---
- name: check if acme certs already exist
  loop: "{{ nginx_vhost.hostnames }}"
  loop_control:
    loop_var: acme_hostname
  stat:
    path: "/var/lib/acme/live/{{ acme_hostname }}"
  register: acme_cert_stat

- name: set acmecert_missing_hostnames variable
  set_fact:
    acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(nginx_vhost.hostnames) }}"

- name: link nonexistent hostnames to self-signed interim cert
  when: acmecert_missing_hostnames | length > 0
  block:
  - name: get id of existing selfsigned interim certificate
    command: cat /var/lib/acme/.selfsigned-interim-cert
    changed_when: false
    check_mode: false
    register: selfsigned_interim_cert_id

  - name: set selfsigned_interim_cert_id variable
    set_fact:
      selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}"

  - name: link to snakeoil cert for nonexistent hostnames
    loop: "{{ acmecert_missing_hostnames }}"
    loop_control:
      loop_var: acme_missing_hostname
    file:
      src: "../certs/{{ selfsigned_interim_cert_id }}"
      dest: "/var/lib/acme/live/{{ acme_missing_hostname }}"
      state: link

- name: make sure nginx config has been (re)loaded
  meta: flush_handlers

- name: get certificate using acmetool
  import_role:
    name: acmetool/cert
  vars:
    acmetool_cert_name: "{{ nginx_vhost.name }}"
    acmetool_cert_hostnames: "{{ nginx_vhost.hostnames }}"