ansible/roles/letsencrypt/tasks/main.yml in subspace-3.0.0.rc1 vs ansible/roles/letsencrypt/tasks/main.yml in subspace-3.0.0

@@ -39,51 +39,45 @@
     wait_for:
       port: 80
       delay: 1
       state: stopped
 
-  - name: Run default
-    when: le_ssl_certs is not defined
+  - name: Generate SSL Certificate
     become: true
-    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --cert-name {{server_name}} --standalone --agree-tos --expand --non-interactive"
+    command:
+      argv:
+        - "{{ certbot_bin }}"
+        - certonly
+        - "--email"
+        - "{{ letsencrypt_email }}"
+        - "--domains"
+        - "{{ le_ssl_cert.domains | join(',') }}"
+        - "--preferred-challenges"
+        - "{{ le_ssl_cert.preferred_challenges }}"
+        - "--cert-name"
+        - "{{ le_ssl_cert.cert_name }}"
+        - "--{{ le_ssl_cert.plugin }}"
+        - "--manual-auth-hook=/bin/yes"
+        - "--agree-tos"
+        - "--expand"
+        - "--non-interactive"
 
-  - name: Generate SSL Certificates
-    become: true
-    with_items: "{{le_ssl_certs|default([])}}"
-    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
-
   - name: Update nginx default options
     when: "'nginx' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
       dest: /etc/letsencrypt/options-ssl-nginx.conf
 
-  - name: Update apache default options
-    when: "'apache' in role_names"
-    get_url:
-      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
-      dest: /etc/letsencrypt/options-ssl-apache.conf
-
   - name: start webserver after standalone mode
     debug: msg="Startup webserver"
     notify: start webserver
     changed_when: true
 
   - name: Set path at top of crontab
     cron:
       name: PATH
       env: yes
       job: /usr/bin:/bin:/usr/sbin
-
-  - name: Setup cron job to auto renew
-    become: true
-    when: "'apache' in role_names"
-    cron:
-      name: Auto-renew SSL
-      job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
-      hour: "0"
-      minute: "33"
-      state: present
 
   - name: Setup cron job to auto renew
     become: true
     when: "'nginx' in role_names"
     cron: