moved symlink creation to le setup script

files/setup-le.sh

@@ -21,6 +21,16 @@ ipa-cacert-manage install "/etc/ssl/$FQDN/x1.pem"
 ipa-cacert-manage install "/etc/ssl/$FQDN/x2.pem"
 ipa-cacert-manage install "/etc/ssl/$FQDN/$issuer.pem"
 
-systemctl restart httpd
-
 ipa-certupdate
+
+if ! [[ -L /var/lib/ipa/certs/httpd.crt ]]
+then
+    mv /var/lib/ipa/certs/httpd.crt /var/lib/ipa/certs/httpd.crt.bak
+    ln -s /etc/letsencrypt/live/$FQDN/cert.pem /var/lib/ipa/certs/httpd.crt
+fi
+
+if ! [[ -L /var/lib/ipa/private/httpd.key ]]
+then
+    mv /var/lib/ipa/private/httpd.key /var/lib/ipa/private/httpd.key.bak
+    ln -s /etc/letsencrypt/live/$FQDN/privkey.pem /var/lib/ipa/private/httpd.key
+fi

tasks/main.yml

@@ -30,7 +30,7 @@
   ansible.posix.selinux:
     state: disabled
 
-# create symlink for certs if letsencrypt is set up
+# create letsencrypt setup script if certbot is enabled
 - name: check if letsencrypt is set up
   ansible.builtin.command: '[ -d "/etc/letsencrypt/" ]'
   register: result
@@ -46,21 +46,3 @@
     src: files/setup-le.sh
     dest: /scripts/setup-le.sh
   when: (result is succeeded) and (result2 is succeeded)
-
-- name: create symlink for certificate
-  ansible.builtin.file:
-    src: "/etc/letsencrypt/live/{{ansible_fqdn}}/cert.pem"
-    dest: /var/lib/ipa/certs/httpd.crt
-    state: link
-    force: yes
-  when: (result is succeeded) and (result2 is succeeded)
-  notify: restart httpd
-
-- name: create symlink for private key
-  ansible.builtin.file:
-    src: "/etc/letsencrypt/live/{{ansible_fqdn}}/privkey.pem"
-    dest: /var/lib/ipa/private/httpd.key
-    state: link
-    force: yes
-  when: (result is succeeded) and (result2 is succeeded)
-  notify: restart httpd