From 8d6c3c57c3f61d78dfb92ce61727d1bbe3278f14 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Mon, 27 Sep 2021 11:28:02 +0300
Subject: [PATCH] roles/nginx: install acme.sh after downloading

This is basically just bootstrapping it. I used to do this by hand
before requesting the certs.
---
 roles/nginx/tasks/letsencrypt.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
index 5511da9..a724b9e 100644
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -22,6 +22,19 @@
       dest: "{{ letsencrypt_acme_script }}"
       mode: 0700
 
+  # Run the "install" for acme.sh so it creates the .acme.sh dir (currently I
+  # have to chdir to the /root directory where the script exists or else it
+  # fails. Ansible runs it, but the script can't find itself...).
+  - name: Install acme.sh
+    ansible.builtin.command:
+      cmd: "{{ letsencrypt_acme_script }} --install --no-profile --no-cron"
+      creates: "{{ letsencrypt_acme_home }}/acme.sh"
+      chdir: /root
+
+  - name: Set default certificate authority for acme.sh
+    ansible.builtin.command:
+      cmd: "{{ letsencrypt_acme_script }} --set-default-ca --server letsencrypt"
+
   - name: Prepare Let's Encrypt well-known directory
     file:
       state: directory