create separate files for domain configs

tasks/main.yml

@@ -21,6 +21,7 @@
     group: root
     mode: "755"
   loop:
+    - "{{ acme_ssl_dir }}"
     - "{{ acme_config_dir }}"
     - "{{ acme_certs_dir }}"
     - "{{ acme_csr_dir }}"
@@ -52,7 +53,23 @@
     dest: "{{ acme_config_file }}"
     owner: root
     group: root
-    mode: "600"
+    mode: "640"
+  tags: [acme_install, acme_config]
+
+- name: Copy ACME domain config files
+  copy:
+    content: "{{ domain | to_nice_yaml(indent=2) }}"
+    dest: "{{ acme_config_dir }}/{{ domain_name }}.yml"
+    owner: root
+    group: root
+    mode: "640"
+  loop: "{{ domains }}"
+  loop_control:
+    label: "{{ domain_name }}"
+  vars:
+    domains: (acme_domains.keys() | list) if acme_domains is mapping else acme_domains
+    domain_name: "{{ item if item is string else item.name }}"
+    domain: "{{ acme_domains[item] if item is string else item }}"
   tags: [acme_install, acme_config]
 
 - name: Create directory for certificate renewal tool
@@ -84,7 +101,7 @@
   tags: acme_install
 
 - name: Perform ACME challenge for each domain
-  command: acme-renew-cert -c {{ acme_config_file | quote }}
+  command: acme-renew-cert -c {{ acme_config_file | quote }} -d {{ acme_config_dir | quote }}
   changed_when: "'No domain to renew' not in _acme_challenge.stdout"
   register: _acme_challenge
   tags: acme_challenge
@@ -94,7 +111,7 @@
     user: root
     name: acme-renew-cert
     cron_file: acme-renew-cert
-    job: "{{ acme_script_bin }} -q -c {{ acme_config_file | quote }}"
+    job: "{{ acme_script_bin }} -q -c {{ acme_config_file | quote }} -d {{ acme_config_dir | quote }}"
     minute: "30"
     hour: "2"
     state: present