letsencrypt: Put the cron job commands inside a bash script

letsencrypt-acmetool-client/tasks/main.yml

@@ -122,12 +122,17 @@
     - letsencrypt_certs_revoke_list is defined
   tags: letsencrypt
   
+- name: Install a script that will be used to renew the certificate when needed
+  template: src=cron-acme-cert-request.j2 dest=/usr/local/bin/cron-acme-cert-request mode=0755
+  when: letsencrypt_acme_install
+  tags: [ 'letsencrypt', 'letsencrypt_cron' ]
+
 - name: Install a daily cron job to renew the certificates when needed
   become: True
   become_user: '{{ letsencrypt_acme_user }}'
-  cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
+  cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
   when: letsencrypt_acme_install
-  tags: letsencrypt
+  tags: [ 'letsencrypt', 'letsencrypt_cron' ]
 
 - name: letsencrypt acmetool request the first certificate
   become: True

letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+CMD=/usr/local/bin/acme-cert-request
+
+SLEEP_SECONDS=$(echo $[($RANDOM %1200)])
+sleep ${SLEEP_SECONDS}
+
+/usr/local/bin/acme-cert-request
+RETVAL=$?
+
+exit $RETVAL
+