Better handling of letsnecrypt certificate generation, uploading when fails to renew.

ansible/roles/letsencrypt/tasks/certbot-dns.yml

@@ -41,7 +41,7 @@
       --dns-{{ dns_plugin }} --dns-{{ dns_plugin }}-propagation-seconds 60
       --dns-{{ dns_plugin }}-credentials {{ dnsimple_credentials_path }}
       --server https://acme-v02.api.letsencrypt.org/directory
-  # when: use_dns_plugin|bool
+  when: use_dns_plugin|bool
   tags:
     - certbot-dns
 
@@ -101,5 +101,32 @@
       dest: "{{ssl_certificate}}"
     - src: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem
       dest: "{{ssl_certificate_key}}"
+  ignore_errors: yes
+  register: linked
   tags:
     - certbot-dns
+
+- name: Copy working certificates because letsencrypt failed
+  become: yes
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+  when: not linked
+  with_items:
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.crt
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/fullchain.pem
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.key
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem
+
+- name: Download new certificates to local
+  become: yes
+  fetch:
+    src: '{{ item.dest }}'
+    dest: '{{ item.src }}'
+    flat: yes
+  when: linked
+  with_items:
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.crt
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/fullchain.pem
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.key
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem