diff --git a/roles/setup-http-site-proxy/defaults/main.yml b/roles/setup-http-site-proxy/defaults/main.yml
new file mode 100644
index 0000000..e6171ff
--- /dev/null
+++ b/roles/setup-http-site-proxy/defaults/main.yml
@@ -0,0 +1,6 @@
+# Defaults for setup-http-dehydrated
+---
+# These match https://github.com/24367dfa/ansible-role-dehydrated
+dehydrated_config_dir: "/usr/local/etc/dehydrated"
+dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
+dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"
diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
index b9f58a7..55dc711 100644
--- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@@ -9,7 +9,7 @@
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
- Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+ Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
RewriteEngine On
@@ -18,9 +18,9 @@
-
-
-
+
+
+
{% if 'address' in ansible_default_ipv6 %}
{% else %}
@@ -35,9 +35,9 @@
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
- SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
- SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
- SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
+ SSLCertificateFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem
+ SSLCertificateKeyFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem
+ SSLCertificateChainFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem
AllowEncodedSlashes NoDecode
ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon