ansible/roles/x509/tasks/main.yml

---

- name: Install acme.sh
  ansible.builtin.shell:
    cmd: |
      set -o pipefail
      curl https://get.acme.sh | INSTALLONLINE=1 LE_WORKING_DIR=/etc/x509 sh  # noqa: command-instead-of-module
    executable: /bin/bash
    creates: /etc/x509

- name: Set default CA
  ansible.builtin.command: /etc/x509/acme.sh --set-default-ca  --server  letsencrypt
  register: acme_output
  changed_when: acme_output.rc != 0