Use Certbot naming for certificate files

playbooks/roles/cert/README.md

@@ -22,3 +22,4 @@ The `hosts` for this role need to be the machines on which you want to have the
 - <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
 - <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
 - <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
+- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>

playbooks/roles/cert/tasks/deploy_cert.yml

@@ -27,7 +27,7 @@
 
 - name: Ensure private key for certificate exists
   community.crypto.openssl_privatekey:
-    path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
+    path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
     size: 4096
     type: RSA
     owner: "{{ cert__owner }}"
@@ -38,7 +38,7 @@
 - name: Ensure certificate signing request is created
   community.crypto.openssl_csr:
     path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
-    privatekey_path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
+    privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
     common_name: "{{ item }}"
     owner: "{{ cert__owner }}"
     group: "{{ cert__group }}"
@@ -164,10 +164,10 @@
   become: true
   register: cert__fullchain_slurp
 
-- name: Ensure ca.pem is created
+- name: Ensure chain.pem is created
   ansible.builtin.copy:
     content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
-    dest: "/etc/ansible_certs/certs/{{ item }}/ca.pem"
+    dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
     owner: "{{ cert__owner }}"
     group: "{{ cert__group }}"
     mode: "0660"