From faf5b50aef6d2578ac612ce0e6a6d633f44a1ce5 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Fri, 8 Nov 2019 16:42:28 +0100
Subject: [PATCH] acme.sh: request a certificate when the configuration did not
 change but no certificate is present.

---
 library/roles/letsencrypt-acme-sh-client/tasks/main.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/library/roles/letsencrypt-acme-sh-client/tasks/main.yml b/library/roles/letsencrypt-acme-sh-client/tasks/main.yml
index 6dd522bd..be509a30 100644
--- a/library/roles/letsencrypt-acme-sh-client/tasks/main.yml
+++ b/library/roles/letsencrypt-acme-sh-client/tasks/main.yml
@@ -84,12 +84,15 @@
   tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
 
 - block:
+  - name: Remove the ok_certificate_issued file when the env file has been changed so that we can force a new request
+    file: dest={{ letsencrypt_acme_sh_base_data_dir }}/data/ok_certificate_issued state=absent
+    when: acme_sh_issue is changed
+
   - name: Request the certificates. As root because we must bind on port 80
     shell: /usr/local/bin/acme-sh-request-cert
-    #args:
-    #  creates: '{{ letsencrypt_acme_sh_base_data_dir }}/data/ok_certificate_issued'
+    args:
+      creates: '{{ letsencrypt_acme_sh_base_data_dir }}/data/ok_certificate_issued'
     register: acme_sh_certificate_issued
-    when: acme_sh_issue is changed
     ignore_errors: True
 
   - name: Check if the 'live' path is a symling. It is, if acmetool was installed