CU-cunmht split ssl from http role to separate role

ansible/roles/ssl/tasks/certbot.yml

@@ -0,0 +1,25 @@
+---
+- name: generate openssl dhparam for nginx
+  become: true
+  command: |
+    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
+  args:
+    creates: /etc/ssl/certs/dhparam.pem
+  tags: ssl
+
+- name: create ssl certificate for ci server
+  become: true
+  command: |
+    certbot certonly --webroot --webroot-path=/srv/http \
+    -m {{ ci_server_email }} --agree-tos \
+    -d {{ ci_server_name }}
+  args:
+    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  tags: ssl
+
+- name: check if certbot certificate was created
+  become: true
+  stat:
+    path: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  register: stat_result
+  tags: ssl