_cloudflare_domain}}
+cert = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem
+privkey = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/privkey.pem
+chain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/chain.pem
+fullchain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = {{certbot_account}}
+authenticator = dns-cloudflare
+dns_cloudflare_credentials = /etc/letsencrypt/cred.conf
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa
--- a/prosody/templates/prosody.sh.j2 Thu May 29 20:01:29 2025 -0500
+++ b/prosody/templates/prosody.sh.j2 Thu May 29 21:34:48 2025 -0500
@@ -1,3 +1,3 @@
#! /bin/bash
-prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/fullchain.pem
+prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/