class certbot(
  $basedir   = '/var/spool/certbot',
  $owner     = 'www-data',
  $pre_hook  = '',
  $post_hook = '',
) {

  $tool = $::lsbdistcodename ? {
    'xenial' => 'letsencrypt',
    default  => 'certbot',
  }

  if $pre_hook != '' {
    $real_pre_hook = "--pre-hook ${pre_hook}"
  }

  if $post_hook != '' {
    $real_post_hook = "--post-hook \"${post_hook}\""
  }

  # Certbot support
  file { $basedir:
    ensure  => directory,
    owner   => 'root',
    group   => $owner,
    mode    => '0750',
  }

  package { $tool:
    ensure  => present,
    require => File[$basedir],
  }

  cron { 'certbot-renew':
    command => "/usr/bin/${tool} renew --standalone ${real_pre_hook} ${real_post_hook}",
    user    => 'root',
    weekday => 1,
    hour    => "05",
    minute  => "30",
    ensure  => present,
    require => Package[$tool],
  }
}