- name: ensure certbot is installed
  package:
    name=certbot
    state=present

- name: ensure certbot group exists
  group:
    name=certbot
    system=yes
- name: ensure certbot user exists
  user:
    name=certbot
    group=certbot
    system=yes
    home=/var/lib/letsencrypt
    createhome=no
    state=present

- name: ensure certbot data directory exists
  file:
    path=/var/lib/letsencrypt
    mode=0755
    owner=certbot
    group=certbot
    state=directory
- name: ensure certbot log directory exists
  file:
    path=/var/log/letsencrypt
    mode=0755
    owner=certbot
    group=certbot
    state=directory

- name: ensure certbot webroot directory exits
  file:
    path=/var/www/certbot
    mode=0755
    owner=certbot
    group=certbot
    state=directory
- name: ensure apache is configured for certbot
  copy:
    src=certbot.httpd.conf
    dest=/etc/httpd/conf.d/certbot.conf
    mode=0644
  notify: reload httpd

- name: ensure certbot account is registered
  become: true
  become_user: certbot
  command:
    certbot register --config-dir /var/lib/letsencrypt
    --agree-tos --email {{ certbot_account_email }}
    creates=/var/lib/letsencrypt/accounts/acme-v01.api.letsencrypt.org

- name: ensure certbot certificate exists
  become: true
  become_user: certbot
  command:
    certbot certonly --config-dir /var/lib/letsencrypt
    --webroot --webroot-path /var/www/certbot
    {% for domain in certbot_domains %}
    -d {{ domain }}
    {% endfor %}
    creates=/var/lib/letsencrypt/live/{{ certbot_domains[0] }}/fullchain.pem

- name: ensure certbot service is configured
  template:
    src=certbot.sysconfig.j2
    dest=/etc/sysconfig/certbot
    mode=0644

- name: ensure certbot timer is enabled
  service:
    name=certbot-renew.timer
    enabled=yes
- name: ensure certbot timer is started
  service:
    name=certbot-renew.timer
    state=started