Add certbot apache conf

roles/certbot/files/acme.conf

@@ -0,0 +1,10 @@
+Alias /.well-known/acme-challenge /var/www/acme/.well-known/acme-challenge
+<Location /.well-known/acme-challenge>
+    Require all granted
+    <IfModule mod_rewrite.c>
+        RewriteEngine off
+    </IfModule>
+</Location>
+<IfModule mod_proxy.c>
+    ProxyPass /.well-known/acme-challenge !
+</IfModule>

roles/certbot/tasks/main.yml

@@ -6,8 +6,22 @@
     state: present
     update_cache: yes
 
-- name: Create acme dir
+- name: Create acme directory
   become: true
   file:
     path: /var/www/acme
     state: directory
+    mode: 0755
+
+- name: Copy acme apache conf
+  become: true
+  copy:
+    src: acme.conf
+    dest: /etc/apache2/conf-available/acme.conf
+
+- name: Activate acme apache conf
+  become: true
+  command: a2enconf acme
+  register: result
+  changed_when: "'already enabled' not in result.stdout"
+  notify: Reload apache2 service