---
- name: Ensure certbot software is installed
  package:
    name:
      - certbot
      - python3-certbot-apache
    state: latest

- name: Ensure SSL certificate exists
  shell: "certbot certonly --agree-tos --email certs@susurrando.com -n --apache -d {{ item.vhostname }}"
  args:
    creates: "/etc/letsencrypt/archive/{{ item.vhostname }}"
  when:
    - "'ssl' in item"
    - item['ssl']
  loop: "{{ vhosts }}"