Handle letsencrypt certificates

tasks/letsencrypt.yml

+---
+# file: roles/drupal/tasks/letsencrypt.yml
+
+- set_fact: filename='/etc/letsencrypt/live/{{ item.1.domain }}/cert.pem'
+
+- name: "Check LetsEncrypt Requirement"
+  shell: ls {{ filename }}
+  register: cert_available
+  failed_when: false
+
+- name: "Renew Existing Cert"
+  shell: /opt/letsencrypt/letsencrypt-auto renew -d {{ item.1.domain }}
+  when: cert_available is defined and cert_available.stdout == filename
+
+- name: "Temporarily Disable Site"
+  command: a2dissite {{ item.1.domain }}
+  when: cert_available is defined and cert_available.stdout != filename
+
+- name: "Install New Cert"
+  shell: /opt/letsencrypt/letsencrypt-auto certonly -d {{ item.1.domain }} --apache --text --email {{ apache_server_admin }} --agree-tos --redirect
+  when: cert_available is defined and cert_available.stdout != filename
+
+- name: "Re-enable Site"
+  command: a2ensite {{ item.1.domain }}
+  when: cert_available is defined and cert_available.stdout != filename
+  notify:
+    - "Apache | Restart Apache"

tasks/main.yml

@@ -5,3 +5,10 @@
   include: install.yml
   with_items: drupal_settings
   when: drupal_install_drupal
+
+- name: "LetsEncrypt Certificates"
+  include: letsencrypt.yml
+  with_subelements:
+    - drupal_settings
+    - domains
+  when: item.1.protocol|default("https") == "https" and item.1.letsencrypt|default("true")