Adding new domains to a cert_item does not work

[esnalabu]

When adding a domain to an existing cert_item, the role does not generate a new cert with the updated domains:

For example going from this:

certbot_certs:
  - email: janedoe@example.com
    webroot: "/var/www/html"
    domains:
      - example1.com
      - example2.com

to this:

certbot_certs:
  - email: janedoe@example.com
    webroot: "/var/www/html"
    domains:
      - example1.com
      - example2.com
      - example3.com

...does not work.

This is due to the check for whether or not to generate certs is only checking if there is a file with the correct name/path.

It might make sense to allow the user to "force" regeneration using a variable, or maybe the role could test for aliases in the certificates instead of just the existence of the file. In any event, the role should be able to revoke the existing certificates after deleting and creating new ones.

[abuango]

Encountered the same problem, but was able to work around it when I saw the code @esnalabu referenced, specifically the line below.

path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem

The domains list is piped through the first command, which means only the first domain in the list is checked. So, I moved the new domain name to the top and a certificate was generated for it.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[github-actions[bot]]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

[astrojuanlu]

This issue is still present.

[astrojuanlu]

Also this is a duplicate of https://github.com/geerlingguy/ansible-role-certbot/issues/113

[leandrofars]

Still having this issue