From 43ee0392b44e86f7213fd248aac7504564bc1b7f Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 30 Jan 2022 20:08:40 +0100
Subject: [PATCH] copr/certbot: fixup cert restoration

- no need to create another live/ sub-directory
- don't run the reload script when restored from backups
---
 roles/copr/certbot/tasks/letsencrypt.yml | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/roles/copr/certbot/tasks/letsencrypt.yml b/roles/copr/certbot/tasks/letsencrypt.yml
index 983ae0238c..b12e0b398a 100644
--- a/roles/copr/certbot/tasks/letsencrypt.yml
+++ b/roles/copr/certbot/tasks/letsencrypt.yml
@@ -65,25 +65,10 @@
     - letsencrypt.backup_to is defined
     - item.content is defined
 
-- name: create the host live directory
-  file:
-    state: directory
-    path: "{{ le_source_path }}/{{ item.item.0.item.key }}/live"
-    owner: root
-    group: root
-    # this is readable by anyone, per certbot defaults
-    mode: 0755
-  loop: "{{ backed_up_certificates.results }}"
-  tags:
-    - certbot
-  when:
-    - letsencrypt.backup_to is defined
-    - item.content is defined
-
 - name: restore the backed up certificates
   copy:
     content: "{{ item.content | b64decode }}"
-    dest: "{{ le_source_path }}/{{ item.item.0.item.key }}/live/{{ item.item.1 }}"
+    dest: "{{ le_source_path }}/{{ item.item.0.item.key }}/{{ item.item.1 }}"
     owner: root
     group: root
     mode: 0644
@@ -134,8 +119,10 @@
       /usr/libexec/auto-certbot-deploy \
             --init {{ item.item.key }}
   when:
-  - letsencrypt.predefined_deploy_script is defined
-  - not item.stat.exists
+    - letsencrypt.predefined_deploy_script is defined
+    - not item.stat.exists
+    - not some_cert_restored.changed
+  with_items: "{{ le_stat_checks.results }}"
   with_items: "{{ le_stat_checks.results }}"
   tags:
     - certbot