system-config/playbooks/roles/letsencrypt-create-certs/tasks/acme.yaml

- name: 'Build arguments for letsencrypt acme.sh driver for: {{ item.key }}'
  set_fact:
    acme_args: '"{% for domain in item.value %}-d {{ domain }} {% endfor %}"'

- name: 'Run acme.sh driver for {{ item.key }} certificate issue'
  shell:
    cmd: |
      /opt/acme.sh/driver.sh {{ 'selfsign' if letsencrypt_self_sign_only else 'renew' }}  {{ acme_args }}      
  args:
    chdir: /opt/acme.sh/
  environment:
    LETSENCRYPT_STAGING: '{{ "1" if letsencrypt_use_staging else "0" }}'
  notify: 'letsencrypt updated {{ item.key }}'

# Keys generated!