An Ansible Role which allows for maintaining SSL certificates via certbot or other clients on a single administrative machine, and pushing them to the servers.
If a list of certificates is specified for a host, and/or multiple groups, normal ansible behaviour is to overwrite the certificates according to the precedence given in the documentation on variables, as well as on inventory. However, a host may have certificates which need to be pushed coming from multiple sources, and it make more sense to have the role handle this (example: A specific admin server, using SSL for its web server, may also have a SSL certificate associated with the LDAP server, which is handled by a group).