Removed unecessary application_id s

roles/srv-web-7-7-letsencrypt/tasks/main.yml

@@ -0,0 +1,21 @@
+- name: create nginx letsencrypt config file
+  template: 
+    src:  "letsencrypt.conf.j2"
+    dest: "{{nginx.directories.http.global}}letsencrypt.conf"
+  notify: restart nginx
+  when: run_once_letsencrypt is not defined
+
+- name: "Set CAA records for all base domains"
+  include_tasks: set-caa-records.yml
+  when:
+    - dns_provider == 'cloudflare'
+    - run_once_letsencrypt is not defined
+
+- name: flush nginx service
+  meta: flush_handlers
+  when: run_once_letsencrypt is not defined
+
+- name: run the letsencrypt logic just once
+  set_fact:
+    run_once_letsencrypt: true
+  when: run_once_letsencrypt is not defined

roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml

@@ -0,0 +1,15 @@
+---
+- name: "Ensure all CAA records are present"
+  community.general.cloudflare_dns:
+    api_token: "{{ certbot_dns_api_token }}"
+    zone:     "{{ item.0 }}"
+    record:   "@"
+    type:     CAA
+    flag:     0
+    tag:      "{{ item.1.tag }}"
+    value:    "{{ item.1.value }}"
+    ttl:      1
+    state:    present
+  loop: "{{ base_sld_domains | product(caa_entries) | list }}"
+  loop_control:
+    label: "{{ item.0 }} → {{ item.1.tag }}"