ansible/roles/nginx/tasks/letsencrypt.yml

---

- name: Generate certificate
  ansible.builtin.command:
    cmd: "/etc/x509/acme.sh --issue --domain {{ item.host }} --webroot {{ nginx_letsencrypt_dir }}"
    creates: "/etc/x509/{{ item.host }}*"
  environment:
    LE_WORKING_DIR: /etc/x509

- name: Get ecc certificate dir
  ansible.builtin.stat:
    path: "/etc/x509/{{ item.host }}_ecc/"
  register: _nginx_x509_ecc_current_dir

- name: Move ecc certificate
  ansible.builtin.copy:
    remote_src: true
    src: "/etc/x509/{{ item.host }}_ecc/"
    dest: "/etc/x509/{{ item.host }}/"
  when: _nginx_x509_ecc_current_dir.stat.exists

- name: Remove ecc certificate
  ansible.builtin.file:
    path: "/etc/x509/{{ item.host }}_ecc"
    state: absent