tasks/generate_cert.yml

@@ -0,0 +1,10 @@
+# generate_cert.yml
+---
+- name: check if privkey exists
+  ansible.builtin.command: '[ -f "/etc/letsencrypt/live/{{ item.domain }}/README" ]'
+  register: result
+  ignore_errors: true
+
+- name: generate certificate
+  ansible.builtin.command: 'certbot certonly --standalone --preferred-challenge http-01 -d {{ item.domain }} -m ejparker@actcur.com --agree-tos'
+  when: result is failure

tasks/main.yml

@@ -4,3 +4,8 @@
   ansible.builtin.package:
     name: certbot
     state: present
+
+# generate certs for new domains
+- include_tasks: generate_cert.yml
+  loop: "{{ domains }}"
+

vars/main.yml

@@ -1,2 +1,7 @@
 ---
-# vars file for certbot
+# vars file for nginx-ssl on privtorrents.actcur.com
+
+domains:
+  - domain: privtorrents.actcur.com
+
+# end of file