From 86422ed9565414c0297ae779547f4bf449b1c2c5 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 26 Jan 2017 18:33:49 +0100
Subject: [PATCH] library/roles/letsencrypt-acmetool-client/defaults/main.yml:
 Change the default behaviour to 'listener' so that we can ask for a
 certificate if the web server is not yet configured.

---
 letsencrypt-acmetool-client/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/letsencrypt-acmetool-client/defaults/main.yml b/letsencrypt-acmetool-client/defaults/main.yml
index 8fab980..1ddbc32 100644
--- a/letsencrypt-acmetool-client/defaults/main.yml
+++ b/letsencrypt-acmetool-client/defaults/main.yml
@@ -29,9 +29,9 @@ letsencrypt_acme_rsa_key_size: 4096
 letsencrypt_acme_key_type: ecdsa
 letsencrypt_acme_ecdsa_curve: nistp256
 letsencrypt_acme_email: sysadmin@example.com
-# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service.
+# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
 # Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
-letsencrypt_acme_authenticator: proxy
+letsencrypt_acme_authenticator: listener
 
 # desired parameters
 letsencrypt_acme_domains: