- name: Install packages package: name: - certbot - nginx - name: Create HTTP server directories file: path: /srv/http/.well-known recurse: true state: directory owner: nginx group: nginx - name: Set up default HTTP server copy: dest: /etc/nginx/http.d src: default.conf notify: reload nginx - name: Enable nginx service service: name: nginx enabled: true state: started - name: Get LE certificate command: cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ item }} creates: '/etc/letsencrypt/renewal/{{ item }}.conf' loop: '{{ fqdns }}' - name: Enable certbot renewal cron: name: "certbot renew" job: "certbot renew --quiet" user: root hour: "2,14" minute: "18"