From 1213c5e6a7cb23b8399b3d5af84a2d109a5a3535 Mon Sep 17 00:00:00 2001
From: Ricky Elrod <codeblock@fedoraproject.org>
Date: Wed, 29 Jun 2016 15:08:26 +0000
Subject: [PATCH] start of a certbot role, but don't use it yet.

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
---
 roles/certbot/README | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/certbot/README b/roles/certbot/README
index 6e44d28e42..724a4a33e6 100644
--- a/roles/certbot/README
+++ b/roles/certbot/README
@@ -19,4 +19,19 @@ To use it:
     /srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
   setenforce 1
 
+3) Add your SSL VirtualHost. An Ansible template with something like this
+   should possibly work:
 
+  <VirtualHost {{public_ip}}:443 _default_:443>
+    ServerName YOURINSTANCE.fedorainfracloud.org
+
+    SSLEngine on
+    SSLCertificateFile    /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/fullchain.pem
+    SSLHonorCipherOrder On
+    SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+    SSLProtocol ALL -SSLv2
+
+    <!-- Your actual config goes here! -->
+  </VirtualHost>