Add letsencrypt renewal config for tunuifranken.info

roles/tunuifranken/files/renewal/tunuifranken.info.conf

@@ -0,0 +1,10 @@
+archive_dir = /etc/letsencrypt/archive/tunuifranken.info
+cert = /etc/letsencrypt/live/tunuifranken.info/cert.pem
+privkey = /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+chain = /etc/letsencrypt/live/tunuifranken.info/chain.pem
+fullchain = /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+
+[renewalparams]
+authenticator = webroot
+installer = null
+server = https://acme-v02.api.letsencrypt.org/directory

roles/tunuifranken/tasks/letsencrypt.yml

@@ -12,14 +12,29 @@
 - name: Create needed directories
   become: true
   ansible.builtin.file:
-    path: "{{ item.path }}"
+    path: "{{ item }}"
     state: directory
     owner: root
     group: root
-    mode: "{{ item.mode }}"
+    mode: 0755
   with_items:
-    - {path: '/etc/letsencrypt/live', mode: '0700'}
+    - /etc/letsencrypt/archive
-    - {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'}
+    - /etc/letsencrypt/renewal
+    - /etc/letsencrypt/live
+    - /etc/letsencrypt/live/tunuifranken.info
+
+- name: Add webroot configuration for letsencrypt
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/letsencrypt/cli.ini
+    line: webroot-path = /var/www/acme
+
+- name: Create renewal configuration for tunuifranken.info
+  become: true
+  ansible.builtin.copy:
+    src: renewal/tunuifranken.info.conf
+    dest: /etc/letsencrypt/renewal/tunuifranken.info.conf
+    mode: 0644
 
 - name: Create private key for account
   become: true