- name: Generate placeholder letsencrypt certs for domains if needed
  block:
  - name: check if fullchain already exists
    stat: path=/etc/letsencrypt/live/{{ item.external }}/fullchain.pem
    register: p
  - name: Generate self signed cert
    shell: openssl req -x509 -newkey rsa:4096 -keyout /etc/letsencrypt/live/{{ item.external }}/privkey.pem -out /etc/letsencrypt/live/{{ item.external }}/fullchain.pem -sha256 -days 3650 -nodes -subj "/C=US/ST=Ohio/L=Columbus/O=ducoterra/OU=ducoterra/CN={{ item.external }}"
    when: not p.stat.exists