diff --git a/roles/setup-http-dehydrated/handlers/main.yml b/roles/setup-http-dehydrated/handlers/main.yml
deleted file mode 100644
index 670471f..0000000
--- a/roles/setup-http-dehydrated/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: restart apache2
-  service:
-    name: apache2
-    state: restarted
diff --git a/roles/setup-http-dehydrated/meta/main.yml b/roles/setup-http-dehydrated/meta/main.yml
deleted file mode 100644
index 5eff279..0000000
--- a/roles/setup-http-dehydrated/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
-- role: ansible-role-dehydrated
diff --git a/roles/setup-http-dehydrated/tasks/main.yml b/roles/setup-http-dehydrated/tasks/main.yml
deleted file mode 100644
index a6f1650..0000000
--- a/roles/setup-http-dehydrated/tasks/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: Add or update Apache2 site
-  template:
-    src: templates/apache-dehydrated.j2
-    dest: /etc/apache2/sites-available/{{ site_name }}.conf
-  notify: restart apache2
-
-- name: Activate Apache2 site
-  command: a2ensite {{ site_name }}
-  args:
-    creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
-  notify: restart apache2
diff --git a/roles/setup-http-dehydrated/templates/apache-dehydrated.j2 b/roles/setup-http-dehydrated/templates/apache-dehydrated.j2
deleted file mode 100644
index 60076b4..0000000
--- a/roles/setup-http-dehydrated/templates/apache-dehydrated.j2
+++ /dev/null
@@ -1,38 +0,0 @@
-{% if 'address' in ansible_default_ipv6 %}
-<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
-{% else %}
-<VirtualHost {{ ansible_default_ipv4.address }}:80>
-{% endif %}
-    ServerAdmin {{ server_admin }}
-    ServerName {{ site_name }}
-    ServerAlias {{ site_name }}
-    ErrorLog /var/log/apache2/{{ site_name }}-error.log
-    CustomLog /var/log/apache2/{{ site_name }}-access.log common
-
-    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
-</VirtualHost>
-
-<IfFile {{dehydrated_certs_dir}}/{{ site_name }}>
-{% if 'address' in ansible_default_ipv6 %}
-<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
-{% else %}
-<VirtualHost {{ ansible_default_ipv4.address }}:443>
-{% endif %}
-    ServerAdmin {{ server_admin }}
-    ServerName {{ site_name }}
-    ServerAlias {{ site_name }}
-
-    ErrorLog /var/log/apache2/{{ site_name }}-error.log
-    CustomLog /var/log/apache2/{{ site_name }}-access.log common
-
-    SSLEngine on
-    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-    SSLCertificateFile    {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem
-    SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem
-    SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem
-
-    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
-
-    Redirect 404 /
-</VirtualHost>
-</IfFile>
diff --git a/roles/setup-http-site-proxy/defaults/main.yml b/roles/setup-http-site-proxy/defaults/main.yml
new file mode 100644
index 0000000..e6171ff
--- /dev/null
+++ b/roles/setup-http-site-proxy/defaults/main.yml
@@ -0,0 +1,6 @@
+# Defaults for setup-http-dehydrated
+---
+# These match https://github.com/24367dfa/ansible-role-dehydrated
+dehydrated_config_dir: "/usr/local/etc/dehydrated"
+dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
+dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"
diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
index b9f58a7..022b0e2 100644
--- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@@ -9,7 +9,7 @@
     ErrorLog /var/log/apache2/{{ site_name }}-error.log
     CustomLog /var/log/apache2/{{ site_name }}-access.log common
 
-    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
 
     <ifmodule mod_rewrite.c>
         RewriteEngine On
@@ -18,9 +18,9 @@
     </ifmodule>
 </VirtualHost>
 
-<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem>
-<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem>
-<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem>
+<IfFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem>
+<IfFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem>
+<IfFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem>
 {% if 'address' in ansible_default_ipv6 %}
 <VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
 {% else %}
@@ -35,10 +35,11 @@
 
     SSLEngine on
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
-    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
-    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
+    SSLCertificateFile    {{dehydrated_certs_dir}/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem
 
+<% if proxy_port %>
     AllowEncodedSlashes NoDecode
     ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon
     RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
@@ -51,6 +52,9 @@
         RewriteCond %{HTTP:Connection} upgrade [NC]
         RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
     </ifmodule>
+<% else %>
+    Redirect 404 /
+< %endif %>
 </VirtualHost>
 </IfFile>
 </IfFile>