libravatar: do not use server_alias directive for the main virthost...

...and move redirection virthost below the main virthost

inventory/group_vars/libravatar

@@ -1,6 +1,5 @@
 resolvconf: "resolv.conf/cloud"
 git_branch: master
 server_name: www.libravatar.org
-server_alias: "*.libravatar.org"
 server_seccdn_name: seccdn.libravatar.org
-server_redirect_name: "libravatar.org libravatar.com www.libravatar.com apt.libravatar.org grindavik.libravatar.org"
+server_redirect_name: "libravatar.org libravatar.com www.libravatar.com apt.libravatar.org grindavik.libravatar.org cdn.libravatar.org"

inventory/group_vars/libravatar-stg

@@ -1,6 +1,5 @@
 resolvconf: "resolv.conf/cloud"
 git_branch: devel
 server_name: libravatar-stg.fedorainfracloud.org
-server_alias: libravatar-stg.fedorainfracloud.org
 server_seccdn_name: libravatar-stg.fedorainfracloud.org
 server_redirect_name: libravatar-stg.fedorainfracloud.org

roles/libravatar/templates/httpd/libravatar.conf

@@ -12,7 +12,7 @@ RewriteEngine on
 
 <VirtualHost *:80>
     ServerName  {{ server_name }}
-    ServerAlias {{ server_redirect_name }} {{ server_alias }}
+    ServerAlias {{ server_redirect_name }}
     RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
     RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
 </VirtualHost>
@@ -30,20 +30,8 @@ RewriteEngine on
     Include /etc/httpd/conf.d/libravatar-app.include
 </VirtualHost>
 
-<VirtualHost *:443>
-    ServerAlias {{ server_redirect_name }}
-
-    SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
-    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
-    Header always add Strict-Transport-Security "max-age=31536000; preload"
-
-    RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
-</VirtualHost>
-
 <VirtualHost *:443>
     ServerName {{ server_name }}
-    ServerAlias {{ server_alias }}
 
     SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
     SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
@@ -55,6 +43,17 @@ RewriteEngine on
     Include /etc/httpd/conf.d/libravatar-app.include
 </VirtualHost>
 
+<VirtualHost *:443>
+    ServerAlias {{ server_redirect_name }}
+
+    SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
+    Header always add Strict-Transport-Security "max-age=31536000; preload"
+
+    RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
+</VirtualHost>
+
 <IfModule mod_status.c>
     ExtendedStatus On
     <Location /server-status>