provisioning/roles/certbot/tasks/main.yml

---
# main task for installing Let's Encrypt's certbot tool
# https://certbot.eff.org/#ubuntuxenial-other

- name: install certbot on ubuntu 16.04
  apt:
    state: latest
    package: "{{ item }}"
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - "letsencrypt"
  when: ansible_os_family == "Debian"

- name: create webroot /var/www/xai-corp.net
  file:
    state: directory
    path: /var/www/xai-corp.net

- name: create first certificates
  command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
  args:
    creates: /etc/letsencrypt/live/{{ item }}/cert.pem
  with_items:
    - xai-corp.net
    - www.xai-corp.net
    - dkregistry.xai-corp.net
    - sql.xai-corp.net
    - fs.xai-corp.net
    - dkhost.xai-corp.net
    - git.xai-corp.net
    - dkui.xai-corp.net
    - jenkins.xai-corp.net
    - logs.xai-corp.net
    - tripbuilder.xai-corp.net

- name: cron job for renewing certs
  cron:
    name: renew let's encrypt certificates
    state: present
    user: root
    day: "*/2"
    job: "letsencrypt renew "