# Запрашиваем сертификат- name: Requesting ACME challenge acme_certificate:

1. # Запрашиваем сертификат
2. - name: Requesting ACME challenge
3.   acme_certificate:
4.     account_key_src: >-
5.       {{ keys_path +  account_key.dir |
6.      default(account_key.name) + '/' + account_key.name + '.key' }}
7.     account_uri: "{{ acme_account.account_uri }}"
8.     acme_directory: "{{ item.acme_directory | default(acme_directory) }}"
9.     acme_version: 2
10.     chain_dest: >-
11.       {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
12.       + '/' + item.name | regex_replace('\*', '_') + '-chain.pem' }}
13.     challenge: "{{ item.challenge | default(challenge) }}"
14.     csr: >-
15.       {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
16.       + '/' + item.name | regex_replace('\*', '_') + '.csr' }}
17.     dest: >-
18.       {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
19.       + '/' + item.name | regex_replace('\*', '_') + '.pem' }}
20.     fullchain_dest: >-
21.       {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
22.       + '/' + item.name | regex_replace('\*', '_') + '-fullchain.pem' }}
23.     modify_account: no
24.     remaining_days: "{{ item.remaining_days | default(remaining_days) }}"
25.     terms_agreed: yes
26.     validate_certs: "{{ item.remaining_days | default(validate_certs) }}"
27.   loop: "{{ domains_certs }}"
28.   register: pending_challenges
29.   when: (item.state is undefined) or (item.state == 'present')
30.  
31. # Вносим необходимыые изменения в ДНС
32. - name: Creating challenge DNS entries for domains {{ ', '.join(domains) }} via Route53
33.   route53:
34.     state: present
35.     zone: >-
36.       {{ item.zone|default(((pending_challenges | json_query(query_filter)) |
37.      map(attribute='challenge_data_dns') | list | first | dict2items) |
38.       map(attribute='key') | join ('') |
39.       regex_replace('^(?:.*\\.|)([^.]+\\.[^.]+)$', '\\1')) }}
40.     record: >-
41.       {{ ((pending_challenges | json_query(query_filter)) |
42.      map(attribute='challenge_data_dns') | list | first | dict2items) |
43.       map(attribute='key') | join('') }}
44.     type: TXT
45.     ttl: 5
46.     value: >-
47.       {{ ((pending_challenges | json_query(query_filter)) |
48.      map(attribute='challenge_data_dns') | list | first | dict2items) |
49.       map(attribute='value') | list | first }}
50.     overwrite: true
51.     wait: true
52.   loop: "{{ domains_certs }}"
53.   vars:
54.     query_filter: 'results[?item.name==`{{ item.name }}`]'
55.   when: >-
56.     (item.state is undefined or item.state == 'present') and
57.     ((item.challenge is undefined and challenge == 'dns-01') or
58.     (item.challenge == 'dns-01'))