From 98eb4fc23b96fa16895e821ba1ddf10934655d94 Mon Sep 17 00:00:00 2001
From: Alexander Gabriel <alexander.gabriel@digital-infinity.de>
Date: Thu, 26 Mar 2026 20:41:56 +0100
Subject: [PATCH] default ca ist letsencrypt wegen ipv6 only; ssl-config apache
 erst nachdem es das zertifikat gibt

---
 tasks/main.yml | 54 +++++++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 00791d0..2714d3a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -104,7 +104,7 @@
 
 - name: set amce server url
   set_fact:
-    acmeshserver: ""
+    acmeshserver: " --server letsencrypt "
   when: acme_sh_server is undefined or use_local_ca == false
   
 - name: generate /etc/apache2/sites-available/{{ domainname }}.conf
@@ -117,6 +117,32 @@
   notify:
     - reload apache2
 
+- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
+  file:
+    state: link
+    src: /etc/apache2/sites-available/{{ domainname }}.conf
+    dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
+  notify:
+    - reload apache2
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: get certificates
+  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
+  args:
+    creates: /etc/ssl/private/{{ domainname }}.key
+
+- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
+  template:
+    src: includeOptional.conf.j2
+    dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
+    owner: root
+    group: root
+    mode: "0644"
+  notify:
+    - reload apache2
+
 - name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
   template:
     src: apache-ssl.conf.j2
@@ -127,32 +153,6 @@
   notify:
     - reload apache2
 
-- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
-  file:
-    state: link
-    src: /etc/apache2/sites-available/{{ domainname }}.conf
-    dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
-  notify:
-    - reload apache2
-
-- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
-  template:
-    src: includeOptional.conf.j2
-    dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - reload apache2
-
-- name: Flush handlers
-  meta: flush_handlers
-
-- name: get certificates
-  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
-  args:
-    creates: /etc/ssl/private/{{ domainname }}.key
-
 - name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
   file:
     state: link