- name: select key type for acme
  set_fact:
    kt: "{{ ca_key_types | selectattr('name', 'equalto', ca_acme_account_key_type | d('ecc384')) | list | first }}"


- name: generate acme account keys
  community.crypto.openssl_privatekey:
    path: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
    size: "{{ kt.size | d(omit) }}"
    curve: "{{ kt.curve | d(omit) }}"
    type: "{{ kt.type }}"
    backup: yes
    cipher: auto
    force: no
    format: pkcs8
    format_mismatch: convert
    passphrase: "{{ ca_acme_account_key_password }}"
    regenerate: never
    mode: 0600
  loop:
    - main
    - staging


- name: create acme accounts
  community.crypto.acme_account:
    account_key_src: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
    account_key_passphrase: "{{ ca_acme_account_key_password }}"
    acme_directory: "{%- if item == 'main' -%}{{ ca_acme_endpoint | d('https://acme-v02.api.letsencrypt.org/directory') }}\
                     {%- else -%}{{ ca_acme_staging_endpoint | d('https://acme-staging-v02.api.letsencrypt.org/directory') }}\
                     {%- endif -%}"
    acme_version: "{{ ca_acme_version | d(2) }}"
    contact:
      - "mailto:{{ maintainer_email | d('admin@' ~ tld) }}"
    state: present
    terms_agreed: yes
  loop:
    - main
    - staging