From 4b2aa0db8ac5c71ec0b35807d7643cffcc19e1c7 Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Tue, 9 Jan 2024 14:24:29 +0100
Subject: [PATCH] Use letsencrypt staging server when testing

---
 roles/deploy_certificate/tasks/main.yml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/roles/deploy_certificate/tasks/main.yml b/roles/deploy_certificate/tasks/main.yml
index 02c1242..3998ed2 100644
--- a/roles/deploy_certificate/tasks/main.yml
+++ b/roles/deploy_certificate/tasks/main.yml
@@ -14,7 +14,6 @@
     state: present
     virtualenv: /etc/letsencrypt/certbot_dns_infomaniak_venv
 
-
 - name: Copy authenticator credentials file
   become: true
   ansible.builtin.copy:
@@ -24,10 +23,9 @@
     owner: root
     group: root
 
-- name: Perform dns-01 challenge
-  become: true
-  ansible.builtin.command:
-    argv:
+- name: Set letsencrypt dns-01 challenge argv
+  ansible.builtin.set_fact:
+    letsencrypt_dns01_challenge_argv:
       - /etc/letsencrypt/certbot_dns_infomaniak_venv/bin/certbot
       - certonly
       - -n
@@ -35,8 +33,6 @@
       - dns-infomaniak
       - --dns-infomaniak-credentials
       - /etc/letsencrypt/infomaniak_credentials.ini
-      - --server
-      - https://acme-v02.api.letsencrypt.org/directory
       - --rsa-key-size
       - 4096
       - -d
@@ -44,6 +40,16 @@
       - -m
       - "{{ server_admin }}"
       - --agree-tos
+
+- name: Set letsencrypt dns-01 challenge argv (staging)
+  when: ansible_hostname.endswith('-test')
+  ansible.builtin.set_fact:
+    letsencrypt_dns01_challenge_argv: "{{ letsencrypt_dns01_challenge_argv + ['--test-cert'] }}"
+
+- name: Perform dns-01 challenge
+  become: true
+  ansible.builtin.command:
+    argv: "{{ letsencrypt_dns01_challenge_argv }}"
     creates: "/etc/letsencrypt/live/{{ domain }}"
 
 - name: Create directory for certbot.service override