# The port 80 host is required for renewing Let's Encrypt certificates.
<VirtualHost *:80>
    ServerName {{ domain_name }}
    ServerAlias *.{{ domain_name }}
    ServerAdmin {{ webmaster_email }}
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
    DocumentRoot /var/www/maint/www
</VirtualHost>

{% if ssl_enabled %}
# The 443 host is where the project is actually served.
<VirtualHost *:443>
    ServerName {{ domain_name }}
    ServerAdmin {{ webmaster_email }}
    DocumentRoot /var/www/{{ domain_tld }}/www

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
    SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem

</VirtualHost>
{% endif %}