Certbot does not get certificates for additional domains

[Kenya-West]

vars.yaml

  domains:
    - foo-1.bar.com
    - foo-1-frps.bar.com
    - foo-1-wg.bar.com
    - foo-1-xray.bar.com
    - foo-1-xui.bar.com # this domain already exists, others are not configured yet

  certbot_create_extra_args: "--expand --redirect"
  certbot_create_if_missing: true
  certbot_auto_renew: true
  certbot_auto_renew_user: "{{ standard_user }}"
  certbot_auto_renew_weekday: 3
  certbot_auto_renew_hour: 6
  certbot_auto_renew_minute: 20
  certbot_auto_renew_options: "--quiet"
  certbot_certs:
    - domains: "{{ domains }}"

playbook.yaml

roles:
  - role: geerlingguy.certbot
    tags: certbot
    become: true
    become_user: root

Certbot output:

Details

```log user@PC:~/ansible-my$ ansible-playbook -i ./inventory/staging.ini ./install_web_features.yaml --limit=vpn_xui_first[0] PLAY [Install web features - currently includes certbot only] ****************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************* ok: [instance-01] TASK [geerlingguy.certbot : Load a variable file based on the OS type, or a default if not found.] ***************************************** ok: [instance-01] => (item=/home/user/.ansible/roles/geerlingguy.certbot/vars/default.yml) TASK [geerlingguy.certbot : Ensure dnf-plugins are installed on Rocky/AlmaLinux.] ********************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Enable DNF module for Rocky/AlmaLinux.] ************************************************************************ skipping: [instance-01] TASK [geerlingguy.certbot : Install Certbot.] ********************************************************************************************** ok: [instance-01] TASK [geerlingguy.certbot : Set Certbot script variable.] ********************************************************************************** ok: [instance-01] TASK [geerlingguy.certbot : Ensure snapd is installed.] ************************************************************************************ skipping: [instance-01] TASK [geerlingguy.certbot : Ensure snapd is enabled.] ************************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Enable classic snap support.] ********************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Update snap after install.] ************************************************************************************ skipping: [instance-01] TASK [geerlingguy.certbot : Install certbot via snap.] ************************************************************************************* skipping: [instance-01] TASK [geerlingguy.certbot : Symlink certbot into place.] *********************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Set Certbot script variable.] ********************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Clone Certbot into configured directory.] ********************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Set Certbot script variable.] ********************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : Ensure certbot-auto is executable.] **************************************************************************** skipping: [instance-01] TASK [geerlingguy.certbot : include_tasks] ************************************************************************************************* included: /home/user/.ansible/roles/geerlingguy.certbot/tasks/create-cert-standalone.yml for instance-01 => (item={'domains': ['foo-1.bar.com', 'foo-1-frps.bar.com', 'foo-1-wg.bar.com', 'foo-1-xray.bar.com', 'foo-1-xui.bar.com']}) TASK [geerlingguy.certbot : Check if certificate already exists.] ************************************************************************** ok: [instance-01] TASK [geerlingguy.certbot : Ensure pre and post hook folders exist.] *********************************************************************** ok: [instance-01] => (item=pre) ok: [instance-01] => (item=post) TASK [geerlingguy.certbot : Create pre hook to stop services.] ***************************************************************************** ok: [instance-01] TASK [geerlingguy.certbot : Create post hook to start services.] *************************************************************************** ok: [instance-01] TASK [geerlingguy.certbot : Generate new certificate if one doesn't exist.] **************************************************************** changed: [instance-01] TASK [geerlingguy.certbot : include_tasks] ************************************************************************************************* skipping: [instance-01] => (item={'domains': ['foo-1.bar.com', 'foo-1-frps.bar.com', 'foo-1-wg.bar.com', 'foo-1-xray.bar.com', 'foo-1-xui.bar.com']}) skipping: [instance-01] TASK [geerlingguy.certbot : Add cron job for certbot renewal (if configured).] ************************************************************* ok: [instance-01] PLAY RECAP ********************************************************************************************************************************* instance-01 : ok=11 changed=1 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0 ```

Only the already existing domain is present:

 $user: ~ ❯ sudo tree /etc/letsencrypt/live/
/etc/letsencrypt/live/
├── README
└── foo-1-xui.bar.com
    ├── README
    ├── cert.pem -> ../../archive/foo-1-xui.bar.com/cert3.pem
    ├── chain.pem -> ../../archive/foo-1-xui.bar.com/chain3.pem
    ├── fullchain.pem -> ../../archive/foo-1-xui.bar.com/fullchain3.pem
    └── privkey.pem -> ../../archive/foo-1-xui.bar.com/privkey3.pem

1 directory, 6 files

Destination host is Ubuntu 22.04

ansible --version output:

ansible [core 2.16.3]
  config file = /home/user/ansible-my/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.12.3 (main, Sep 11 2024, 14:17:37) [GCC 13.2.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

[kinoute]

Did you find a solution? I have the same problem. Two subdomains, only one gets the certificates.