- name: Update certbot certs
  hosts: yellow
  become: true
  become_user: root
  become_method: sudo
  vars_files:
    - vars.yaml
  tasks:
  - name: Ensure nginx, certbot, and nginx-mod-stream are installed
    ansible.builtin.dnf:
      name:
        - certbot
      state: present
  - name: Get certs for all internal domains
    ansible.builtin.shell: /usr/bin/certbot certonly --dns-route53 -d '{{ item.external.domain }}{{ internal_tld }}' -n
    # Loops over every external.domains sub list
    loop: "{{ http }}"
  - name: Get certs for all external domains
    ansible.builtin.shell: /usr/bin/certbot certonly --dns-route53 -d '{{ item.external.domain }}{{ expose_tld }}' -n
    # Loops over every external.domains sub list
    loop: "{{ http }}"
    when: item.external.expose