---
  - name: Install certbot dependencies
    become: true
    apt:
      pkg: "{{item}}"
      state: present
    with_items:
      - augeas-lenses
      - ca-certificates
      - dialog
      - gcc
      - libaugeas0
      - libffi-dev
      - libpython-dev
      - libpython2.7-dev
      - libssl-dev
      - python
      - python-dev
      - python-setuptools
      - python-virtualenv
      - python2.7-dev

  - name: "Create certbot dir"
    become: true
    file:
      path: "{{certbot_dir}}"
      state: directory
      mode: 0755

  - name: Get certbot
    become: true
    get_url:
      url: "https://dl.eff.org/certbot-auto"
      dest: "{{certbot_dir}}/certbot-auto"
      mode: a+x

  - name: shutdown webserver for standalone mode
    debug: msg="Shutdown webserver"
    notify: stop webserver
    changed_when: true

  - meta: flush_handlers

  - name: "wait for webserver to stop"
    wait_for:
      port: 80
      delay: 1
      state: stopped

  - name: Run default
    when: le_ssl_certs is not defined
    become: true
    command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"

  - name: Generate SSL Certificates
    when: le_ssl_certs is defined
    become: true
    with_items: "{{le_ssl_certs}}"
    command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"

  - name: Update nginx default options
    when: "'nginx' in role_names"
    get_url:
      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf
      dest: /etc/letsencrypt/options-ssl-nginx.conf

  - name: Update apache default options
    when: "'apache' in role_names"
    get_url:
      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
      dest: /etc/letsencrypt/options-ssl-apache.conf

  - name: start webserver after standalone mode
    debug: msg="Startup webserver"
    notify: start webserver
    changed_when: true

  - name: Setup cron job to auto renew
    become: true
    cron:
      name: Auto-renew SSL
      job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade"
      hour: 0
      minute: 33
      state: present