- name: get openssl version
  command: "openssl version"
  register: openssl_version
  changed_when: false
  check_mode: false

- fail:
    msg: "OpenSSL too old!"
  when: openssl_version.stdout.split()[1] is version('1.1.1', '<')

- name: compile acme-client
  include_tasks: compile_acme.yml
  when: acme_compile and not acme_justrun

- name: add config
  template:
    src: acme.j2
    dest: /etc/acme-client.conf
  notify: "renew certs"

- name: add renew script
  template:
    src: renew_certs.j2
    dest: "{{acme_renew_script_path}}/renew_certs"
    owner: root
    group: root
    mode: 0755
  when: acme_renew_script

- name: add daily cronjob (renew_script)
  cron:
    name: renew certs
    minute: "0"
    hour: "4"
    job: "{{acme_renew_script_path}}/renew_certs"
  when: acme_renew_script and acme_add_cronjob

- name: add daily cronjobs
  cron:
    name: "renew certs for domain {{item.domain}}"
    minute: "0"
    hour: "4"
    job: "/usr/local/bin/acme-client {{item.domain}}"
  loop: "{{acme_hosts}}"
  loop_control:
    label: "{{item.domain}}"
  when: not acme_renew_script and acme_add_cronjob

- name: run acme-client
  shell: "/usr/local/bin/acme-client {{item.domain}}"
  when: acme_justrun
  loop: "{{acme_hosts}}"
  loop_control:
    label: "{{item.domain}}"