From 285ddfc7130709c6741572079b54619bf1808b5b Mon Sep 17 00:00:00 2001
From: Robert O'Connor <rob@oconnor.ninja>
Date: Tue, 22 Jun 2021 18:25:31 -0400
Subject: [PATCH] Allow for easily setting the default CA: default to
 Letsencrypt.org

---
 README.md         | 4 ++++
 defaults/main.yml | 2 ++
 tasks/main.yml    | 1 +
 3 files changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 6a90e54..cd2c1fe 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,10 @@ acme_sh_copy_certs_to_path: "/etc/ssl/ansible"
 # You can disable this by setting it to False.
 acme_sh_list_domains: True
 
+# Set the default CA to use, acme.sh defaults to ZeroSSL.
+# For all the options, see https://github.com/acmesh-official/acme.sh/wiki/Server
+acme_sh_default_ca: "letsencrypt"
+
 # When set to False, it will use the live Let's Encrypt servers, so please make
 # sure everything works with staging True or you may find yourself rate limited.
 #
diff --git a/defaults/main.yml b/defaults/main.yml
index 7b31db6..a597d21 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,6 +20,8 @@ acme_sh_copy_certs_to_path: "/etc/ssl/ansible"
 
 acme_sh_list_domains: True
 
+acme_sh_default_ca: "letsencrypt"
+
 acme_sh_default_staging: True
 
 acme_sh_default_force_issue: False
diff --git a/tasks/main.yml b/tasks/main.yml
index e262adb..baaf786 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -137,6 +137,7 @@
 - name: Issue acme.sh certificate(s) (this will sleep for dns_sleep seconds)
   command: >-
     ./acme.sh --issue -d {{ item.domains | join(" -d ") }}
+    --set-default-ca  --server  {{ acme_sh_default_ca }}
     --dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
     --dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
     {{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}