letsencrypt/tasks/cert.yml

---

- name: '[CERT] - Generate or renew certificates'
  command: /usr/bin/certbot certonly --key-type ecdsa --agree-tos --keep-until-expiring --non-interactive --webroot --webroot-path {{ letsencrypt_webroot_path }} -m {{ letsencrypt_email }} --domains {{ item.name }} --cert-name {{ item.name }} {{ '--reuse-key' if item.reuse_key is defined else '' }} --preferred-chain "ISRG Root X1" {{ '--force-renewal' if item.force_renewal is defined else '' }}
  with_items: "{{ letsencrypt_domains }}"
  notify:
    - reload nginx