- name: Request SSL certifiate to letsencrypt
  block:
  - name: Obtain or renew SSL certificate for {{ cert_domain }}
    ansible.builtin.shell: |
      docker compose -f {{ dest_dir }}/srcs/docker-compose.yml run --rm --entrypoint \
      "certbot certonly --test-cert -d {{ cert_domain }} --webroot --webroot-path /var/www/certbot --agree-tos" certbot
    args:
      executable: /bin/bash
      creates: "{{ dest_dir }}/srcs/nginx/conf/{{ cert_domain }}/fullchain.pem"
    register: certbot_result
    changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
    when: cert_domain is defined
    ignore_errors: True

  - name: Restart nginx
    ansible.builtin.shell: |
      docker compose -f {{ dest_dir }}/srcs/docker-compose.yml exec nginx nginx -s reload
    ignore_errors: True

  - name: Start certbot auto-renew
    ansible.builtin.shell: |
      docker compose -f {{ dest_dir }}/srcs/docker-compose.yml up certbot -d -y
    ignore_errors: True
  when: not is_local