---
- name: Install certbot and nginx plugin
  apt:
    update_cache: true
    name:
      - certbot
      - python3-certbot-nginx
  register: pkg_result
  retries: 3
  until: pkg_result is succeeded

- name: Create /etc/letsencrypt/conf.d
  file:
    path: /etc/letsencrypt/conf.d
    state: directory
    mode: 0755

- name: Add Certbot configuration
  template:
    src: "letsencrypt/conf.d/certname.ini.j2"
    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
    mode: 0644
  register: certbot_config

- name: Stop services to allow certbot to generate a cert.
  service:
    name: nginx
    state: stopped
  when: certbot_config.changed

- name: Generate new certificate if the configuration changed
  shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
  when: certbot_config.changed

- name: Restart services to allow certbot to generate a cert.
  service:
    name: nginx
    state: started
  when: certbot_config.changed