include: - nginx kyriasis.com: acme.cert: - email: johannes@kyriasis.com - webroot: /srv/http/ - keysize: 4096 - renew: 30 - watch_in: - service: nginx_service - require_in: - service: nginx_service /etc/synapse/ssl/fullchain.pem: file.managed: - source: /etc/letsencrypt/live/kyriasis.com/fullchain.pem - user: synapse - group: synapse - mode: 600 /etc/synapse/ssl/privkey.pem: file.managed: - source: /etc/letsencrypt/live/kyriasis.com/privkey.pem - user: synapse - group: synapse - mode: 600 # vim: set ft=yaml et: