Update certbot role, add Jitsi host

inventory/hosts

@@ -5,6 +5,7 @@ srv01 ansible_host=srv01.hamburg.freifunk.net
 srv03 ansible_host=srv03.hamburg.freifunk.net
 
 [certbot]
+jitsi
 srv01
 #srv02
 

roles/certbot/files/cli.ini

@@ -1,5 +1,6 @@
-# All flags used by the client can be configured here. Run Certbot with
+# Because we are using logrotate for greater flexibility, disable the
-# "--help" to learn more about the available options.
+# internal certbot logrotation.
+max-log-backups = 0
 
 email = backend@hamburg.freifunk.net
 rsa-key-size = 4096

roles/certbot/files/reload-nginx

@@ -2,4 +2,4 @@
 
 PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
 
-service nginx reload
+systemctl reload nginx

roles/certbot/tasks/main.yml

@@ -1,38 +1,19 @@
 ---
-- name: create directories
+- name: install certbot
+  apt:
+    name: certbot
+    cache_valid_time: 86400
+
+- name: create webroot directory
   file:
-    path: "{{ item }}"
+    path: /var/www/_acme-challenge
     state: directory
-  with_items:
-    - /etc/letsencrypt/renewal-hooks/deploy
-    - /etc/letsencrypt/renewal-hooks/post
-    - /etc/letsencrypt/renewal-hooks/pre
-    - /var/www/_acme-challenge
-
-- name: check for certbot-auto
-  stat:
-    path: /usr/local/sbin/certbot-auto
-  register: certbot
-
-- name: download certbot-auto
-  get_url:
-    url: "https://dl.eff.org/certbot-auto"
-    dest: /usr/local/sbin
-    mode: 0755
-  when: not certbot.stat.exists
 
 - name: copy cli.ini
   copy:
     src: cli.ini
     dest: /etc/letsencrypt/
 
-- name: create renewal cronjob
-  cron:
-    name: "Let's Encrypt certificate renewal"
-    job: /usr/local/sbin/certbot-auto renew -q
-    hour: "6"
-    minute: "0"
-
 - name: populate service facts
   service_facts: