--- a/modules/website/manifests/https/redir.pp	Fri Nov 04 20:55:22 2016 +0000
+++ b/modules/website/manifests/https/redir.pp	Fri Nov 11 17:15:23 2016 +0000
@@ -6,7 +6,7 @@
     $redir,
     $ssl_cert           = undef,
     $ssl_key            = undef,
-    $ssl_ca_chain       = $website::ca_chain,
+    $ssl_ca_chain       = undef,
     $docroot_owner      = undef,
     $docroot_group      = undef,
     $serveraliases      = [],
@@ -35,35 +35,17 @@
   }
 
   if $ssl_cert == undef {
-    $sslcert = "${website::certdir}/${shortdomain}.crt"
-    $sslkey = "${website::certdir}/${shortdomain}.key"
-    File {
-      mode => '0400',
-      owner => 'root',
-      group => 'root',
-    }
-    if ! defined(File[$sslcert]) {
-      file { $sslcert:
-        source => "puppet:///private/pki/custom/${shortdomain}.crt",
-        before => Apache::Vhost[$name],
-        notify => Service['httpd'],
-        ensure => present;
-      }
-    }
-    if ! defined(File[$sslkey]) {
-      file { $sslkey:
-        source => "puppet:///private/pki/custom/${shortdomain}.key",
-        before => Apache::Vhost[$name],
-        notify => Service['httpd'],
-        ensure => present;
-      }
-    }
+    $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
+    $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
   } else {
     $sslcert = $ssl_cert
     $sslkey = $ssl_key
   } 
 
-  if $ssl_ca_chain == '' {
+  if $ssl_ca_chain == undef {
+    $ssl_chain = $website::ca_chain
+  }
+  elsif $ssl_ca_chain == '' {
     # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
     $ssl_chain = undef
   } else {