[
	{
		"name": "packages | debian",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"openssl",
				"python3-cryptography",
				"python3-pip"
			]
		}
	},
	{
		"name": "packages | python",
		"ansible.builtin.pip": {
			"name": "nc_dnsapi"
		},
		"environment": {
			"PIP_BREAK_SYSTEM_PACKAGES": "1"
		}
	},
	{
		"name": "directories | ssl",
		"become": true,
		"loop": [
			"{{var_tlscert_acme_netcup_ssl_directory}}/private",
			"{{var_tlscert_acme_netcup_ssl_directory}}/csr",
			"{{var_tlscert_acme_netcup_ssl_directory}}/certs",
			"{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
		],
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{item}}"
		}
	},
	{
		"name": "directories | Let's Encrypt account key",
		"become": true,
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{var_tlscert_acme_netcup_acme_account_key_path | dirname}}"
		}
	},
	{
		"name": "key",
		"become": true,
		"community.crypto.openssl_privatekey": {
			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
		}
	},
	{
		"name": "csr",
		"become": true,
		"community.crypto.openssl_csr": {
			"common_name": "{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}",
			"privatekey_path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
		}
	},
	{
		"name": "acme | generate account key",
		"become": true,
		"ansible.builtin.shell": {
			"cmd": "test -f {{var_tlscert_acme_netcup_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_netcup_acme_account_key_path}}"
		}
	},
	{
		"name": "acme | init",
		"become": true,
		"community.crypto.acme_certificate": {
			"acme_version": 2,
			"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
			"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
			"account_key_src": "{{var_tlscert_acme_netcup_acme_account_key_path}}",
			"terms_agreed": true,
			"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"challenge": "dns-01",
			"dest": "{{var_tlscert_acme_netcup_ssl_directory}}/certs/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"fullchain_dest": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
		},
		"register": "temp_acme_data"
	},
	{
		"name": "dns challenge | execute",
		"when": "'challenge_data' in temp_acme_data",
		"community.general.netcup_dns": {
			"customer_id": "{{var_tlscert_acme_netcup_netcup_customer_id}}",
			"api_password": "{{var_tlscert_acme_netcup_netcup_api_password}}",
			"api_key": "{{var_tlscert_acme_netcup_netcup_api_key}}",
			"domain": "{{var_tlscert_acme_netcup_domain_base}}",
			"record": "_acme_challenge.{{var_tlscert_acme_netcup_domain_path}}",
			"type": "TXT",
			"value": "{{temp_acme_data['challenge_data'][var_tlscert_acme_netcup_domain_path + '.' + var_tlscert_acme_netcup_domain_base]['dns-01']['resource_value']}}"
		}
	},
	{
		"name": "dns challenge | wait",
		"when": "'challenge_data' in temp_acme_data",
		"ansible.builtin.pause": {
			"seconds": "{{var_tlscert_acme_netcup_challenge_delay}}"
		}
	},
	{
		"name": "acme | finalize",
		"become": true,
		"community.crypto.acme_certificate": {
			"acme_version": 2,
			"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
			"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
			"account_key_src": "{{var_tlscert_acme_netcup_acme_account_key_path}}",
			"terms_agreed": true,
			"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"challenge": "dns-01",
			"dest": "{{var_tlscert_acme_netcup_ssl_directory}}/certs/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"fullchain_dest": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
			"data": "{{temp_acme_data}}"
		}
	}
]