---
- name: install certbot
  package:
    name:
     - certbot
     - mod_ssl

    state: present

- name: install apache config file without ssl
  vars:
    apache_use_ssl: false
  template:
    src: vhost.conf.jj
    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
    mode: 0644
  notify: restart apache
  register: result

# cant use meta / flush handlers in conditionnals
- name: if needed, we restart apache
  service:
    name: httpd
    state: restarted
  when: result.changed

- name: generate certificates for domaine and subdomains
  vars:
    subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
  command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
  args:
    creates: "{{ apache_ssl_chain }}"
  when: apache_server_alias is defined

- name: generate certificates
  command: certbot certonly --agree-tos  --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
  args:
    creates: "{{ apache_ssl_chain }}"
  when: apache_server_alias is not defined

- name: deploy ssl config file
  template:
    src: ssl.conf
    dest: /etc/httpd/conf.d
  notify: restart apache

- name: create cronjob for renewal
  cron:
    name: certbot
    cron_file: certbot
    user: root
    hour: "01"
    minute: "00"
    weekday: "6"
    job: "/usr/bin/certbot renew"