---
- name: generate openssl dhparam for nginx
  become: true
  command: |
    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
  args:
    creates: /etc/ssl/certs/dhparam.pem
  tags: ssl

- name: create ssl certificate for ci server
  become: true
  command: |
    certbot certonly --webroot --webroot-path=/srv/http \
    -m {{ ci_server_email }} --agree-tos \
    -d {{ ci_server_name }}
  args:
    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
  tags: ssl