From 22be8d5133a33d122e8d59c8184877a1edeedae2 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Tue, 3 Jun 2025 15:04:03 +0100
Subject: [PATCH] Add option to disable requesting FQDN cert if not defined

---
 defaults/main.yaml       | 1 +
 tasks/request_certs.yaml | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index dbc697d..fc1b2d1 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -1,6 +1,7 @@
 ---
 certbot_certs: []
 certbot_certs_email: root@{{ ansible_inventory }}
+certbot_request_fqdn_cert: true
 
 certbot_plugin_arguments:
   digitalocean: --dns-digitalocean --dns-digitalocean-credentials /root/do_secrets.ini
diff --git a/tasks/request_certs.yaml b/tasks/request_certs.yaml
index 26fb290..4accab2 100644
--- a/tasks/request_certs.yaml
+++ b/tasks/request_certs.yaml
@@ -2,7 +2,9 @@
 - name: Certbot - Add host FQDN if not already listed in certs
   ansible.builtin.set_fact:
     certbot_certs: "{{ certbot_certs + [{'hostname': ansible_fqdn}] }}"
-  when: certbot_certs | selectattr('hostname', 'equalto', ansible_fqdn) | list | length == 0
+  when:
+    - certbot_request_fqdn_cert
+    - certbot_certs | selectattr('hostname', 'equalto', ansible_fqdn) | list | length == 0
 
 - name: Certbot - Request Certificate
   ansible.builtin.include_tasks: cert.yaml