---
- block:
    - name: Ensur target directories exist for certificate files
      file:
        name: "{{ item.dest | dirname }}"
        state: directory
        mode: 0755
      loop: "{{ nginx_tls_certificates + nginx_tls_certificates_extra }}"
      loop_control:
        label: "{{ item.dest }}"

    - name: Copy certificate files
      copy:
        src: "{{ item.source }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode | default('0600') }}"
        owner: "{{ item.owner | default('root') }}"
      loop: "{{ nginx_tls_certificates + nginx_tls_certificates_extra }}"
      loop_control:
        label: "{{ item.dest }}"
      notify: __nginx_reload

    - name: Create Diffie-Hellman Parameter
      openssl_dhparam:
        path: "{{ nginx_tls_dhparam_file }}"
        size: "{{ nginx_tls_dhparam_size }}"
      when: nginx_tls_dhparam_file is defined

    - name: Update tls.conf
      template:
        src: etc/nginx/conf.d/tls.conf.j2
        dest: /etc/nginx/conf.d/tls.conf
        owner: root
        group: root
        mode: 0640
      notify: __nginx_reload
  become: True
  become_user: root