From 0bfb4a99cd606144244a3f07913997ecab4971bc Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Fri, 12 Jan 2024 20:58:04 -0500
Subject: [PATCH] fix renewal

---
 roles/private/tasks/main.yml | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/roles/private/tasks/main.yml b/roles/private/tasks/main.yml
index dabebeb..ee11e28 100644
--- a/roles/private/tasks/main.yml
+++ b/roles/private/tasks/main.yml
@@ -84,11 +84,8 @@
 - name: reload nginx to activate sites
   service: name=nginx state=restarted
 
-- name: add daily letsencrypt cronjob for cert renewal based on hash of domain name to prevent hitting LE rate limits
+- name: add daily renewal
   cron:
-    name: "letsencrypt_renewal_{{ item.stdout }}"
-    minute: "0"
-    hour: "5,17"
-    job: "REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/{{ step_bootstrap_ca_url }}.crt letsencrypt renew --server https://{{ step_bootstrap_ca_url }}:{{ step_ca_port }}/acme/ACME/directory --cert-name {{ item.stdout }} -n --webroot -w /var/www/letsencrypt --agree-tos --email {{ step_acme_cert_contact }} && service nginx reload"
-  loop: "{{ extracted_domains.results }}"
-  when: item.stdout != ""
+    name: "letsencrypt_renewal"
+    special_time: "daily"
+    job: "REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/{{ step_bootstrap_ca_url }}.crt letsencrypt renew --force-renewal"