From c95a4b737901ad70a9d26f1bb17a7f3f932269a4 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 23 Jun 2018 13:44:34 -0500
Subject: [PATCH] roles/certbot: Support using existing account data

The *certbot* role now supports copying the data for an existing Let's
Encrypt account to the managed node using an archive. If an archive
named for the inventory hostname (typically the FQDN) of the managed
node is found in the `accounts` directory under the `files` directory of
the *certbot* role, it will be copied to the managed node and extracted
at `/var/lib/letsencrypt/accounts`. This takes the place of running
`certbot register` to sign up for a new account.
---
 roles/certbot/tasks/main.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 2e440ea..58f391e 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -30,6 +30,13 @@
     owner=certbot
     group=certbot
     state=directory
+- name: ensure certbot accounts directory exists
+  file:
+    path=/var/lib/letsencrypt/accounts
+    mode=0700
+    owner=certbot
+    group=certbot
+    state=directory
 - name: ensure certbot log directory exists
   file:
     path=/var/log/letsencrypt
@@ -52,7 +59,14 @@
     mode=0644
   notify: reload httpd
 
-- name: ensure certbot account is registered
+- name: ensure letsencrypt account data are installed
+  become: true
+  become_user: certbot
+  unarchive:
+    src={{ item }}
+    dest=/var/lib/letsencrypt/accounts/
+  with_fileglob: accounts/{{ inventory_hostname }}.tar.xz
+- name: ensure letsencrypt account is registered
   become: true
   become_user: certbot
   command: