---
- yum:
    name: certbot
    state: present

- name: Generate script
  template: src=letsencrypt-gen.sh dest=/root/letsencrypt-gen.sh mode=0700

- name: Generate letsencrypt certificate
  shell: /root/letsencrypt-gen.sh
  args:
    creates: "/etc/letsencrypt/live/{{ domain }}/cert.pem"

- name: Renew cert every day
  cron:
    name: Renew SSL certificate
    minute: 37
    hour: 3
    job: 'certbot renew --deploy-hook "cat $RENEWED_LINEAGE/privkey.key $RENEWED_LINEAGE/fullchain.pem > $RENEWED_LINEAGE/combined.pem" --pre-hook "systemctl stop haproxy" --post-hook "systemctl start haproxy"'