infra/ansible/roles/lego/tasks/generate_cert.yaml

- name: Generate initial cert (http)
  command:
    cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
    chdir: /root
    creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
  when: lego_method == 'http'

- name: Generate initial cert (dns)
  command:
    cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --dns linode --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} run
    chdir: /root
    creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
    environment:
      LINODE_POLLING_INTERVAL: 120
      LINODE_PROPAGATION_TIMEOUT: 600
      LINODE_TOKEN: "{{ linode_dns_token }}"
  when: lego_method == 'dns'