- name: Set up certificate for domain
  become: true
  vars:
    certificate_name: '{{ domain.name | default(domain) }}'
    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
  block:
    - name: Cache domain list
      ansible.builtin.template:
        src: domain_list.txt.j2
        dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
        owner: root
        group: root
        mode: '640'
      register: domain_list

    - name: 'Create certificate: {{ certificate_name }}'
      ansible.builtin.command: |
        certbot certonly --noninteractive --agree-tos \
            --cert-name '{{ certificate_name }}' \
            --email '{{ letsencrypt_email }}' \
            --domains '{{ certificate_domains | join(',') }}' \
            --preferred-challenges dns \
            --dns-digitalocean \
            --dns-digitalocean-credentials '{{ letsencrypt_credentials_ini }}' \
            --dns-digitalocean-propagation-seconds 30
      when: domain_list.changed