Solved another wildcard bug

library/cert_folder_find.py

@@ -7,9 +7,17 @@ import os
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.cert_utils import CertUtils
 
-def find_matching_folders(domain, cert_files, flavor, debug):
+def cert_folder_find(module):
-    exact_matches = []
+    domain = module.params['domain']
-    wildcard_matches = []
+    cert_base_path = module.params['cert_base_path']
+    debug = module.params['debug']
+
+    cert_files = CertUtils.list_cert_files(cert_base_path)
+
+    if debug:
+        print(f"Found {len(cert_files)} cert.pem files under {cert_base_path}")
+
+    matching_folders = []
 
     for cert_path in cert_files:
         cert_text = CertUtils.run_openssl(cert_path)
@@ -20,44 +28,24 @@ def find_matching_folders(domain, cert_files, flavor, debug):
             print(f"Checking {cert_path}: {sans}")
         for entry in sans:
             if CertUtils.matches(domain, entry):
-                folder = os.path.dirname(cert_path)
+                folder = os.path.basename(os.path.dirname(cert_path))
-                if entry.startswith('*.'):
+                matching_folders.append(folder)
-                    wildcard_matches.append(folder)
-                else:
-                    exact_matches.append(folder)
-
-    if flavor in ('san', 'dedicated'):
-        return exact_matches or wildcard_matches
-    elif flavor == 'wildcard':
-        return wildcard_matches or exact_matches
-    else:
-        return []
-
-def cert_folder_find(module):
-    domain = module.params['domain']
-    certbot_flavor = module.params['certbot_flavor']
-    cert_base_path = module.params['cert_base_path']
-    debug = module.params['debug']
-
-    cert_files = CertUtils.list_cert_files(cert_base_path)
-
                 if debug:
-        print(f"Found {len(cert_files)} cert.pem files under {cert_base_path}")
+                    print(f"Match found in folder: {folder}")
+                break  # No need to check further SANs for this cert
 
-    preferred = find_matching_folders(domain, cert_files, certbot_flavor, debug)
+    if not matching_folders:
+        # No matching cert found
+        module.exit_json(folder=None)
 
-    if not preferred:
+    # Prefer shortest and least-dashed folder name (SAN bundles often have more dashes)
-        module.fail_json(msg=f"No certificate covering domain {domain} found.")
+    matching_folders = sorted(matching_folders, key=lambda f: (f.count('-'), len(f)))
 
-    preferred = sorted(preferred, key=lambda p: (p.count('-'), len(p)))
+    module.exit_json(folder=matching_folders[0])
-    folder = os.path.basename(preferred[0])
-
-    module.exit_json(folder=folder)
 
 def main():
     module_args = dict(
         domain=dict(type='str', required=True),
-        certbot_flavor=dict(type='str', required=True),
         cert_base_path=dict(type='str', required=False, default='/etc/letsencrypt/live'),
         debug=dict(type='bool', required=False, default=False),
     )

roles/nginx-https-get-cert/tasks/main.yml

@@ -20,7 +20,6 @@
 - name: Find SSL cert folder for domain
   cert_folder_find:
     domain: "{{ domain }}"
-    certbot_flavor: "{{ certbot_flavor }}"
     cert_base_path: "{{ certbot_cert_path }}"
     debug: "{{ enable_debug | default(false) }}"
   register: cert_folder_result

tasks/constructor.yml

@@ -121,8 +121,6 @@
   include_role:
     name: client-wireguard
 
-
-
 ## backup setup
 - name: setup replica backup hosts
   when: ("backup_remote_to_local" in group_names)