letsencrypt: don't sort SANs

Sort them in the /etc status file only, for consistency. This should
allow users to supply the SANs in custom order, preserving the intended
main certificate domain (or whatever the technical term is).

2 files changed, 2 insertions, 2 deletions

diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml
index bc6e581..0ff74e9 100644
--- a/roles/letsencrypt/tasks/domain.yml
+++ b/roles/letsencrypt/tasks/domain.yml
@@ -2,7 +2,7 @@
   become: true
   vars:
     certificate_name: '{{ domain.name | default(domain) }}'
-    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
+    certificate_domains: "{{ domain.domains | default([certificate_name]) | unique }}"
   block:
     - name: Cache domain list
       ansible.builtin.template:
diff --git a/roles/letsencrypt/templates/domain_list.txt.j2 b/roles/letsencrypt/templates/domain_list.txt.j2
index d37e0bd..4641e2f 100644
--- a/roles/letsencrypt/templates/domain_list.txt.j2
+++ b/roles/letsencrypt/templates/domain_list.txt.j2
@@ -2,6 +2,6 @@
 
 {{ letsencrypt_email }}
 {{ letsencrypt_credentials_ini }}
-{% for domain in certificate_domains %}
+{% for domain in certificate_domains | sort %}
 {{ domain }}
 {% endfor %}