CertBot + Ansible

main.yml

# tasks/main.yml

- name: install certbot dependencies
  apt: name={{ item }} state=present
  with_items:
    - build-essential
    - libssl-dev
    - libffi-dev
    - python-dev
    - git
    - python-pip
    - python-virtualenv
    - dialog
    - libaugeas0
    - ca-certificates
- name: install Python cryptography module
  pip: name=cryptography

- name: download certbot
  become: yes
  become_user: '{{ deploy_user }}'
  get_url: >
    url=https://dl.eff.org/certbot-auto
    dest=/home/{{ deploy_user }}/certbot-auto

- name: chcek if we've generated a cert already
  stat: path=/etc/letsencrypt/live/switchboard.chat/fullchain.pem
  register: cert_stats

- name: generate certs (first time)
  become: yes
  # become_user: '{{ deploy_user }}'
  shell: "/home/{{ deploy_user }}/certbot-auto certonly --standalone {{ letsencrypt_domain_flags | join(' ') }} --email {{ letsencrypt_email}} --non-interactive --agree-tos"
  when: cert_stats.stat.exists == False

- name: generate certs (subsequent time)
  become: yes
  # become_user: '{{ deploy_user }}'
  shell: "/home/{{ deploy_user }}/certbot-auto certonly --webroot -w /home/{{ deploy_user }}/www/switchboard.chat/current/public {{ letsencrypt_domain_flags | join(' ') }} --email {{ letsencrypt_email}} --non-interactive --agree-tos"
  when: cert_stats.stat.exists == True

- name: hup nginx
  service: name=nginx state=reloaded