Fix certbot to register the domain properly the first time

ansible/roles/certbot/tasks/main.yaml

@@ -46,6 +46,8 @@
       # OCSP stapling
       ssl_stapling on;
       ssl_stapling_verify on;
+  register: nginxconf
+
 
 - name: create the dir for the cert if needed
   file:
@@ -53,27 +55,22 @@
     state: directory
     recurse: true
 
-- name: launch certbot
+# XXX FIXME configure email address
-  command: docker compose up -d
+- name: seed a cert if needed
-  args:
+  command: "docker run --volume /srv/certbot/etc:/etc/letsencrypt --volume /srv/certbot/www:/var/www/certbot -p 80:80 --rm -t certbot/certbot certonly --agree-tos --email erik@erikstambaugh.com --standalone --noninteractive --cert-name {{domain_name}} --domains {{domain_name}}"
-    chdir: /srv/certbot
-
-- name: seed a fake cert if needed
-  command: "docker exec -t certbot openssl req -nodes -new -x509 -subj '/CN=localhost' -out /etc/letsencrypt/live/{{domain_name}}/fullchain.pem -keyout /etc/letsencrypt/live/{{domain_name}}/privkey.pem"
   args:
     chdir: /srv/certbot
     creates: "/srv/certbot/etc/live/{{domain_name}}/fullchain.pem"
   register: mkcert
 
-- name: restart certbot
+- name: launch certbot
-  command: docker compose restart
+  command: docker compose up -d
   args:
     chdir: /srv/certbot
-  when: mkcert.changed
 
 - name: restart certbot
   command: docker compose restart
   args:
     chdir: /srv/certbot
-  when: dockercompose.changed or nginxconf.changed
+  when: dockercompose.changed or nginxconf.changed or  mkcert.changed
 

ansible/site.yaml

@@ -8,7 +8,7 @@
 - name: mastodon instance
   hosts: social
   roles:
-    - { role: nginx, become: yes }
     - { role: certbot, become: yes }
+    - { role: nginx, become: yes }
     - { role: mastodon, become: yes }