- name: Stop nginx to generate initial lego cert
  service:
    name: nginx
    state: stopped

- name: Generate initial cert
  command:
    cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
    chdir: /root
    creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"

- name: Start nginx after generating initial lego cert
  service:
    name: nginx
    state: started