add letsencrypt certificate
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
index d6d8394..0790f64 100644
--- a/apache/files/_ssl.conf
+++ b/apache/files/_ssl.conf
@@ -1,10 +1,23 @@
-
{%- if site.ssl is defined %}
{%- if site.ssl.enabled %}
SSLEngine on
+ {%- if site.ssl.key_file is defined %}
+ SSLCertificateFile {{ site.ssl.cert_file }}
+ SSLCertificateKeyFile {{ site.ssl.key_file }}
+ {%- if site.ssl.chain_file is defined %}
+ SSLCertificateChainFile {{ site.ssl.chain_file }}
+ {%- endif %}
+ {%- else %}
+ {%- if pillar.letsencrypt.client is defined %}
+ SSLCertificateFile /etc/letsencrypt/live/{{ site.host.name }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ site.host.name }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ site.host.name }}/fullchain.pem
+ {%- else %}
SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt
SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key
SSLCertificateChainFile /etc/ssl/certs/{{ site.host.name }}-ca-chain.crt
+ {%- endif %}
+ {%- endif %}
{%- if site.ssl.get('strict_transport_security', False) %}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
@@ -13,4 +26,4 @@
{%- set ssl_mode = site.ssl.get('mode', 'secure') %}
{%- include "apache/files/_ssl_"+ssl_mode+".conf" %}
{%- endif %}
- {%- endif %}
+ {%- endif %}
\ No newline at end of file