- name: Update certbot certs
  hosts: yellow
  become: true
  become_user: root
  become_method: sudo
  vars_files:
    - vars.yaml
  tasks:
  - name: Ensure nginx, certbot, and nginx-mod-stream are installed
    ansible.builtin.dnf:
      name:
        - certbot
      state: present
  - name: Stop nginx service so we can get certs
    ansible.builtin.systemd_service:
      state: stopped
      name: nginx
  - name: Get certs for all terminate domains
    ansible.builtin.shell: /usr/bin/certbot certonly --standalone -d '{{ item.external_domain }}' -n
    loop: "{{ terminate_ssl }}"
  - name: Start nginx service
    ansible.builtin.systemd_service:
      state: started
      name: nginx