role-certbot/tasks/generate_cert.yml

# generate_cert.yml
---
- name: check if privkey exists
  ansible.builtin.command: '[ -f "/etc/letsencrypt/live/{{ item.domain }}/README" ]'
  register: result
  ignore_errors: true

- name: generate certificate
  ansible.builtin.command: 'certbot certonly --standalone --preferred-challenge http-01 -d {{ item.domain }}'
  when: result is failure