# managed by Ansible
{% import 'macros.j2' as macros with context %}

authority letsencrypt {
	api url "https://acme-v02.api.letsencrypt.org/directory"
	account key "/etc/acme/letsencrypt-privkey.pem"
}

domain {{ acme_domain_name }} {
	alternative names { www.{{ acme_domain_name }} }
	domain key "/etc/ssl/private/{{ acme_domain_name }}.key"
	domain full chain certificate "/etc/ssl/{{ acme_domain_name }}.crt"
	sign with letsencrypt
}

{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.__services if service.domain is defined %}
domain {{ service.domain }}.{{ acme_domain_name }} {
	{% set domain = service.domain ~ "." ~ acme_domain_name %}
	alternative names { www.{{ domain }} }
	domain key "/etc/ssl/private/{{ domain }}.key"
	domain full chain certificate "/etc/ssl/{{ domain }}.crt"
	sign with letsencrypt
}
{% endfor %}
{%- endcall %}