- name: get expiry date before
  ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
  ignore_errors: true
  become: true
  changed_when: false
  register: certbot__cert_expiry_before

- name: obtain the certificate using certbot
  ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port "{{ certbot__http_01_port }}" -d "{{ item }}"
  become: true
  changed_when: false

- name: get expiry date after
  ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
  become: true
  changed_when: false
  register: certbot__cert_expiry_after

# Doesn't work anymore. Dunno why.
# TODO: Fix
# - name: potentially report changed
#   ansible.builtin.debug:
#     msg: "If this reports changed, then the certificate expiry date and therefore the certificate changed."
#   changed_when: certbot__cert_expiry_before.stdout != certbot__cert_expiry_after.stdout