{{ ansible_header | comment(decoration='# ') }}

# To generate the certificate, please use the following command
# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Always use the staging/testing server
# server = https://acme-staging.api.letsencrypt.org/directory

# Uncomment and update to register with the specified e-mail address
email = {{ item.mail }}

# Uncomment to use a text interface instead of ncurses
text = True

# Yes I want to sell my soul and my guinea pig.
agree-tos = True

# Use DNS-01 challenge
authenticator = manual
manual-auth-hook = /var/local/services/certbot/authenticator.py
manual-cleanup-hook = /var/local/services/certbot/cleanup.py
preferred-challenges = dns-01,
manual-public-ip-logging-ok = True

# Wildcard the domain
cert-name = {{ item.certname }}
domains = {{ item.domains }}