From 1648cc50e7edd004c93ed309d19ea07a970dee68 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 24 Oct 2017 16:44:03 +0200
Subject: [PATCH] letsencrypt: Run the script that requires the certificates
 only when the desired file changed.

---
 letsencrypt-acmetool-client/tasks/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml
index ec55cf99..e6961cb2 100644
--- a/letsencrypt-acmetool-client/tasks/main.yml
+++ b/letsencrypt-acmetool-client/tasks/main.yml
@@ -79,6 +79,7 @@
   become_user: '{{ letsencrypt_acme_user }}'
   template: src=cert-requirements.j2 dest={{ letsencrypt_acme_certsconf_dir }}/{{ ansible_fqdn }} mode=0644
   when: letsencrypt_acme_install
+  register: letsencrypt_new_desired_file
   tags: letsencrypt
 
 - name: Set the cap_net_bind_service capability to the acmetool binary when we use it in listener mode
@@ -132,7 +133,7 @@
   become: True
   become_user: '{{ letsencrypt_acme_user }}'
   shell: '/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-init.log 2>&1'
-  when: letsencrypt_acme_install
+  when: ( letsencrypt_new_desired_file | changed )
   ignore_errors: True
   tags: letsencrypt