From 2df809bc22479a376a9f2a646fade090c2be4e15 Mon Sep 17 00:00:00 2001
From: Erik Stambaugh <erik@erikstambaugh.com>
Date: Mon, 22 Jan 2024 20:02:30 -0800
Subject: [PATCH] Fix certbot to register the domain properly the first time

---
 ansible/roles/certbot/tasks/main.yaml | 19 ++++++++-----------
 ansible/site.yaml                     |  2 +-
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/ansible/roles/certbot/tasks/main.yaml b/ansible/roles/certbot/tasks/main.yaml
index 20168ac..81b7ca9 100644
--- a/ansible/roles/certbot/tasks/main.yaml
+++ b/ansible/roles/certbot/tasks/main.yaml
@@ -46,6 +46,8 @@
       # OCSP stapling
       ssl_stapling on;
       ssl_stapling_verify on;
+  register: nginxconf
+
 
 - name: create the dir for the cert if needed
   file:
@@ -53,27 +55,22 @@
     state: directory
     recurse: true
 
-- name: launch certbot
-  command: docker compose up -d
-  args:
-    chdir: /srv/certbot
-
-- name: seed a fake cert if needed
-  command: "docker exec -t certbot openssl req -nodes -new -x509 -subj '/CN=localhost' -out /etc/letsencrypt/live/{{domain_name}}/fullchain.pem -keyout /etc/letsencrypt/live/{{domain_name}}/privkey.pem"
+# XXX FIXME configure email address
+- name: seed a cert if needed
+  command: "docker run --volume /srv/certbot/etc:/etc/letsencrypt --volume /srv/certbot/www:/var/www/certbot -p 80:80 --rm -t certbot/certbot certonly --agree-tos --email erik@erikstambaugh.com --standalone --noninteractive --cert-name {{domain_name}} --domains {{domain_name}}"
   args:
     chdir: /srv/certbot
     creates: "/srv/certbot/etc/live/{{domain_name}}/fullchain.pem"
   register: mkcert
 
-- name: restart certbot
-  command: docker compose restart
+- name: launch certbot
+  command: docker compose up -d
   args:
     chdir: /srv/certbot
-  when: mkcert.changed
 
 - name: restart certbot
   command: docker compose restart
   args:
     chdir: /srv/certbot
-  when: dockercompose.changed or nginxconf.changed
+  when: dockercompose.changed or nginxconf.changed or  mkcert.changed
 
diff --git a/ansible/site.yaml b/ansible/site.yaml
index 784cfd9..0d886cc 100644
--- a/ansible/site.yaml
+++ b/ansible/site.yaml
@@ -8,7 +8,7 @@
 - name: mastodon instance
   hosts: social
   roles:
-    - { role: nginx, become: yes }
     - { role: certbot, become: yes }
+    - { role: nginx, become: yes }
     - { role: mastodon, become: yes }