add pre/post hook

defaults/main.yml

@@ -21,7 +21,8 @@ certbot_certs: []
 #     - example3.com
 certbot_create_command: >-
   {{ certbot_script }} certonly --standalone --noninteractive --agree-tos
-  {% if certbot_cert_name %} --cert-name {{certbot_cert_name}} {%endif%} --email {{ cert_item.email | default(certbot_admin_email) }}
+  {% if certbot_cert_name %} --cert-name {{certbot_cert_name}} {%endif%}
+  --email {{ cert_item.email | default(certbot_admin_email) }}
   -d {{ cert_item.domains | join(',') }}
 
 certbot_create_standalone_stop_services:

meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Mon Apr 19 11:35:02 2021
+version: ''

meta/main.yml

@@ -2,32 +2,9 @@
 dependencies: []
 
 galaxy_info:
-  author: geerlingguy
+  role_name: certbot
+  author: vincentdcmps
   description: "Installs and configures Certbot (for Let's Encrypt)."
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
   min_ansible_version: 2.4
-  platforms:
-    - name: EL
-      versions:
-        - 6
-        - 7
-    - name: Fedora
-      versions:
-        - all
-    - name: Ubuntu
-      versions:
-        - all
-    - name: Debian
-      versions:
-        - all
-  galaxy_tags:
-    - networking
-    - system
-    - web
-    - certbot
-    - letsencrypt
-    - encryption
-    - certificates
-    - ssl
-    - https

tasks/create-cert-standalone.yml

@@ -1,17 +1,44 @@
 ---
 - name: Check if certificate already exists.
   stat:
-    path: /etc/letsencrypt/live/{% if certbot_cert_name %}{{certbot_cert_name}}{% else %}{{ cert_item.domains | first | replace('*.', '') }}{% endif %}/cert.pem
+    path: >-
+      /etc/letsencrypt/live/{% if certbot_cert_name %}{{ certbot_cert_name }}
+      {% else %}{{ cert_item.domains | first | replace('*.', '') }}
+      {% endif %}/cert.pem
   register: letsencrypt_cert
 
+- name: Ensure pre and post hook folders exist.
+  file:
+    path: /etc/letsencrypt/renewal-hooks/{{ item }}
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+  with_items:
+    - pre
+    - post
 
-- name: Stop services to allow certbot to generate a cert.
+- name: Create pre hook to stop services.
-  service:
+  template:
-    name: "{{ item }}"
+    src: stop_services.j2
-    state: stopped
+    dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
-  when:  not letsencrypt_cert.stat.exists or  (certbot_force)
+    owner: root
-  ignore_errors: yes
+    group: root
-  with_items: "{{ certbot_create_standalone_stop_services }}" 
+    mode: 0750
+  when:
+    - certbot_create_standalone_stop_services is defined
+    - certbot_create_standalone_stop_services
+
+- name: Create post hook to start services.
+  template:
+    src: start_services.j2
+    dest: /etc/letsencrypt/renewal-hooks/post/start_services
+    owner: root
+    group: root
+    mode: 0750
+  when:
+    - certbot_create_standalone_stop_services is defined
+    - certbot_create_standalone_stop_services
 
 - name: Generate new certificate if one doesn't exist.
   command: "{{ certbot_create_command }}"
@@ -24,18 +51,17 @@
 
 - name: ensure conf.d exist
   file:
+    mode: 0750
     path: "{{ certbot_nginx_conf_path }}"
     state: directory
 
 - name: create nginx config ssl file
   template:
-      dest: "{{ certbot_nginx_conf_path }}/{% if certbot_cert_name %}{{certbot_cert_name}}{% else %}{{ cert_item.domains | first | replace('*.', '') }}{% endif %}.ssl" # required. Location to render the template to on the remote machine.
+    mode: 0750
-      src: nginx_ssl_config.j2 # required. Path of a Jinja2 formatted template on the Ansible controller. This can be a relative or absolute path.
+    dest: >-
-
+      {{ certbot_nginx_conf_path }}/
-- name: Start services after cert has been generated.
+      {% if certbot_cert_name %}{{ certbot_cert_name }}
-  service:
+      {% else %}
-    name: "{{ item }}"
+      {{ cert_item.domains | first | replace('*.', '') }}
-    state: started
+      {% endif %}.ssl"
-  when: not letsencrypt_cert.stat.exists or  (certbot_force) 
+    src: nginx_ssl_config.j2
-  ignore_errors: yes
-  with_items: "{{ certbot_create_standalone_stop_services }}"

tasks/main.yml

@@ -17,4 +17,3 @@
 
 - import_tasks: renew-cron.yml
   when: certbot_auto_renew
-

templates/start_services.j2

@@ -0,0 +1,15 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+{% for item in certbot_create_standalone_stop_services %}
+echo "starting service {{ item }}"
+{% if ansible_service_mgr == 'systemd' %}
+systemctl start {{ item }}
+{% elif ansible_service_mgr == 'upstart' %}
+initctl start {{ item }}
+{% elif ansible_service_mgr == 'openrc' %}
+rc-service {{ item }} start
+{% else %}
+service {{ item }} start
+{% endif %}
+{% endfor %}

templates/stop_services.j2

@@ -0,0 +1,15 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+{% for item in certbot_create_standalone_stop_services %}
+echo "stopping service {{ item }}"
+{% if ansible_service_mgr == 'systemd' %}
+systemctl stop {{ item }}
+{% elif ansible_service_mgr == 'upstart' %}
+initctl stop {{ item }}
+{% elif ansible_service_mgr == 'openrc' %}
+rc-service {{ item }} stop
+{% else %}
+service {{ item }} stop
+{% endif %}
+{% endfor %}