define profiles::pki::letsencrypt (
  Stdlib::Fqdn          $webserver,
  Stdlib::Fqdn          $domain,
  Stdlib::Absolutepath  $destination = "/etc/pki/tls/letsencrypt/${domain}",
) {

  file { $destination:
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }

  $cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']

  $cert_files.each |String $file| {
    file { "${destination}/${file}":
      ensure  => file,
      source  => "https://${webserver}/${domain}/${file}",
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      require => File[$destination],
    }
  }
}