- name: "recieve dedicated certificate for {{ domain }}"
command: >-
certbot certonly --agree-tos --email {{ administrator_email }}
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
{{ '--test-cert' if mode_test | bool else '' }}
when:
- not enable_wildcard_certificate | bool or not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
# Wildcard certificate should not be used
# OR: The domain is not a first-level subdomain of the primary domain
- name: "recieve wildcard certificate for *{{ primary_domain }}"
command: >-
certbot certonly --agree-tos --email {{ administrator_email }}
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
{{ '--test-cert' if mode_test | bool else '' }}
when:
- enable_wildcard_certificate | bool
# Wildcard certificate is enabled
- domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# AND: The domain is a direct first-level subdomain of the primary domain
- run_once_recieve_certificate is not defined
# Ensure this task runs only once for the wildcard certificate
- domain == primary_domain
# The domain is the primary domain
- name: "Cleanup dedicated cert for {{ domain }}"
command: >-
certbot delete --cert-name {{ domain }} --non-interactive
when:
- mode_cleanup | bool
# Cleanup mode is enabled
- enable_wildcard_certificate | bool
# Wildcard certificate is enabled
- domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# AND: The domain is a direct first-level subdomain of the primary domain
- domain != primary_domain
# The domain is not the primary domain
ignore_errors: true
- name: run the recieve_certificate tasks once
set_fact:
run_once_recieve_certificate: true
when: run_once_recieve_certificate is not defined