ServerName {{ item.domain }} {% if item.alias is defined %} ServerAlias {{ item.alias }} {% endif %} ServerAdmin {{ item.ownermail }} DocumentRoot /srv/http/{{ item.domain }} ErrorLog /var/log/apache2/{{ item.domain }}/error.log CustomLog /var/log/apache2/{{ item.domain }}/access.log combined {% if item.letsencrypt|default(false) %} Redirect permanent / "https://{{ item.domain }}/" Require all granted {% else %} Options +SymlinksIfOwnerMatch +Indexes +MultiViews {% if item.htpasswd is defined %} AuthType Basic AuthName "{{ item.htpasswd_name }}" AuthUserFile "/srv/http/{{ item.domain }}.htpasswd" Require valid-user {% else %} AllowOverride AuthConfig Require all granted {% endif %} {% endif %} Alias /.well-known/ /srv/letsencrypt/{{ item.domain }}/ Require all granted {% if item.letsencrypt|default(false) %} ServerName {{ item.domain }} {% if item.alias is defined %} ServerAlias {{ item.alias }} {% endif %} ServerAdmin {{ item.ownermail }} DocumentRoot /srv/http/{{ item.domain }} ErrorLog /var/log/apache2/{{ item.domain }}/error.log CustomLog /var/log/apache2/{{ item.domain }}/access.log combined Options +SymlinksIfOwnerMatch +Indexes +MultiViews {% if item.htpasswd is defined %} AuthType Basic AuthName "{{ item.htpasswd_name }}" AuthUserFile "/srv/http/{{ item.domain }}.htpasswd" Require valid-user {% else %} AllowOverride AuthConfig Require all granted {% endif %} SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/{{ item.letsencrypt_cert|default('static_sites') }}/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/{{ item.letsencrypt_cert|default('static_sites') }}/privkey.pem" {% endif %}