On EL distribution, open http before requesting a certificate.

defaults/main.yml

@@ -67,6 +67,10 @@ letsencrypt_acme_services_hook_script: /usr/local/bin/acme-services-hook
 letsencrypt_acme_sh_domains:
   - { domain: '{{ ansible_fqdn }}', standalone: True }
 
+letsencrypt_firewalld_http_enabled_on_default_zone: True
+letsencrypt_firewalld_services:
+  - { service: 'http', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
+
 letsencrypt_acme_sh_domains_install:
   - { domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}', ecc: '{{ letsencrypt_acme_sh_use_ecc }}', cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert', key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey', fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain' }
 

tasks/acmetool_rh.yml

@@ -6,4 +6,19 @@
     yum: pkg=git state=present
     when: letsencrypt_acme_sh_git_install
 
+  - name: Activate the firewalld rule for the http, if we require certificates using the http protocol
+    firewalld: service=http zone={{ firewalld_default_zone }} permanent=True state=enabled immediate=True
+    with_items: '{{ letsencrypt_acme_sh_domains }}'
+    when:
+      - item.standalone is defined
+      - firewalld_enabled
+      - letsencrypt_firewalld_http_enabled_on_default_zone
+
+  - name: Custom firewalld rule for http
+    firewalld: service={{ item.service}} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
+    with_items: '{{ letsencrypt_firewalld_services }}'
+    when:
+      - firewalld_enabled
+      - not letsencrypt_firewalld_http_enabled_on_default_zone
+
   tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]