main.yml

---
- name: download certbot file
  get_url: url=https://dl.eff.org/certbot-auto dest=/usr/local/sbin/certbot-auto owner=root group=root mode=0744 validate_certs=no

- name: install OS dependencies
  shell: certbot-auto --os-packages-only --non-interactive

- include: ssl.yml
  with_items: "{{ nginx_vhosts }}"

production.yml

nginx_vhosts:
  - domain: my.cool.website.com
    config: my.cool.website.conf
    www_alias: false
    install_ssl: true
    
certbot_server: https://acme-staging.api.letsencrypt.org/directory

ssl.yml

---
- name: stop nginx to get ssl for {{ item.domain }}
  service: name=nginx state=stopped
  ignore_errors: true

- name: generate ssl certificate if required (with www alias)
  shell: certbot-auto certonly -d {{ item.domain }} -d www.{{ item.domain }} --standalone --register-unsafely-without-email --agree-tos --non-interactive --server {{ certbot_server }}
  when: item.install_ssl is defined and item.install_ssl and item.www_alias is defined and item.www_alias

- name: generate ssl certificate if required
  shell: certbot-auto certonly -d {{ item.domain }} --standalone --register-unsafely-without-email --agree-tos --non-interactive --server {{ certbot_server }}
  when: item.install_ssl is defined and item.install_ssl and (item.www_alias is undefined or item.www_alias == false)

- name: start nginx if available
  service: name=nginx state=started
  ignore_errors: true