Add persistent private key feature

[martonivan]

I - and may others - need a feature to reuse the existing private keys, for example for use-cases where the private keys are also centrally managed and distributed. I made this feature configurable by keeping the original behavior as default.

[martonivan]

You are totally right, I've played around with openssl_privatekey a bit and realized what could have misled me.

Previously I've configured a batch of servers using a small set of different domains and pre-distributed private keys and experienced that the private keys are overwritten. Other tasks later distributed the signed certificates inside the infrastructure, but it's an other question, just mentioning here to explain why the regenerated private keys caused issue for me.

You are right, force is not set to true when openssl_privatekey module is called in your module, however this is not the single case when the privatekey is regenerated. It is when any major parameter is different than the passed/defined by your module.

Since in my case not all the private keys were identical, e.g the key size is different, each of them not matching the default or explicitly configured value has been regenerated.

It would be really nice not to follow the key details in ansible too, but would be able to preliminary define that the private keys should be kept intact. I hope these above make sense. :)