---

- name: apt install dns cloudflare
  become: yes
  apt: name="python3-certbot-dns-cloudflare"

- name: configure cloudflare credentials
  become: yes
  template:
    src: "cred.conf.j2"
    dest: "/etc/letsencrypt/cred.conf"
    mode: "0600"
    owner: "root"
    group: "root"

- name: make renewal dir
  become: yes
  file:
    path: "/etc/letsencrypt/renewal/"
    state: "directory"

- name: configure renewal
  become: yes
  template:
    src: "{{certbot_dns_cloudflare_conf}}"
    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
    mode: "0644"
    owner: "root"
    group: "root"

- name: check if cert exists
  become: yes
  stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem"
  register: cert

- name: run certbot
  become: yes
  command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf --cert-name {{certbot_dns_cloudflare_domain}} -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\""
  when: not cert.stat.exists
  changed_when: false