Use specified cron-run day, hour, minute if provided

Adds three config variables LETS_ENCRYPT_CRON_TASK_HOUR,
LETS_ENCRYPT_CRON_TASK_DAY and LETS_ENCRYPT_CRON_TASK_MINUTE which
can be used to specify the time to run the renewal cron job. If
any of these is set the cron be be created using all variables,
with any missing values as '*'.

playbooks/roles/lets_encrypt/defaults/main.yml

@@ -16,6 +16,10 @@ LETS_ENCRYPT_DOMAINS: []
 LETS_ENCRYPT_EMAIL: !!null
 LETS_ENCRYPT_PORT: 80
 
+LETS_ENCRYPT_CRON_TASK_DAY: !!null
+LETS_ENCRYPT_CRON_TASK_HOUR: !!null
+LETS_ENCRYPT_CRON_TASK_MINUTE: !!null
+
 #
 # OS packages
 #

playbooks/roles/lets_encrypt/tasks/main.yml

@@ -115,6 +115,8 @@
     - install
     - install:cron
 
+# Setup renewal cron, either using either the specified time
+# or a random 12 hour interval if no time is given
 - name: create cronjob to check certificate renewal 2x daily
   cron: 
         name      : "Renew Let's Encrypt certificates via certbot"
@@ -127,3 +129,21 @@
   tags:
     - install
     - install:cron
+  when: not (LETS_ENCRYPT_CRON_TASK_HOUR or LETS_ENCRYPT_CRON_TASK_DAY or LETS_ENCRYPT_CRON_TASK_MINUTE)
+
+- name: create cronjob to check certificate at specified time
+  cron:
+        name      : "Renew Let's Encrypt certificates via certbot"
+        day       : "{{ LETS_ENCRYPT_CRON_TASK_HOUR or '*' }}"
+        hour      : "{{ LETS_ENCRYPT_CRON_TASK_DAY or '*'}}"
+        minute    : "{{ LETS_ENCRYPT_CRON_TASK_MINUTE or '*' }}"
+        cron_file : "lets-encrypt-renew"
+        user      : "root"
+        job       : /opt/letsencrypt/run_certbot.sh
+        state     : present
+  tags:
+    - install
+    - install:cron
+  when: LETS_ENCRYPT_CRON_TASK_HOUR or LETS_ENCRYPT_CRON_TASK_DAY or LETS_ENCRYPT_CRON_TASK_MINUTE
+
+