- hosts: letsencrypt
  become: yes
  vars_files:
    - vars/main.yml
    - local-vars/local.yml
  tasks:
    - name: Install certbot packages
      apt:
        pkg:
          - python3-certbot-nginx
    - name: setup certbot
      command: >
        sudo certbot --nginx --agree-tos -m {{ surveytooldeploy.certbot_admin_email }}
        -d {{ inventory_hostname }} --non-interactive
        --keep --redirect --uir --hsts --staple-ocsp --must-staple
      args:
        creates: /etc/letsencrypt/renewal/{{ inventory_hostname }}.conf
    - name: Speedup http2
      replace:
        path: /etc/nginx/sites-enabled/default
        regexp: '^(\s*)listen 443 ssl;(.*)$'
        replace: '\1listen 443 ssl http2;\2'