ansible-infra/roles/certbot/tasks/main/validate_cert.yaml

- name: validate dns-01-acme-dns challenge type config
  when: item.challengeType == "dns-01-acme-dns"
  block:
    - name: assert dns_01_acme_dns config exists
      ansible.builtin.assert:
        that: item.dns_01_acme_dns is defined

    - name: assert dns_01_acme_dns config is valid
      ansible.builtin.validate_argument_spec:
        argument_spec: "{{ required_data }}"
        provided_arguments:
          dns_01_acme_dns: "{{ item.dns_01_acme_dns }}"
      vars:
        required_data:
          dns_01_acme_dns:
            type: dict
            required: true
            options:
              serverUrl:
                type: str
                required: false
                default: https://acmedns.hamburg.ccc.de
              subdomain:
                type: str
                required: true
              apiUser:
                type: str
                required: true
              apiKey:
                type: str
                required: true