- name: Update certbot certs
  hosts: yellow
  become: true
  become_user: root
  become_method: sudo
  vars_files:
    - vars.yaml
  tasks:
  - name: Ensure nginx, certbot, and nginx-mod-stream are installed
    ansible.builtin.dnf:
      name:
        - certbot
      state: present
  - name: Get certs for all domains
    ansible.builtin.shell: /usr/bin/certbot certonly --dns-route53 -d '{{ item.1 }}' -n
    # Loops over every external.domains sub list
    loop: "{{ http | subelements('external.domains') }}"