role should be usable via include_role, vars should be possible via loop

roles/acme/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 ### global
+acme_domain: []
 acme_conf_dir: "{{ lookup('env', 'HOME') }}/letsencrypt"
 acme_cert_dir: "{{ acme_conf_dir }}/certs"
 acme_prerequisites_packagemanager: yum

roles/acme/tasks/main.yml

@@ -12,21 +12,26 @@
 - name: Run key generation
   ansible.builtin.include_tasks:
     file: create-keys.yml
+  when: acme_domain | length > 0
 
 - name: Create csr
   ansible.builtin.include_tasks:
     file: create-csr.yml
+  when: acme_domain | length > 0
 
 - name: Create challenge
   ansible.builtin.include_tasks:
     file: create-challenge.yml
+  when: acme_domain | length > 0
 
 - name: Do challenge with provider {{ acme_challenge_provider }}
   ansible.builtin.include_tasks:
     file: "{{ acme_provider_path }}"
+  when: acme_domain | length > 0
 
 - name: Convert certificate
   ansible.builtin.include_tasks:
     file: convert_certificate.yml
   when:
     - acme_convert_cert_to is defined
+    - acme_domain | length > 0

roles/acme/tasks/preconditions.yml

@@ -27,3 +27,10 @@
     - challenge/dns-01/{{ acme_challenge_provider }}.yml
     - challenge/http-01/{{ acme_challenge_provider }}.yml
     - challenge-unknown.yml
+
+- name: Check if a acme_domain is set
+  ansible.builtin.assert:
+    that:
+      - acme_domain is defined
+      - acme_domain != []
+    fail_msg: You need to set acme_domain. See documentation for a list of possibilities.

tests/integration/targets/acme_letsencrypt/dns-challenge-include-role.yml

@@ -0,0 +1,38 @@
+---
+- name: Test if include_role is working
+  hosts: localhost
+  tasks:
+    - name: Create and upload Lets Encrypt certificates
+      ansible.builtin.include_role:
+        name: telekom_mms.acme.acme
+        public: true
+      vars:
+        acme_domain:
+          certificate_name: dns-pebble.example.com
+          zone: example.com
+          email_address: ssl-admin@example.com
+          subject_alt_name:
+            - example.com
+        acme_challenge_provider: pebble
+        acme_use_live_directory: false
+        acme_account_email: ssl-admin@example.com
+        acme_staging_directory: https://localhost:14000/dir
+        acme_validate_certs: false
+  post_tasks:
+    - name: Validate certs
+      vars:
+        acme_domain:
+          certificate_name: dns-pebble.example.com
+      community.crypto.x509_certificate_info:
+        path: "{{ acme_cert_path }}"
+      register: result
+
+    - name: Print the certificate
+      ansible.builtin.debug:
+        msg: "{{ result }}"
+
+    - name: Check if the certificate is correct
+      ansible.builtin.assert:
+        that:
+          - "'DNS:example.com' in result.subject_alt_name"
+          - "'Pebble Intermediate CA' in result.issuer.commonName"

tests/integration/targets/acme_letsencrypt/dns-challenge-missing-acme-domain.yml

@@ -0,0 +1,11 @@
+---
+- name: Test role if acme_domain is not set
+  hosts: localhost
+  roles:
+    - telekom_mms.acme.acme
+  vars:
+    acme_challenge_provider: pebble
+    acme_use_live_directory: false
+    acme_account_email: ssl-admin@example.com
+    acme_staging_directory: https://localhost:14000/dir
+    acme_validate_certs: false

tests/integration/targets/acme_letsencrypt/runme.sh

@@ -4,3 +4,5 @@ set -eux
 
 ansible-playbook dns-challenge-pebble.yml
 ansible-playbook http-challenge-local.yml
+ansible-playbook dns-challenge-include-role.yml
+ansible-playbook dns-challenge-missing-acme-domain.yml