---
- block:
  - name: Ensure that the PKI directory exists
    file: path={{ pki_dir }} state=directory owner=root group=root mode=0755

  - name: Ensure that the PKI subdirectories exist
    file: path={{ pki_dir }}/{{ item }} state=directory owner=root group=root mode=0755
    with_items: '{{ pki_subdirs }}'

  tags: [ 'pki', 'ssl', 'ca', 'letsencrypt' ]