Fix various SSL issues

roles/common/handlers/ssl.yml

@@ -1,3 +1,3 @@
 - name: 'Generate Lets Encrypt SSL certificates'
-  shell: letsencrypt.sh --cron >/dev/null
+  shell: dehydrated --cron >/dev/null
   ignore_errors: True

roles/common/tasks/main.yml

@@ -1,6 +1,6 @@
 - include: base.yml
 - include: ssl.yml
-  when: ssl_certs
+  when: ssl_certs or ssl_certs_auto
 - include: dotfiles.yml
   when: with_dotfiles
 - include: dns.yml

roles/common/tasks/ssl.yml

@@ -6,6 +6,7 @@
     group: 'root'
     mode: '0755'
   with_items: '{{ ssl_certs }}'
+  when: ssl_certs
 
 - name: 'Install ssl certificates (certificate)'
   copy:
@@ -16,6 +17,7 @@
     mode: '0640'
   register: ssl_cert_result
   with_items: '{{ ssl_certs }}'
+  when: ssl_certs
 
 - name: 'Install ssl certificates (private key)'
   copy:
@@ -26,6 +28,7 @@
     mode: '0640'
   register: ssl_key_result
   with_items: '{{ ssl_certs }}'
+  when: ssl_certs
 
 - name: 'Install ssl certificates (chain)'
   copy:
@@ -36,28 +39,31 @@
     mode: '0644'
   register: ssl_chain_result
   with_items: '{{ ssl_certs }}'
+  when: ssl_certs
 
 - name: 'Gathering info about ssl full chain (certificate + chain)'
   stat:
     path: '/etc/ssl/local/certs/{{ item }}/fullchain.pem'
   with_items: '{{ ssl_certs }}'
   register: ssl_fullchain_stats
+  when: ssl_certs
 
 - name: 'Gathering info about ssl bundle (key + fullchain)'
   stat:
     path: '/etc/ssl/local/certs/{{ item }}/bundle.pem'
   with_items: '{{ ssl_certs }}'
   register: ssl_bundle_stats
+  when: ssl_certs
 
 - name: 'Create ssl certificates full chain (certificate + chain)'
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/fullchain.pem'
   with_items: '{{ ssl_fullchain_stats.results }}'
-  when: not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed
+  when: ssl_certs and (not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed)
 
 - name: 'Create ssl certificates bundle (key + certificate + bundle)'
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/privkey.pem' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/bundle.pem'
   with_items: '{{ ssl_bundle_stats.results }}'
-  when: not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed
+  when: ssl_certs and (not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed)
 
 - name: 'Install Lets Encrypt client'
   apt:

roles/webserver/tasks/apache2.yml

@@ -26,7 +26,7 @@
 - name: 'Install SSL vhost configuration for Apache (Lets Encrypt certificates)'
   template:
     src: 'apache2/vhost_ssl_auto.j2'
-    dest: '/etc/apache2/vhost_ssl_auto-{{ item }}.conf'
+    dest: '/etc/apache2/vhost_ssl_auto-{{ item.split(" ")[0] }}.conf'
     owner: 'root'
     group: 'root'
     mode: '0644'

roles/webserver/tasks/nginx.yml

@@ -84,7 +84,7 @@
 - name: 'Install SSL vhost configuration for Nginx (Lets Encrypt certificates)'
   template:
     src: 'nginx/vhost_ssl_auto.j2'
-    dest: '/etc/nginx/vhost_ssl_auto-{{ item }}'
+    dest: '/etc/nginx/vhost_ssl_auto-{{ item.split(" ")[0] }}'
     owner: 'root'
     group: 'root'
     mode: '0644'

roles/webserver/templates/apache2/vhost_ssl_auto.j2

@@ -1,4 +1,4 @@
 SSLEngine On
-SSLCertificateFile /var/lib/dehydrated/certs/{{ item }}/cert.pem
-SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ item }}/privkey.pem
-SSLCertificateChainFile /var/lib/dehydrated/certs/{{ item }}/chain.pem
+SSLCertificateFile /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/cert.pem
+SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/privkey.pem
+SSLCertificateChainFile /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/chain.pem

roles/webserver/templates/nginx/vhost_ssl_auto.j2

@@ -1,3 +1,3 @@
-ssl_certificate /var/lib/dehydrated/certs/{{ item }}/fullchain.pem;
-ssl_certificate_key /var/lib/dehydrated/certs/{{ item }}/privkey.pem;
-ssl_trusted_certificate /var/lib/dehydrated/certs/{{ item }}/chain.pem;
+ssl_certificate /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/fullchain.pem;
+ssl_certificate_key /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/privkey.pem;
+ssl_trusted_certificate /var/lib/dehydrated/certs/{{ item.split(' ')[0] }}/chain.pem;