---
- name: Ensure UFW is enabled and accepting HTTPS traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '443'

- name: Ensure UFW is enabled and accepting HTTP traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '80'

- name: Ensure certbot is installed
  apt:
    name: certbot

- name: Stop Apache2 to request certificate
  service:
    name: apache2
    state: stopped

- name: Request certificate for node-metrics
  shell: "certbot certonly --agree-tos --email {{ letsencrypt_account_email }} --standalone -n -d node-metrics-{{ ansible_fqdn }}"
  args:
    creates: "/etc/letsencrypt/live/node-metrics-{{ ansible_fqdn }}/fullchain.pem"

- name: Request certificate for postfix-metrics
  shell: "certbot certonly --agree-tos --email {{ letsencrypt_account_email }} --standalone -n -d postfix-metrics-{{ ansible_fqdn }}"
  args:
    creates: "/etc/letsencrypt/live/postfix-metrics-{{ ansible_fqdn }}/fullchain.pem"