Move certificate generation to after the nginx package is installed

This prevents a problem where the certificate role tries to restart a not yet installed nginx

tasks/main.yml

@@ -5,18 +5,6 @@
     inventory_certs: "{{ certificates.certs|d({}) | dict2items | selectattr ('key', 'regex', '^nginx_') | items2dict }}"
     selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"
 
-- name: generate certificates for vhosts
-  include_role:
-    name: certificates
-  vars:
-    certificates:
-      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"
-
-- name: debug nginx dict
-  debug:
-    verbosity: 1
-    var: nginx
-
 - name: install nginx
   apt:
     pkg:
@@ -31,6 +19,18 @@
   - delete nginx index.nginx-debian.html
   - restart nginx
 
+- name: generate certificates for vhosts
+  include_role:
+    name: certificates
+  vars:
+    certificates:
+      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"
+
+- name: debug nginx dict
+  debug:
+    verbosity: 1
+    var: nginx
+
 - name: copy configs
   copy:
     src: config/