---
- block:
  - name: Create the acme hooks directory if it does not yet exist
    file:
      dest: '{{ letsencrypt_acme_sh_services_scripts_dir }}'
      state: directory
      owner: root
      group: root

  - name: Install a script that fix the letsencrypt certificate for haproxy and then reloads the service
    template:
      src: letsencrypt-haproxy-refresh.sh.j2
      dest: '{{ letsencrypt_acme_sh_services_scripts_dir }}/haproxy'
      owner: root
      group: root
      mode: 4555
    register: tripleo_haproxy_hook

  - name: Run the letsencrypt hook once to create the certificate chain that haproxy will use
    shell: "{{ letsencrypt_acme_sh_services_scripts_dir }}/haproxy"
    when: tripleo_haproxy_hook is changed

  tags:
    - 'haproxy'
    - 'letsencrypt'
    - 'letsencrypt_acme_sh'
    - 'haproxy_letsencrypt'