From f4904153b409958af335220dc951cf6bdbe90ffb Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 30 Oct 2019 13:43:47 +0100
Subject: [PATCH] freeradius: create the DH file even when the certificate is
 not managed by letsencrypt.

---
 library/roles/freeradius/tasks/main.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/library/roles/freeradius/tasks/main.yml b/library/roles/freeradius/tasks/main.yml
index 69acb31..14c135e 100644
--- a/library/roles/freeradius/tasks/main.yml
+++ b/library/roles/freeradius/tasks/main.yml
@@ -36,14 +36,17 @@
   - name: Create the freeradius pki directory if it does not yet exist
     file: dest={{ freeradius_pki_directory }} state=directory owner=root group=freerad mode=0550
 
-  - name: Setup the freeradius private key if it is not in place already
-    copy: remote_src=yes src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ freeradius_pki_directory }} owner=root group=freerad mode=0440
-
   - name: Create the DH file
     command: openssl dhparam -out {{ freeradius_pki_directory }}/dh 2048
     args:
       creates: '{{ freeradius_pki_directory }}/dh'
 
+  tags: [ 'freeradius', 'freeradius_cert' ]
+
+- block:
+  - name: Setup the freeradius private key if it is not in place already
+    copy: remote_src=yes src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ freeradius_pki_directory }} owner=root group=freerad mode=0440
+
   - name: Create the acme hooks directory if it does not yet exist
     file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root