From 12eb1aa48b85aa630a29a960bbfee7395cdae266 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finally.coffee>
Date: Mon, 19 Jun 2023 09:02:40 +0200
Subject: [PATCH] fix(lego): compare pubkey against merged configuration and
 provide a default key type

---
 roles/lego/defaults/main.yml | 2 ++
 roles/lego/tasks/main.yml    | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/lego/defaults/main.yml b/roles/lego/defaults/main.yml
index 3f2976e..591338b 100644
--- a/roles/lego/defaults/main.yml
+++ b/roles/lego/defaults/main.yml
@@ -72,6 +72,7 @@ lego_acme_account_defaults:
         - "mailto:{{ lego_certificate.email }}"
 
 lego_certificate_renewal_days: 30
+lego_configuration_default_key_type: "ec256"
 
 lego_configuration_defaults:
   command_parameters:
@@ -80,6 +81,7 @@ lego_configuration_defaults:
       accept-tos: true
       email: "{{ lego_certificate.email }}"
       path: "{{ lego_base_path }}"
+      key-type: "{{ lego_configuration_default_key_type }}"
     run: {}
     renew:
       days: "{{ lego_certificate_renewal_days }}"
diff --git a/roles/lego/tasks/main.yml b/roles/lego/tasks/main.yml
index 8cbd96e..c6f20c8 100644
--- a/roles/lego/tasks/main.yml
+++ b/roles/lego/tasks/main.yml
@@ -162,8 +162,8 @@
       vars:
         lego_certificate_wanted_keytype: >-2
           {{
-            "ECC" if "ec" in lego_configuration.command_parameters.global["key-type"]
-            else "RSA" if "rsa" in lego_configuration.command_parameters.global["key-type"]
+            "ECC" if "ec" in lego_configuration_merged.command_parameters.global["key-type"]
+            else "RSA" if "rsa" in lego_configuration_merged.command_parameters.global["key-type"]
           }}
       when: "lego_certificate_stat.stat.exists"
       changed_when: "lego_certificate_pubkey_type_differs"