certbot certificate running

tasks/certbot_ssl.yml

@@ -11,15 +11,21 @@
     stat:
       path: "/etc/letsencrypt/live/{{ apache_vhosts[0].servername }}/cert.pem"
     register: "letsencrypt_cert"
-
+  - name: "register a list of aliases to add to SSL"
+    set_fact:
+      ssl_alias: "{{ [ apache_vhosts[0].serveralias | default('deleteme'),  apache_vhosts[0].certalias | default('deleteme') ] | reject('equalto','deleteme') | list }}"
+  - name: "debug"
+    debug:
+      msg: "{{ ssl_alias }}"
   - name: "copy config used by certbot to server"
     template:
       backup: true
       src: "temp.conf.j2"
       dest: "/etc/httpd/conf.d/temp.conf"
-    when: "not letsencrypt_cert.stat.exists"
+    when: "not letsencrypt_cert.stat.exists or apache_vhosts[0].ssl_force | default(false) | bool"
     vars:
       test_servername: "{{ apache_vhosts[0].servername }}"
+      test_alias: "{{ ssl_alias }}"
     become: true
 
   - name: "install {{ certbot_packages }}"
@@ -31,11 +37,12 @@
   - name: "start httpd"
     systemd:
       name: "httpd"
-      state: "started"
+      state: "restarted"
     become: true
-
+    when: "apache_vhosts[0].ssl_force | default(false) | bool"
+   
   - name: "run command to get certificate"
-    command: "certbot --apache certonly {{ certbot_ssl_dry_run }} --non-interactive --agree-tos --email {{ item.serveradmin }} -d {%if item.serveralias is defined %} {{ [item.servername, item.serveralias , item.certalias | default(omit) ] | join(',') }} {% else %} {{ item.servername }} {% endif %}" # noqa 204
+    command: "certbot --apache certonly {{ certbot_ssl_dry_run }} --non-interactive --agree-tos --email {{ item.serveradmin }} -d {{ item.servername }}{%if item.serveralias is defined or item.certalias is defined %},{{ ssl_alias |  join(',') }} {% if item.ssl_force %}--expand{%endif %} {% else %} {{ item.servername }} {% endif %}" # noqa 204
     with_items: "{{ apache_vhosts }}"
     become: true
     when: "(apache_certbot and not letsencrypt_cert.stat.exists and item.ssl is defined and item.ssl | bool) or (item.ssl_force | default(false) | bool and (item.ssl_type is undefined or item.ssl_type == 'certbot'))"

templates/temp.conf.j2

 <VirtualHost *:80>
 ServerName {{ test_servername }}
+{% for alias in test_alias %}
+ServerAlias {{ alias }}
+{% endfor %}
 </VirtualHost>
 

templates/vhosts_ssl.conf.j2

@@ -10,7 +10,13 @@
 {% if vhost.documentroot is defined %}
   DocumentRoot "{{ vhost.documentroot }}"
 {% endif %}
-{% set letsencrypt_vhost_path = '/etc/letsencrypt/live/' + vhost.servername + '/' %}
+
+{% if vhost.servername != apache_vhosts[0].servername %}
+{% set key_servername = apache_vhosts[0].servername %}
+{% else %}
+{% set key_servername = vhost.servername %}
+{% endif %}
+{% set letsencrypt_vhost_path = '/etc/letsencrypt/live/' +  key_servername + '/' %}
 {% set default_cert_file = letsencrypt_vhost_path + 'cert.pem' %}
 {% set default_cert_key = letsencrypt_vhost_path + 'privkey.pem' %}
 {% set default_chain_file = letsencrypt_vhost_path + 'chain.pem' %}
@@ -38,9 +44,9 @@
 SSLOptions +StrictRequire 
   SSLCompression off
   
-  SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.pem') }}
-  SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + vhost.servername + '.pem') }}
-  SSLCertificateChainFile {{vhost.certificate_chain_file | default('/etc/pki/tls/certs/' + vhost.servername + '.chain.pem') }}
+  SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ key_servername + '.pem') }}
+  SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + key_servername + '.pem') }}
+  SSLCertificateChainFile {{vhost.certificate_chain_file | default('/etc/pki/tls/certs/' + key_servername + '.chain.pem') }}
 
   {% endif %}
 {% if vhost.serveradmin is defined %}