Fixes to the renew-cert tasks file.

- Always run the fact gathring and file stat tasks. Needed for other
tasks and doesn't hurt anything.
- Handle cases when the key files aren't there.

tasks/renew-cert.yaml

@@ -9,17 +9,21 @@
   ansible.builtin.setup:
     gather_subset:
       - date_time
+  tags:
+    - always
 
 - name: Get account key file stat
   ansible.builtin.stat:
     path: &account_key_src account.key
   register: account_key_stat
+  tags:
+    - always
 
 - name: Generate account key
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{ (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{ account_key_stat.stat.exists and (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
     # yamllint enable rule:line-length
     mode: 0o0600
     path: *account_key_src
@@ -57,7 +61,7 @@
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{ (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{  host_key_stat.stat.exists and (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
     # yamllint enable rule:line-length
     mode: &mode 0o0600
     path: *key_src
@@ -175,7 +179,7 @@
       community.crypto.openssl_dhparam:
         # yamllint disable rule:line-length
         force: |-
-          {{ (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
+          {{ dhparams_stat.stat.exists and (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
         # yamllint enable rule:line-length
         mode: 0o0644
         path: *dhparams