A signal of success or failure at the end?

[blaisep-sureify]

Proposed feature

What would be a good signal that the certificate was obtained? For example, cerbot CLI will end with:

Deploying Certificate to VirtualHost /etc/httpd/conf.d/zuul-web-rev-proxy.conf
Successfully deployed certificate for u.do.controlplane.info to /etc/httpd/conf.d/zuul-web-rev-proxy.conf
Redirecting vhost in /etc/httpd/conf.d/zuul-web-rev-proxy.conf to ssl vhost in /etc/httpd/conf.d/zuul-web-rev-proxy.conf
Congratulations! You have successfully enabled HTTPS on https://u.do.controlplane.info

At the end of my play, I don't really know if I have a cert. The steps complete, but looking at the recap, it's not clear if any useful changes happened.

(venv) [root@ip-10-0-2-129 ansible]#  ansible-playbook  playbooks/certrequest.yaml
/home/fedora/venv/lib64/python3.10/site-packages/urllib3/connectionpool.py:1043: InsecureRequestWarning: Unverified HTTPS request is being made to host 'demo.recordsansible.org'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
[WARNING]: Failure using method (v2_playbook_on_start) in callback plugin (<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f688a03a8c0>): 'id'

PLAY [Requesst a cert] ***********************************************************************************************************************************************************************************
[WARNING]: Failure using method (v2_playbook_on_play_start) in callback plugin (<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f688a03a8c0>): 'labels'

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
[WARNING]: Failure using method (v2_playbook_on_task_start) in callback plugin (<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f688a03a8c0>): 'id'
ok: [localhost]
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin (<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f688a03a8c0>): 'id'

TASK [robertdebock.certbot : test if certbot_system is set correctly] ************************************************************************************************************************************
ok: [localhost]

TASK [robertdebock.certbot : test if certbot_domains is set correctly] ***********************************************************************************************************************************
ok: [localhost]

TASK [robertdebock.certbot : test if item in certbot_domains is set correctly] ***************************************************************************************************************************
ok: [localhost] => (item=ci.sureify.app)

TASK [robertdebock.certbot : test if certbot_email is set correctly] *************************************************************************************************************************************
ok: [localhost]

TASK [robertdebock.certbot : install certbot] ************************************************************************************************************************************************************
ok: [localhost]

TASK [robertdebock.certbot : get and install certificates (Standalone)] **********************************************************************************************************************************
skipping: [localhost]
[WARNING]: Failure using method (v2_runner_on_skipped) in callback plugin (<ansible.plugins.callback.ara_default.CallbackModule object at 0x7f688a03a8c0>): 'id'

TASK [robertdebock.certbot : get and install certificates (Managed)] *************************************************************************************************************************************
ok: [localhost]

TASK [robertdebock.certbot : set up automatic renewal] ***************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP ***********************************************************************************************************************************************************************************************
localhost                  : ok=8    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Rationale

For example, even though this task completes, I don't actually have a cert and I don't get an error message:

TASK [robertdebock.certbot : get and install certificates (Managed)] *************************************************************************************************************************************
ok: [localhost]

Additional context

Add any other context about the feature request here.

Please consider sponsoring me.

[blaisep-sureify]

... should I avoid the "managed" option and use "standalone" instead ?

[robertdebock]

Morning! Replying from a camp-site.

By default you will be using apache for the certbot_system. This means you end up with this task:

- name: get and install certificates (Managed)
  ansible.builtin.command:
    cmd: |
      certbot --noninteractive
      --{{ certbot_system }}
      --domain {{ certbot_domains | join(',') }}
      --agree-tos
      --email {{ certbot_email }}
      --no-redirect
    creates: /etc/letsencrypt/accounts
  when:
    - certbot_ci_mode is not defined
    - certbot_system != "standalone"

If a cmd fails (exitstatus != 0) the task will fail.

In your case, I'm seeing ok everywhere. Because creates: /etc/letsencrypt/accounts is set to the task, the task will simply return ok when /etc/letsencrypt/accounts exists. It would be nicer to assume the task is done on some other file, but I can't figure out what file.