---
- name: debug
  debug:
    msg: "plop {{ apache_server_alias }}"
  changed_when: true

- name: install certbot
  package:
    name:
     - certbot
     - "{{ apache_ssl_packages }}"

    state: present

- name: install apache config file without ssl
  vars:
    apache_use_ssl: false
  template:
    src: vhost.conf.jj
    dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
    mode: 0644
  notify: restart apache
  register: result

# cant use meta / flush handlers in conditionnals
- name: if needed, we restart apache
  service:
    name: "{{ apache_service_name}}"
    state: restarted
  when: result.changed

- name: "check if certificate already exists"
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
  register: cert_stat

- name: generate certificates for domaine and subdomains
  vars:
    domainlist: "{{  [ apache_server_name ] + apache_server_alias|default( '') }}"
    subdomains: "-d {{ domainlist | join( ' -d ' ) }}"
  command: certbot  certonly  --webroot --webroot-path {{ certbot_docroot }}  --agree-tos --non-interactive -m {{ certbot_email }} {{ subdomains }} --expand
  when: not cert_stat.stat.exists

- name: deploy ssl config file
  template:
    src: ssl.conf
    dest: "{{ apache_config_dir }}"
  notify: restart apache

- name: create cronjob for renewal
  cron:
    name: certbot
    cron_file: certbot
    user: root
    hour: "01"
    minute: "00"
    weekday: "6"
    job: "/usr/bin/certbot renew"