From af11469b148cfef4202966ca18fcd450cbeabdb9 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 30 Jan 2022 21:00:43 +0100
Subject: [PATCH] copr/certbot: better restoration

Certbot expects that the files in live/ directory are symlinks.
---
 roles/copr/certbot/tasks/letsencrypt.yml | 47 +++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/roles/copr/certbot/tasks/letsencrypt.yml b/roles/copr/certbot/tasks/letsencrypt.yml
index b12e0b398a..993f846764 100644
--- a/roles/copr/certbot/tasks/letsencrypt.yml
+++ b/roles/copr/certbot/tasks/letsencrypt.yml
@@ -65,10 +65,40 @@
     - letsencrypt.backup_to is defined
     - item.content is defined
 
+- name: create the archive directory
+  file:
+    state: directory
+    path: "{{ le_source_path }}/../archive"
+    owner: root
+    group: root
+    # this is readable by anyone, per certbot defaults
+    mode: 0755
+  loop: "{{ backed_up_certificates.results }}"
+  tags:
+    - certbot
+  when:
+    - letsencrypt.backup_to is defined
+    - item.content is defined
+
+- name: create the archive host directorY
+  file:
+    state: directory
+    path: "{{ le_source_path }}/../archive/{{ item.item.0.item.key }}"
+    owner: root
+    group: root
+    # this is readable by anyone, per certbot defaults
+    mode: 0755
+  loop: "{{ backed_up_certificates.results }}"
+  tags:
+    - certbot
+  when:
+    - letsencrypt.backup_to is defined
+    - item.content is defined
+
 - name: restore the backed up certificates
   copy:
     content: "{{ item.content | b64decode }}"
-    dest: "{{ le_source_path }}/{{ item.item.0.item.key }}/{{ item.item.1 }}"
+    dest: "{{ le_source_path }}/../archive/{{ item.item.0.item.key }}/restored{{ item.item.1 }}"
     owner: root
     group: root
     mode: 0644
@@ -80,6 +110,21 @@
     - item.content is defined
   register: some_cert_restored
 
+- name: restore the cert symlinks
+  file:
+    state: symlink
+    src: "../archive/restored{{ item.item.1 }}"
+    dest: "{{ le_source_path }}/{{ item.item.0.item.key }}/{{ item.item.1 }}"
+    owner: root
+    group: root
+  loop: "{{ backed_up_certificates.results }}"
+  tags:
+    - certbot
+  when:
+    - letsencrypt.backup_to is defined
+    - item.content is defined
+  register: some_cert_restored
+
 - name: initialize certbot configuration
   shell: |
       certbot certonly --standalone \