- name: Copy SSL private key into place
  copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
  register: private_key
  notify: restart apache

- name: Copy SSL public certificate into place
  copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
  register: certificate
  notify: restart apache

- name: Copy CA combined certificate into place
  copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
  register: ca_certificate
  notify: restart apache

- name: Create a combined version of the public cert with intermediate and root CAs
  shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
    /etc/ssl/certs/wildcard_combined.pem
  when: private_key.changed or certificate.changed or ca_certificate.changed

- name: Set permissions on combined public cert
  file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
  notify: restart apache

- name: Enable Apache SSL module
  command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
  notify: restart apache

- name: Enable NameVirtualHost for HTTPS
  lineinfile:
    dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'
    insertafter='^<IfModule mod_ssl.c>'
    line='    NameVirtualHost *:443'
  notify: restart apache

- name: Add common Apache SSL config
  template:
    src=etc_apache2_ssl.conf.j2
    dest=/etc/apache2/ssl.conf
    owner=root
    group=root
  notify: restart apache