- name: Install packages
  package:
    name:
      - py311-certbot
      - py311-certbot-dns-rfc2136
    state: present

- name: Enable periodic renew
  community.general.sysrc:
    name: weekly_certbot_enable
    value: "YES"
    path: /etc/periodic.conf.local

- name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: wheel
  loop:
    - /certbot

- name: Install Configuration
  diff: false
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0600
    owner: root
    group: wheel
  loop:
    - src: credentials
      dest: /certbot/credentials

# For each domain, run:
# certbot certonly -v --register-unsafely-without-email \
#   --dns-rfc2136 \
#   --dns-rfc2136-credentials /certbot/credentials \
#   --dns-rfc2136-propagation-seconds 400 \
#   -d example.com \
#   -d www.example.com
#
# Add --test-cert for staging environment