--- - meta: flush_handlers - name: "Issue certificate for {{ domain }}" become_user: "{{ acme_system_user }}" command: >- ./acme.sh --issue --home {{ acme_installation_directory | quote }} --config-home {{ acme_configuration_directory | quote }} --domain "{{ domain | quote }}" --webroot "{{ nginx_validation_root_directory | quote }}" --ecc --ocsp-must-staple args: chdir: "{{ acme_installation_directory }}" register: acme_issue_result changed_when: acme_issue_result.rc != 2 or "Domains not changed" not in acme_issue_result.stdout failed_when: acme_issue_result.rc != 0 and "Domains not changed" not in acme_issue_result.stdout - name: "Install certificate for {{ domain }}" become_user: "{{ acme_system_user }}" command: >- ./acme.sh --install-cert --home {{ acme_installation_directory | quote }} --config-home {{ acme_configuration_directory | quote }} --domain "{{ domain | quote }}" --key-file "{{ acme_key_location | quote }}" --fullchain-file "{{ acme_certificate_location | quote }}" --reloadcmd "systemctl force-reload nginx" args: chdir: "{{ acme_installation_directory }}" creates: "{{ acme_key_location }}" register: acme_install_result failed_when: acme_install_result.rc != 0 and "Reload error for" not in acme_install_result.stderr