---

- include: 'tls_cert_Debian.yml'
  when: ansible_os_family == 'Debian'

- include: 'tls_cert_OpenBSD.yml'
  when: ansible_os_family == 'OpenBSD'

- name: Check if dhparams exists and its length
  ignore_errors: yes
  dhparams:
    path: /etc/ssl/dhparams.pem
  register: tls_dhparams

- name: Generate dhparams (this will take a while)
  when: tls_dhparams.bits < 2048
  command: /usr/bin/openssl dhparam -out /etc/ssl/dhparams.pem 2048