From 2dc6ba3b4cd4039f83d0019fe1cfedc9880f04e5 Mon Sep 17 00:00:00 2001
From: Baptiste-Ferrand <baptiste.ferrand@ynov.com>
Date: Tue, 24 Feb 2026 12:40:21 +0100
Subject: [PATCH] fix certbot renew

---
 ansible/roles/certbot/tasks/main.yml        | 8 ++++++++
 ansible/roles/nginx/templates/nginx.conf.j2 | 8 +++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/certbot/tasks/main.yml b/ansible/roles/certbot/tasks/main.yml
index 727bdf3..9543860 100644
--- a/ansible/roles/certbot/tasks/main.yml
+++ b/ansible/roles/certbot/tasks/main.yml
@@ -1,4 +1,12 @@
 ---
+  - name: Créer le dossier pour les challenges Let's Encrypt
+    file:
+      path: /var/www/html/.well-known/acme-challenge
+      state: directory
+      owner: www-data
+      group: www-data
+      mode: '0755'
+      
   - name: Installer Certbot et plugin Nginx
     apt:
       name:
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
index f58d426..afa7ec9 100644
--- a/ansible/roles/nginx/templates/nginx.conf.j2
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -8,7 +8,13 @@ server {
   listen 80;
   server_name {{ domain_front }} {{ domain_api }} {{ domain_minio }} {{ domain_grafana }};
 
-  return 301 https://$host$request_uri;
+  location /.well-known/acme-challenge/ {
+    root /var/www/html;
+  }
+
+  location / {
+    return 301 https://$host$request_uri;
+  }
 }
 
 #— FRONTEND HTTPS