chore: complete update

ansible/nginx-cdn-germany/roles/ssl-certificates/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# SSL-Zertifikate mit Let's Encrypt
+
+- name: Check if certificate exists
+  stat:
+    path: "/etc/letsencrypt/live/{{ cdn_domain }}/fullchain.pem"
+  register: cert_exists
+
+- name: Generate SSL certificate with certbot
+  command: >
+    certbot certonly --nginx
+    -d {{ cdn_domain }}
+    --non-interactive
+    --agree-tos
+    --email {{ ssl_email }}
+  when: not cert_exists.stat.exists
+
+- name: Setup SSL certificate renewal
+  cron:
+    name: "Renew SSL certificates"
+    minute: "0"
+    hour: "3"
+    job: "certbot renew --quiet --deploy-hook 'systemctl reload nginx'"
+    user: root
+
+- name: Test SSL certificate renewal (dry-run)
+  command: certbot renew --dry-run
+  register: renewal_test
+  failed_when: renewal_test.rc != 0
+  changed_when: false