The nginx role should now setup the acmetool to a state we can simply issue a want

roles/service-nginx/tasks/acmetool.yml

@@ -10,16 +10,12 @@
 - name: ensure acmetool is installed
   apt: name=acmetool install_recommends=no
 
-- name: Ensure acmetool config is up to date
+- name: Ensure acmetool response file is up to date
+  rehister: responsefile
   template: 
     src: acme_config.j2
-    dest: /var/lib/acme/conf/target
-
-- name: Ensure acmetool cronjob is installed
-  cron:
-    name: "Renew Let's Encrypt certificates"
-    job: /usr/bin/acmetool --batch reconcile
-    hour: 3
-    minute: 30
-    day: 1
+    dest: /var/lib/acme/responses.yml
 
+- name: Setup acmetool
+  when: responsefile|changed
+  shell: /usr/bin/acmetool quickstart --batch --response-file=/var/lib/acme/responses.yml

roles/service-nginx/templates/acme_config.j2

@@ -1,5 +1,11 @@
-request:
-  provider: https://acme-v01.api.letsencrypt.org/directory
-  key:
-    type: rsa
-    rsa-size: 4096
+"acme-enter-email": "hostmaster@ffdo.de"
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf": true
+"acmetool-quickstart-choose-server": https://acme-staging.api.letsencrypt.org/directory
+"acmetool-quickstart-choose-method": redirector
+"acmetool-quickstart-complete": true
+"acmetool-quickstart-install-cronjob": true
+"acmetool-quickstart-install-haproxy-script": false
+"acmetool-quickstart-install-redirector-systemd": true
+"acmetool-quickstart-key-type": ecdsa
+"acmetool-quickstart-rsa-key-size": 4096
+"acmetool-quickstart-ecdsa-curve": nistp256