- name: Create {{ domain_name }} certificates directory
  file:
    path: "{{ acme_certs_dir }}/{{ domain_name }}.d"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "755"
  tags: acme_install

- name: Generate Let's Encrypt account key
  openssl_privatekey:
    path: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
    owner: root
    group: root
    mode: "600"
    type: RSA
    size: 4096
  tags: acme_account

- name: Generate Let's Encrypt private key for {{ domain_name }}
  openssl_privatekey:
    path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "640"
    type: RSA
    size: 4096

- name: Generate Let's Encrypt CSR for {{ domain_name }}
  openssl_csr:
    path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "644"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    common_name: "{{ domain_name }}"

# - name: Check if Let's Encrypt certificate already exists for {{ domain_name }}
#   stat:
#     path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
#   register: _acme_cert_file

# - name: Check Let's Encrypt certificate expiration date for {{ domain_name }}
#   openssl_certificate_info:
#     path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
#     valid_at: 
#       thirty_days: "+30d"
#   register: _acme_cert_validity
#   when: _acme_cert_file.stat.isreg is defined and _acme_cert_file.stat.isreg

- name: Begin Let's Encrypt challenges for {{ domain_name }}
  acme_certificate:
    acme_directory: "{{ acme_directory }}"
    acme_version: "{{ acme_version }}"
    account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
    account_email: "{{ acme_email }}"
    terms_agreed: yes
    challenge: http-01
    csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
    fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
    remaining_days: 30
  register: _acme_challenge
  # when: _acme_cert_validity is skipped or not _acme_cert_validity.valid_at.thirty_days

- debug:
    var: _acme_challenge

# - name: Implement and complete Let's Encrypt challenge for {{ domain_name }}
#   when: _acme_challenge is not skipped
#   block:
#   - name: Implement http-01 challenge files for {{ domain_name }}
#     copy:
#       content: "{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource_value }}"
#       dest: "{{ acme_challenge_dir }}/{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource }}"
#       owner: root
#       group: root
#       mode: "644"
  
#   - name: Complete Let's Encrypt challenges for {{ domain_name }}
#     acme_certificate:
#       acme_directory: "{{ acme_directory }}"
#       acme_version: "{{ acme_version }}"
#       account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
#       account_email: "{{ acme_email }}"
#       challenge: http-01
#       csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
#       dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
#       chain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/chain.pem"
#       fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
#       data: "{{ _acme_challenge }}"