--- - name: Install lego ansible.legacy.unarchive: src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz dest: "{{ __lego_bin_dir }}" remote_src: True extra_opts: - "{{ __lego_bin_name }}" mode: "0750" - name: Create lego base dir ansible.builtin.file: path: "{{ __lego_base_dir }}/bin" state: directory owner: root group: root mode: "0750" - name: Create LetsEncrypt certificates directory ansible.builtin.file: path: "{{ __lego_base_dir }}/.lego/certificates" state: directory owner: root group: root mode: "0700" recurse: True - name: Obtain certificates for domains ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run' args: creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" environment: LEGO_SERVER: "{{ lego_acme_server }}/directory" LEGO_PATH: "{{ __lego_base_dir }}/.lego" CLOUDFLARE_API_TOKEN: "{{ lego_cloudflare_api_token }}" when: not item.skip_create | default(False) | bool loop: "{{ lego_certificates }}" loop_control: label: "{{ item.domains[0] }}" - name: Add cron scipt to renew certificates ansible.builtin.template: dest: "{{ __lego_base_dir }}/bin/cron_lego_renew.sh" mode: "0755" src: cron_lego_renew.sh.j2 - name: Add cron job to renew certificates ansible.builtin.cron: name: "lego-renew" cron_file: "lego-renew" job: "{{ __lego_base_dir }}/bin/cron_lego_renew.sh >> {{ __lego_base_dir }}/cron_lego_renew.log 2>&1" hour: 2 minute: 5 user: root