certbot --deploy-hook

webapps/jitsimeet/tasks/main.yml

@@ -153,7 +153,7 @@
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result

webapps/jitsimeet/templates/coturn/turnserver.conf.j2

@@ -3,11 +3,11 @@ use-auth-secret
 keep-address-family
 static-auth-secret={{ jitsi_meet_turn_secret }}
 realm={{ domains | first }}
-cert=/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem
+cert=/etc/coturn/certs/{{ domains | first }}.crt
-pkey=/etc/letsencrypt/live/{{ domains | first }}/privkey.pem
+pkey=/etc/coturn/certs/{{ domains | first }}.key
 no-multicast-peers
 no-cli
-no-loopback-peers
+#no-loopback-peers
 no-tcp-relay
 no-tcp
 listening-port=3478
@@ -17,7 +17,7 @@ no-tlsv1_1
 # https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
 cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 # without it there are errors when running on Ubuntu 20.04
-dh2066
+#dh2066
 # jitsi-meet coturn relay disable config. Do not modify this line
 denied-peer-ip=0.0.0.0-0.255.255.255
 denied-peer-ip=10.0.0.0-10.255.255.255