From 3820a97584daee667556bfc8648a285cf4ab444e Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 2 Mar 2026 20:01:09 +0100
Subject: [PATCH 1/2] certbot(role): move arguments documentation into README

Do this to match how it's done in newer roles.
---
 roles/certbot/README.md                | 10 +++++++++-
 roles/certbot/meta/argument_specs.yaml |  8 --------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/certbot/README.md b/roles/certbot/README.md
index 4cbd465..ccb687b 100644
--- a/roles/certbot/README.md
+++ b/roles/certbot/README.md
@@ -8,7 +8,15 @@ Also see the following documentation for a full How-to on how to get certificate
 
 ## Required Arguments
 
-For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yaml).
+- `certbot__acme_account_email_address`: The E-Mail address to use for the ACME account.
+- `certbot__certificate_domains`: The domains for which to obtain a certificate.
+
+## Optional Arguments
+
+- `certbot__http_01_port`: The port number the bot listens on. Should be `80` if directly exposed to the internet.  
+   Defaults to `31820` (for the public-reverse-proxy setup).
+- `certbot__new_cert_commands`: A list of commands to execute after getting a new certificate. Will be added into a bash script.  
+  Defaults to the empty list (`[ ]`).
 
 ## `hosts`
 
diff --git a/roles/certbot/meta/argument_specs.yaml b/roles/certbot/meta/argument_specs.yaml
index b2b3f32..c8b45dd 100644
--- a/roles/certbot/meta/argument_specs.yaml
+++ b/roles/certbot/meta/argument_specs.yaml
@@ -2,25 +2,17 @@ argument_specs:
   main:
     options:
       certbot__acme_account_email_address:
-        description: The E-Mail address to give to certbot for the ACME account.
         type: str
         required: true
       certbot__certificate_domains:
-        description: The domains for which to obtain a certificate.
         type: list
         elements: str
         required: true
       certbot__http_01_port:
-        description: |
-          The port number the bot listens on. Must be 80 if directly exposed to the internet.
-          Default is 31820 for the public-reverse-proxy setup.
         type: str
         required: false
         default: 31820
       certbot__new_cert_commands:
-        description: >-
-          A list of commands to execute after getting a new certificate.
-          Will be added into a bash script.
         type: list
         elements: str
         required: false

From fee18bd34925411b47f8e1be059ff2c1fbf8c7b7 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 2 Mar 2026 20:07:12 +0100
Subject: [PATCH 2/2] certbot(role): allow empty list of certificate domains

Also explicitly document that they are used with the HTTP-01 challenge.
This is in preparation for adding a new option with DNS-01 challenge
support.
---
 roles/certbot/README.md                | 2 +-
 roles/certbot/defaults/main.yaml       | 1 +
 roles/certbot/meta/argument_specs.yaml | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/certbot/README.md b/roles/certbot/README.md
index ccb687b..3ad35bf 100644
--- a/roles/certbot/README.md
+++ b/roles/certbot/README.md
@@ -9,10 +9,10 @@ Also see the following documentation for a full How-to on how to get certificate
 ## Required Arguments
 
 - `certbot__acme_account_email_address`: The E-Mail address to use for the ACME account.
-- `certbot__certificate_domains`: The domains for which to obtain a certificate.
 
 ## Optional Arguments
 
+- `certbot__certificate_domains`: The domains for which to obtain a certificate using the HTTP-01 challenge.
 - `certbot__http_01_port`: The port number the bot listens on. Should be `80` if directly exposed to the internet.  
    Defaults to `31820` (for the public-reverse-proxy setup).
 - `certbot__new_cert_commands`: A list of commands to execute after getting a new certificate. Will be added into a bash script.  
diff --git a/roles/certbot/defaults/main.yaml b/roles/certbot/defaults/main.yaml
index 9b20634..9e6551e 100644
--- a/roles/certbot/defaults/main.yaml
+++ b/roles/certbot/defaults/main.yaml
@@ -1,2 +1,3 @@
+certbot__certificate_domains: [ ]
 certbot__http_01_port: 31820
 certbot__new_cert_commands: [ ]
diff --git a/roles/certbot/meta/argument_specs.yaml b/roles/certbot/meta/argument_specs.yaml
index c8b45dd..b895b5f 100644
--- a/roles/certbot/meta/argument_specs.yaml
+++ b/roles/certbot/meta/argument_specs.yaml
@@ -7,7 +7,8 @@ argument_specs:
       certbot__certificate_domains:
         type: list
         elements: str
-        required: true
+        required: false
+        default: [ ]
       certbot__http_01_port:
         type: str
         required: false