---
- block:
  - debug: var=openssl_version.stdout

  - name: Generate account key
    command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem

  - name: Parse account key (to ease debugging some test failures)
    command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text

  - name: Do not try to create account
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      allow_creation: no
    ignore_errors: yes
    register: account_not_created

  - name: Create it now
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      allow_creation: yes
      terms_agreed: yes
      contact:
      - mailto:example@example.org
    register: account_created

  - name: Change email address
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      # allow_creation: no
      contact:
      - mailto:example@example.com
    register: account_modified

  - name: Change email address (idempotent)
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      # allow_creation: no
      contact:
      - mailto:example@example.com
    register: account_modified_idempotent

  - name: Generate new account key
    command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem

  - name: Parse account key (to ease debugging some test failures)
    command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text

  - name: Change account key
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      new_account_key_src: "{{ output_dir }}/accountkey2.pem"
      state: changed_key
      contact:
      - mailto:example@example.com
    register: account_change_key

  - name: Deactivate account
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey2.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: absent
    register: account_deactivate

  - name: Deactivate account (idempotent)
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey2.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: absent
    register: account_deactivate_idempotent

  - name: Do not try to create account II
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey2.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      allow_creation: no
    ignore_errors: yes
    register: account_not_created_2

  - name: Do not try to create account III
    acme_account:
      account_key_src: "{{ output_dir }}/accountkey.pem"
      acme_version: 2
      acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
      state: present
      allow_creation: no
    ignore_errors: yes
    register: account_not_created_3

  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')