Download the letsencrypt CA files.

defaults/main.yml

@@ -78,6 +78,7 @@ no_proxy_targets:
 trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors'
 # it shoudn't be needed
 trusted_ca_letsencrypt_install: False
+trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certificates/
 trusted_ca_letsencrypt_ca_files:
   - { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' }
   - { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' }

tasks/trusted_ca.yml

@@ -15,9 +15,14 @@
 
 - name: Manage the Letsencrypt CA files on EL
   block:
-  - name: Copy the letsencrypt CA files on EL
+  - name: Download the letsencrypt CA files on EL
-    copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444'
+    get_url:
-    with_items: '{{ trusted_ca_letsencrypt_ca_files }}'
+      url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
+      dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}'
+      owner: root
+      group: root
+      mode: 0444
+    loop: '{{ trusted_ca_letsencrypt_ca_files }}'
     register: letsencrypt_ca_files_installation
 
   - name: Rebuild the trust CA files on EL
@@ -59,9 +64,14 @@
 
 - name: Manage the Letsencrypt CA files on deb
   block:
-  - name: Copy the letsencrypt CA files on deb
+  - name: Download the letsencrypt CA files on deb
-    copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/ssl/certs/{{ item.ca }} owner=root group=root mode='0444'
+    get_url:
-    with_items: '{{ trusted_ca_letsencrypt_ca_files }}'
+      url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
+      dest: '/etc/ssl/certs/{{ item.ca }}'
+      owner: root
+      group: root
+      mode: 0444
+    loop: '{{ trusted_ca_letsencrypt_ca_files }}'
     register: letsencrypt_ca_files_installation
 
   - name: Trust the CA files on deb