- name: Create {{ domain.name }} certificates directory
  file:
    path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
    state: directory
    owner: root
    group: root
    mode: "755"
  tags: selfsigned_install

- name: Generate private key for {{ domain.name }} certificate
  openssl_privatekey:
    path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "640"
    type: RSA
    size: 4096
  tags: selfsigned_config

- name: Generate CSR for {{ domain.name }} certificate
  openssl_csr:
    path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
    owner: root
    group: root
    mode: "644"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
    common_name: "{{ domain.name }}"
    subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
  tags: selfsigned_config

- name: Generate self-signed certificate
  openssl_certificate:
    path: "{{ acme_certs_dir }}/{{ domain.name }}.d/cert.pem" 
    csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
    provider: selfsigned 
    state: present
    owner: root 
    group: root
    mode: "644"