---
# main task for installing Let's Encrypt's certbot tool
# https://certbot.eff.org/#ubuntuxenial-other

- name: install certbot on ubuntu 16.04
  apt:
    state: latest
    package: "{{ item }}"
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - "letsencrypt"
  when: ansible_os_family == "Debian"

- name: create webroot /var/www/xai-corp.net
  file:
    state: directory
    path: /var/www/xai-corp.net

- name: create first certificates
  command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
  args:
    creates: /etc/letsencrypt/live/{{ item }}/cert.pem
  with_items: "{{certbot.domains}}"


- name: cron job for renewing certs
  cron:
    name: renew let's encrypt certificates
    state: present
    user: root
    day: "*/2"
    job: "letsencrypt renew "