Run the hook script immediately after installing it to generate the pem file for the mongodb server.

mongodb-org/tasks/mongodb-letsencrypt-acmetool.yml

@@ -6,6 +6,9 @@
   - name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
     template: src=mongodb-letsencrypt-acmetool.sh dest={{ letsencrypt_acme_services_scripts_dir }}/mongodb owner=root group=root mode=4555
 
+  - name: Copy the certificate and its key where the mongo server expects it
+    command: "{{ letsencrypt_acme_services_scripts_dir }}/mongodb"
+
   when:
     - mongodb_ssl_letsencrypt_managed
     - letsencrypt_acme_install

mongodb-org/templates/mongodb-letsencrypt-acmetool.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 LE_CERTS_DIR=/etc/letsencrypt/live/$HOSTNAME
-LE_LOG_DIR=/var/log/letsencrypt
+LE_LOG_DIR=/var/log/acme
 MONGODB_CERTDIR=/etc/pki/mongodb
 MONGODB_CERTFILE=$MONGODB_CERTDIR/mongodb.pem
 DATE=$( date )