From 863dffdb663ed522cd1e9e974732e1c0ead5d404 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sat, 9 Sep 2017 22:25:08 +0000
Subject: [PATCH] Allow setting up a vhost for certgetter

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/httpd/website/defaults/main.yml      | 1 +
 roles/httpd/website/templates/website.conf | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/roles/httpd/website/defaults/main.yml b/roles/httpd/website/defaults/main.yml
index 99aa8b0794..8ad299dd7a 100644
--- a/roles/httpd/website/defaults/main.yml
+++ b/roles/httpd/website/defaults/main.yml
@@ -4,6 +4,7 @@
 
 server_aliases: []
 server_admin: webmaster@fedoraproject.org
+certbot: false
 ssl: true
 sslonly: false
 SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index 654745225e..8eed648739 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -10,6 +10,10 @@
   SetOutputFilter DEFLATE
 {% endif %}
 
+{% if certbot %}
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% endif %}
+
 {% if sslonly %}
   RewriteEngine On
   RewriteCond %{HTTPS} off