When in need for an SSL/TLS certificate to secure the communication to your website, you can get such a certificate for free from Let's Encrypt. If you are like me you want to automate such a process with an orchestration tool, like Ansible.
Lots of Ansible roles allow you to obtain a Let's Encrypt certificate, but not while your web server is online as the HTTPS port is required. Using the webhook plugin of the Let's Encrypt client allows you to keep your web server running while getting a (renewed) certificate.
This post addresses some other related issues as well, resulting in a complete set of Ansible tasks to manage your Let's Encrypt certificate autonomously.