♻: manage san for certificate/domain/sni routing

roles/nginx/tasks/acme.yml

@@ -2,7 +2,7 @@
 
 - name: Issue certificate
   ansible.builtin.command:
-    cmd: "/etc/x509/acme.sh --issue --domain {{ host.host }} --webroot {{ nginx_letsencrypt_dir }} --reloadcmd \"{{ acme_reload_cmd | default('systemctl reload nginx.service') }}\""
+    cmd: "/etc/x509/acme.sh --issue --domain {{ host.host }} {{ ['--domain'] | product(host.san | default([])) | map('join', ' ') | join(' ') }} --webroot {{ nginx_letsencrypt_dir }} --reloadcmd \"{{ acme_reload_cmd | default('systemctl reload nginx.service') }}\""
     creates: "/etc/x509/{{ host.host }}*"
   environment:
     LE_WORKING_DIR: "/etc/x509"

roles/nginx/tasks/main.yml

@@ -46,7 +46,7 @@
 
 - name: Include acme auto cert
   ansible.builtin.include_tasks: acme.yml
-  loop: "{{ web_hostname | rejectattr('acme_unmanaged', 'defined') }}"
+  loop: "{{ web_hostname }}"
   loop_control:
     loop_var: "host"