computer-playbook/tasks/recieve-certbot-certificate.yml

- name: "recieve dedicated certificate for {{ domain }}"
  command: >-
    certbot certonly --agree-tos --email {{ administrator_email }}
    --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
    {{ '--test-cert' if mode_test | bool else '' }}
  when: 
    - not enable_wildcard_certificate | bool or not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
      # Wildcard certificate should not be used
      # OR: The domain is not a first-level subdomain of the primary domain

- name: "recieve wildcard certificate for *{{ primary_domain }}"
  command: >-
    certbot certonly --agree-tos --email {{ administrator_email }}                                          
    --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
    {{ '--test-cert' if mode_test | bool else '' }}
  when: 
    - enable_wildcard_certificate | bool  
      # Wildcard certificate is enabled
    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
      # AND: The domain is a direct first-level subdomain of the primary domain
    - run_once_recieve_certificate is not defined  
      # Ensure this task runs only once for the wildcard certificate
    - domain == primary_domain  
      # The domain is the primary domain

- name: "Cleanup dedicated cert for {{ domain }}"
  command: >-
    certbot delete --cert-name {{ domain }} --non-interactive
  when: 
    - mode_cleanup | bool  
      # Cleanup mode is enabled
    - enable_wildcard_certificate | bool  
      # Wildcard certificate is enabled
    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
      # AND: The domain is a direct first-level subdomain of the primary domain
    - domain != primary_domain  
      # The domain is not the primary domain
  ignore_errors: true

- name: run the recieve_certificate tasks once
  set_fact:
    run_once_recieve_certificate: true
  when: run_once_recieve_certificate is not defined
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`- name: "recieve dedicated certificate for {{ domain }}"`
Implemented test-run for certbot due to letsencrypt restrictions 2024-01-08 11:20:44 +01:00			`command: >-`
			`certbot certonly --agree-tos --email {{ administrator_email }}`
			`--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00			`{{ '--test-cert' if mode_test \| bool else '' }}`
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`when:`
Solved redirect bug 2025-02-04 11:01:00 +01:00			`- not enable_wildcard_certificate \| bool or not (domain.split('.') \| length == (primary_domain.split('.') \| length + 1) and domain.endswith(primary_domain))`
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`# Wildcard certificate should not be used`
			`# OR: The domain is not a first-level subdomain of the primary domain`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`- name: "recieve wildcard certificate for *{{ primary_domain }}"`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00			`command: >-`
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`certbot certonly --agree-tos --email {{ administrator_email }}`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00			`--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}`
			`{{ '--test-cert' if mode_test \| bool else '' }}`
Solved wildcard certificate for non-wildcard domains and network variable bug 2025-02-03 16:05:25 +01:00			`when:`
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`- enable_wildcard_certificate \| bool`
			`# Wildcard certificate is enabled`
			`- domain.split('.') \| length == (primary_domain.split('.') \| length + 1) and domain.endswith(primary_domain)`
			`# AND: The domain is a direct first-level subdomain of the primary domain`
			`- run_once_recieve_certificate is not defined`
			`# Ensure this task runs only once for the wildcard certificate`
Solved redirect bug 2025-02-04 11:01:00 +01:00			`- domain == primary_domain`
			`# The domain is the primary domain`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00
Optimized conditions for certificate cleanup 2025-01-29 17:15:30 +01:00			`- name: "Cleanup dedicated cert for {{ domain }}"`
Added cleanup mode for certs and solved peertube variable bug 2025-01-29 17:01:54 +01:00			`command: >-`
			`certbot delete --cert-name {{ domain }} --non-interactive`
Optimized conditions for certificate cleanup 2025-01-29 17:15:30 +01:00			`when:`
Solved mapping bugs 2025-02-03 22:08:16 +01:00			`- mode_cleanup \| bool`
			`# Cleanup mode is enabled`
			`- enable_wildcard_certificate \| bool`
			`# Wildcard certificate is enabled`
			`- domain.split('.') \| length == (primary_domain.split('.') \| length + 1) and domain.endswith(primary_domain)`
			`# AND: The domain is a direct first-level subdomain of the primary domain`
			`- domain != primary_domain`
			`# The domain is not the primary domain`
Optimized conditions for certificate cleanup 2025-01-29 17:15:30 +01:00			`ignore_errors: true`
Added cleanup mode for certs and solved peertube variable bug 2025-01-29 17:01:54 +01:00
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00			`- name: run the recieve_certificate tasks once`
			`set_fact:`
			`run_once_recieve_certificate: true`
			`when: run_once_recieve_certificate is not defined`