[
	{
		"name": "packages",
		"become": true,
		"ansible.builtin.apt": {
			"pkg": [
				"openssl",
				"certbot"
			]
		}
	},
	{
		"name": "csr | setup private key directory",
		"become": true,
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private"
		}
	},
	{
		"name": "csr | generate private key",
		"become": true,
		"community.crypto.openssl_privatekey": {
			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
		}
	},
	{
		"name": "csr | setup csr directory",
		"become": true,
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr"
		}
	},
	{
		"name": "csr | execute",
		"become": true,
		"community.crypto.openssl_csr": {
			"common_name": "{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}",
			"privatekey_path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
		}
	},
	{
		"name": "acme | init",
		"become": true,
		"community.crypto.acme_certificate": {
			"acme_version": 2,
			"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
			"account_email": "{{var_tlscert_acme_inwx_acme_account_email}}",
			"account_key_src": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"terms_agreed": true,
			"csr": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"challenge": "dns-01",
			"dest": "{{var_tlscert_acme_inwx_ssl_directory}}/certs/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"fullchain_dest": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
		},
		"register": "temp_acme_data"
	},
	{
		"name": "dns challenge | place script",
		"become": true,
		"ansible.builtin.copy": {
			"src": "/usr/local/bin/inwx",
			"dest": "/usr/local/bin/inwx",
			"mode": "a+x"
		}
	},
	{
		"name": "dns challange | execute",
		"ansible.builtin.command": {
			"cmd": "/usr/local/bin/inwx --username={{var_tlscert_acme_inwx_inwx_account_username}} --password={{var_tlscert_acme_inwx_inwx_account_password}} save {{var_tlscert_acme_inwx_domain_base}} _acme-challenge.{{var_tlscert_acme_inwx_domain_path}} TXT {{temp_acme_data['challenge_data'][var_tlscert_acme_inwx_domain_path + '.' + var_tlscert_acme_inwx_domain_base]['dns-01']['resource_value']}}"
		}
	},
	{
		"name": "dns challenge | wait",
		"ansible.builtin.pause": {
			"seconds": 60
		}
	},
	{
		"name": "acme | finalize",
		"become": true,
		"community.crypto.acme_certificate": {
			"acme_version": 2,
			"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
			"account_email": "{{var_tlscert_acme_inwx_acme_account_email}}",
			"account_key_src": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"terms_agreed": true,
			"csr": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"challenge": "dns-01",
			"dest": "{{var_tlscert_acme_inwx_ssl_directory}}/certs/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"fullchain_dest": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
			"data": "{{temp_acme_data}}"
		}
	}
]