ansible-role-lego/tasks/dhparams.yml

---
- name: Check for a pre-generated dhparams file.
  ansible.builtin.stat:
    path: files/dhparams.pem
  register: dhparams
  delegate_to: localhost
  tags: dhparams
  become: false

- name: Use previously generated dhparams to reduce deployment time by several minutes.
  ansible.builtin.copy:
    src: dhparams.pem
    dest: "{{ nginx_config_dhparam }}"
    force: false
  when: dhparams.stat.exists
  tags: dhparams

# https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_dhparam_module.html
- name: Generate Diffie-Hellman parameters with the default size (4096 bits)
  community.crypto.openssl_dhparam:
    path: "{{ nginx_config_dhparam }}"
  tags: dhparams