Correction for DNSDist(DoH DoT) service

roles/ssl-cert/tasks/main.yml

@@ -20,6 +20,13 @@
   shell: openssl req -x509 -nodes -subj '/CN={{ domain }}' -days 3650 -newkey rsa:4096 -sha256 -keyout /etc/ssl/"{{ domain }}".key -out /etc/ssl/"{{ domain }}".crt
   when: installCertbot == False
 
-- name: Create self-signed certificate, if configured.
-  shell: "certbot -certonly -d {{ domain }} {{ alt_domains }} --{{ mode }} -m {{ email }} --agree-tos"
+- name: Open port 80 for letsencrypt challenge
+  ufw:
+    rule: allow
+    port: 80
+    proto: tcp
+  when: installCertbot == True
+
+- name: Create self-signed certificate, if configured.
+  shell: "certbot certonly --{{ mode }} -d {{ domain }} {{ alt_domains }} -m {{ email }} --agree-tos"
   when: installCertbot == True