From c3198ab76f710cdb2678572296bdfaa51ad7fe7b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Fri, 5 Aug 2022 13:57:45 +0200
Subject: [PATCH] Move the cron job under /etc/cron.d

---
 defaults/main.yml | 12 +++++++-----
 tasks/main.yml    | 12 ++++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a5852c9..64a57a3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -69,15 +69,17 @@ letsencrypt_acme_services_hook_script: /usr/local/bin/acme-services-hook
 # Use this when you want a single certificate. Even when multiple provider methods are needed
 # The dns_provider and standalone options are mutually exclusive
 letsencrypt_acme_sh_domains:
-  - { domain: '{{ ansible_fqdn }}', standalone: True }
+  - domain: '{{ ansible_fqdn }}'
+    standalone: true
 
 letsencrypt_firewalld_http_enabled_on_default_zone: True
 letsencrypt_firewalld_services:
   - { service: 'http', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
 
 letsencrypt_acme_sh_domains_install:
-  - { domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}', ecc: '{{ letsencrypt_acme_sh_use_ecc }}', cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert', key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey', fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain' }
+  - domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}'
+    ecc: '{{ letsencrypt_acme_sh_use_ecc }}'
+    cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert'
+    key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
+    fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
 
-### Stuff related to the obsolete acmetool package. Needed to cleanup systems where it was installed in the past
-letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea'
-letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main'
diff --git a/tasks/main.yml b/tasks/main.yml
index 9b30a0e..7599960 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -53,9 +53,21 @@
       - acme-sh-cron-command
     tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
 
+  - name: Remove the cron job under spool if it exists
+    cron:
+      name: "Letsencrypt certificate renewal"
+      day: '{{ letsencrypt_acme_cron_day_of_month }}'
+      hour: '{{ letsencrypt_acme_cron_hour }}'
+      minute: '{{ letsencrypt_acme_cron_minute }}'
+      job: "/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1"
+      state: absent
+    tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
+
   - name: Install a daily cron job to renew the certificates when needed. It runs as root
     cron:
       name: "Letsencrypt certificate renewal"
+      cron_file: letsencrypt_renew_certificates
+      user: root
       day: '{{ letsencrypt_acme_cron_day_of_month }}'
       hour: '{{ letsencrypt_acme_cron_hour }}'
       minute: '{{ letsencrypt_acme_cron_minute }}'