- set_fact:
    acme_txt_required: []

# Handle multiple certs for a single host; like
#
# letsencrypt_certs:
#    main:
#      hostname.opendev.org
#    secondary:
#      foo.opendev.org
#      baz.opendev.org
#
# All required TXT keys are put into acme_txt_required

- name: Generate certificate creation/renewal requests
  include_tasks: acme.yaml
  loop: "{{ query('dict', letsencrypt_certs) }}"
  loop_control:
    loop_var: cert

- name: Create ssl check domain list
  # For each generated certificate get the first entry as the domain
  # to run the certificate validation tests against.  If it specifies
  # a port explicitly, use that, otherwise assume 443.
  #
  # Later in ssl-check role, the final certificate validation list is
  # generated by walking the letsencrypt_certcheck_domains variable
  # for each host in the letsencrypt group.
  set_fact:
    letsencrypt_certcheck_domains: >-
      {%- set d = [] -%}
      {%- for cert in letsencrypt_certs.keys() -%}
       {%- for host in letsencrypt_certs[cert] -%}
        {%- if loop.first -%}
         {%- if not ":" in host -%}
           {%- set host = host+":443" -%}
         {%- endif -%}
         {%- set d = d.append(host.replace(":"," ")) -%}
        {% endif %}
       {% endfor %}
      {% endfor %}
      {{- d -}}