- set_fact:
    acme_txt_required: []

# Handle multiple certs for a single host; like
#
# letsencrypt_certs:
#    main:
#      hostname.opendev.org
#    secondary:
#      foo.opendev.org:8000
#      baz.opendev.org
#
# All required TXT keys are put into acme_txt_required

- name: Generate certificate creation/renewal requests
  include_tasks: acme.yaml
  loop: "{{ query('dict', letsencrypt_certs) }}"
  loop_control:
    loop_var: cert

# For each generated certificate get the first entry as the domain to
# run the certificate validation tests against.  If it specifies a
# port explicitly (with <host>:<port>), make it "<host> <port>", if it
# doesn't explicitly set a port make it "<host> 443" (i.e. the second
# regex is "if this doesn't have a space in it, then add " 443").
#
# For example above, we'd get
#  [ 'hostname.opendev.org 443', 'foo.opendev.org 8000' ]
#
# Later in ssl-check role, the final certificate validation list is
# generated by walking the letsencrypt_certcheck_domains variable
# for each host in the letsencrypt group.
#
- name: Create ssl check domain list
  set_fact:
    letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains|default([]) + [item.value|first|regex_replace(":", " ")|regex_replace("^([^\s]*)$", "\1 443")] }}'
  loop: '{{ letsencrypt_certs | dict2items }}'