define certbot::client::cert (
  Stdlib::Fqdn          $domain,
  Stdlib::Fqdn          $webserver,
  Stdlib::Absolutepath  $destination = "/etc/pki/tls/letsencrypt/${domain}",
) {

  file { $destination:
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }

  $cert_ready_nodes = puppetdb_query("
    facts {
      name = 'certbot_available_certs' and value ~ '${domain}' and certname = '${webserver}'
    }"
  )

  # Define the certificate files
  $cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']

  if !empty($cert_ready_nodes) {
    $files_to_create = $cert_files.reduce({}) |$acc, $file| {
      $acc + {
        "${destination}/${file}" => {
          ensure  => 'file',
          source  => "https://${webserver}/${domain}/${file}",
          owner   => 'root',
          group   => 'root',
          mode    => '0644',
          notify  => Exec["concat_${domain}_certs"],
        }
      }
    }

    create_resources(file, $files_to_create)

    exec { "concat_${domain}_certs":
      command     => "cat ${destination}/fullchain.pem ${destination}/privkey.pem > ${destination}/fullchain_combined.pem",
      path        => ['/bin', '/usr/bin'],
      refreshonly => true,
      require     => [
        File["${destination}/fullchain.pem"],
        File["${destination}/privkey.pem"],
      ],
    }
  } else {
    notify { 'Certificates are not yet ready on the generator server.': }
  }
}