Add owner settings for the final certificates.

tasks/main.yml

@@ -74,6 +74,41 @@
   failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
   notify: reload services
 
+- name: Issue acme.sh certificate(s)
+  command: >-
+    ./acme.sh --issue -d {{ item.domain }} --dns dns_cf
+    {{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
+    {{ "--staging" if item.staging | default(false) else "" }}
+    {{ "--debug" if item.debug | default(false) else "" }}
+  args:
+    chdir: "{{ acme_sh_git_clone_dest }}"
+  environment:
+    - "CF_Token": "{{ acme_cloudflare_token }}"
+    - "CF_Account_ID": "{{ acme_cloudflare_account_id }}"
+    - "CF_Zone_ID": "{{ acme_cloudflare_zone_id }}"
+  when: not item.remove | default(false)
+  loop: "{{ acme_sh_domains }}"
+  register: issue_result
+  changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)
+  failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
+
+- name: Install acme.sh certificate(s)
+  command: >-
+    ./acme.sh --install-cert -d {{ item.domain }}
+    --key-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.key
+    --fullchain-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.pem
+    {{ "--debug" if item.debug | default(false) else "" }}
+  args:
+    chdir: "{{ acme_sh_git_clone_dest }}"
+  loop: "{{ acme_sh_domains }}"
+  loop_control:
+    index_var: domains_index
+  when: not item.remove | default(false)
+  register: install_cert_result
+  changed_when: issue_result.results[domains_index].changed
+  failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
+  notify: reload services
+
 - name: Remove acme.sh's cloned source code, installation path and log files
   file:
     path: "{{ item }}"