---
# This role sets up a Let's Encrypt certificate for the
# Mastodon instance

- name: Make TLS certificate storage directory
  file: name=/etc/ssl/letsencrypt/ state=directory
- name: Install acme.sh
  shell: wget -O -  https://get.acme.sh | sh
- name: Generate certificate using acme.sh
  shell: /root/.acme.sh/acme.sh --issue --standalone -d {{ LOCAL_DOMAIN }} --pre-hook "service nginx stop"
- name: Install certificate in storage directory
  shell: /root/.acme.sh/acme.sh --install-cert -d {{ LOCAL_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ LOCAL_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ LOCAL_DOMAIN }}.crt --reloadcmd "service nginx restart"