From cbf7e6fe6cf93851ad84597fb814ea3dcde9a783 Mon Sep 17 00:00:00 2001
From: Pierre-antoine Comby <comby@crans.org>
Date: Fri, 30 Oct 2020 17:01:47 +0100
Subject: [PATCH] run certbot if necessary

---
 ansible/roles/4-certbot/tasks/main.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ansible/roles/4-certbot/tasks/main.yml b/ansible/roles/4-certbot/tasks/main.yml
index 52bc0d67..dbd6e477 100644
--- a/ansible/roles/4-certbot/tasks/main.yml
+++ b/ansible/roles/4-certbot/tasks/main.yml
@@ -9,6 +9,11 @@
   retries: 3
   until: pkg_result is succeeded
 
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{note.server_name}}/cert.pem
+  register: letsencrypt_cert
+
 - name: Create /etc/letsencrypt/conf.d
   file:
     path: /etc/letsencrypt/conf.d
@@ -19,3 +24,17 @@
     src: "letsencrypt/conf.d/nk20.ini.j2"
     dest: "/etc/letsencrypt/conf.d/nk20.ini"
     mode: 0644
+
+- name: Stop services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: stopped
+
+- name: Generate new certificate if one doesn't exist.
+  shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/nk20.ini -d {{note.server_name}}"
+  when: letsencrypt_cert.stat.exists == False
+
+- name: Restart services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: started