From 0e950c67a24b6dfcf7474c0a7333e08407174404 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Sun, 31 May 2026 13:13:38 +0200
Subject: [PATCH] make it work on RH

---
 tasks/certbot.yml | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/tasks/certbot.yml b/tasks/certbot.yml
index 9d42334..1c4d889 100644
--- a/tasks/certbot.yml
+++ b/tasks/certbot.yml
@@ -1,4 +1,9 @@
 ---
+- name: debug
+  debug:
+    msg: "plop {{ apache_server_alias }}"
+  changed_when: true
+
 - name: install certbot
   package:
     name:
@@ -24,19 +29,17 @@
     state: restarted
   when: result.changed
 
+- name: "check if certificate already exists"
+  ansible.builtin.stat:
+    path: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
+  register: cert_stat
+
 - name: generate certificates for domaine and subdomains
   vars:
-    subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
-  command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
-  args:
-    creates: "{{ apache_ssl_chain }}"
-  when: apache_server_alias is defined
-
-- name: generate certificates
-  command: certbot certonly --agree-tos  --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
-  args:
-    creates: "{{ apache_ssl_chain }}"
-  when: apache_server_alias is not defined
+    domainlist: "{{  [ apache_server_name ] + apache_server_alias|default( '') }}"
+    subdomains: "-d {{ domainlist | join( ' -d ' ) }}"
+  command: certbot  certonly  --webroot --webroot-path {{ certbot_docroot }}  --agree-tos --non-interactive -m {{ certbot_email }} {{ subdomains }} --expand
+  when: not cert_stat.stat.exists
 
 - name: deploy ssl config file
   template: