- name: Create {{ domain_name }} certificates directory
  file:
    path: "{{ acme_certs_dir }}/{{ domain_name }}.d"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "755"
  tags: acme_install

- name: Generate Let's Encrypt account key
  openssl_privatekey:
    path: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
    owner: root
    group: root
    mode: "600"
    type: RSA
    size: 4096
  tags: acme_account

- name: Generate Let's Encrypt private key for {{ domain_name }}
  openssl_privatekey:
    path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "640"
    type: RSA
    size: 4096

- name: Generate Let's Encrypt CSR for {{ domain_name }}
  openssl_csr:
    path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "644"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    common_name: "{{ domain_name }}"

- name: Begin Let's Encrypt challenges for {{ domain_name }}
  acme_certificate:
    acme_directory: "{{ acme_directory }}"
    acme_version: "{{ acme_version }}"
    account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
    account_email: "{{ acme_email }}"
    terms_agreed: yes
    challenge: http-01
    csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
    fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
    remaining_days: 30
  register: _acme_challenge

- name: Implement and complete Let's Encrypt challenge for {{ domain_name }}
  when: _acme_challenge is changed
  block:
  - name: Implement http-01 challenge files for {{ domain_name }}
    copy:
      content: "{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource_value }}"
      dest: "{{ acme_challenge_dir }}/{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource }}"
      owner: root
      group: root
      mode: "644"
  
  - name: Complete Let's Encrypt challenges for {{ domain_name }}
    acme_certificate:
      acme_directory: "{{ acme_directory }}"
      acme_version: "{{ acme_version }}"
      account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
      account_email: "{{ acme_email }}"
      challenge: http-01
      csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
      dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
      chain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/chain.pem"
      fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
      data: "{{ _acme_challenge }}"