From f7824318c2210e765ec8f62f01d35603c73e52af Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 17 May 2016 14:56:15 +0200
Subject: [PATCH] Improve letsencrypt renewal

---
 tasks/letsencrypt.yml | 18 ++++++++++++++----
 tasks/main.yml        |  5 ++---
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/tasks/letsencrypt.yml b/tasks/letsencrypt.yml
index 3910627..cb04e59 100644
--- a/tasks/letsencrypt.yml
+++ b/tasks/letsencrypt.yml
@@ -8,9 +8,19 @@
   register: cert_available
   failed_when: false
 
-#- name: "Stop HAProxy"
-#  service: name=haproxy state=stopped
+- block:
+
+  - name: "Stop HAProxy"
+    service:
+      name='haproxy'
+      state='stopped'
+
+  - name: "Install New Cert"
+    shell: /opt/letsencrypt/letsencrypt-auto certonly -d {{ item.domain }} -d www.{{ item.domain }} --standalone --text --email {{ apache_server_admin|default('admin@paragon-es.de') }} --agree-tos --redirect
+
+  - name: "Start HAProxy"
+    service:
+      name='haproxy'
+      state='started'
 
-- name: "Install New Cert"
-  shell: /opt/letsencrypt/letsencrypt-auto certonly -d {{ item.domain }} -d www.{{ item.domain }} --standalone --text --email {{ apache_server_admin|default('admin@paragon-es.de') }} --agree-tos --redirect
   when: cert_available is defined and cert_available.stdout != filename
diff --git a/tasks/main.yml b/tasks/main.yml
index d3333fd..5c9280e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,14 +6,13 @@
     include: letsencrypt.yml
     with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
 
-    # Renewing certificates is only possible generelly, not individually.
   - name: "Renew Existing Cert"
-    shell: /opt/letsencrypt/letsencrypt-auto renew
-    ignore_errors: true
+    include: '../../letsencrypt/tasks/renew.yml'
 
   - name: "Create PEM file for HaProxy"
     shell: cat /etc/letsencrypt/live/{{ item.domain }}/fullchain.pem /etc/letsencrypt/live/{{ item.domain }}/privkey.pem > /etc/haproxy/certs/{{ item.domain }}.pem
     with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
+    notify: "Proxy | Restart HAProxy"
 
   when: '"letsencrypt" not in excluded_roles'
 
-- 
GitLab