From 2914bdb73cb0584f48e663d7d616013329b0ba0e Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 19 Sep 2019 19:16:27 -0500
Subject: [PATCH] roles/certbot: Ensure certbot is configured first

The `Alias` configuration for Certbot needs to be configured before any
other locations, to ensure the `/.well-known` path is always served from
the local filesystem.  If another drop-in configuration file (e.g.
`bitwarden.conf`) is ordered before it, it may override this
configuration and prevent Let's Encrypt from working.
---
 roles/certbot/tasks/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 3896643..9677540 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -55,9 +55,14 @@
 - name: ensure apache is configured for certbot
   copy:
     src=certbot.httpd.conf
-    dest=/etc/httpd/conf.d/certbot.conf
+    dest=/etc/httpd/conf.d/01_certbot.conf
     mode=0644
   notify: reload httpd
+- name: ensure old certbot apache config file is removed
+  file:
+    path=/etc/httpd/conf.d/certbot.conf
+    state=absent
+  notify: reload httpd
 - meta: flush_handlers
 
 - name: ensure letsencrypt account data are installed