define certbot::manage(
  $pre_hook = '',
  $aliases  = "www.${name}",
  $ensure   = present,
  $plugin   = 'webroot',
  $email    = lookup('certbot::manage::email'),
  $size     = lookup('certbot::manage::size', undef, undef, '4096'),
){
  # Format aliases and strip wildcard attempts
  $list    = regsubst($aliases, ' ',  ' -d ', 'G')
  $strip   = regsubst($list,    '\*', 'www',  'G')
  $domains = $strip ? {
    ''      => '',
    default => "-d ${strip}",
  }

  file { "${::certbot::basedir}/${name}":
    ensure  => directory,
    owner   => 'root',
    group   => "${::certbot::owner}",
    mode    => '0750',
    require => Package["${::certbot::tool}"],
  }

  if $pre_hook != '' {
    $real_pre_hook = "${pre_hook} && "
  }

  # Make sure nginx is restarted and request a certificate
  exec { "certbot-${name}":
    command => "${real_pre_hook}${certbot::script_base}/${certbot::tool} certonly -n --${plugin} -w ${::certbot::basedir}/${name} -d ${name} ${domains} -m ${email} --rsa-key-size ${size} --agree-tos",
    creates => "/etc/letsencrypt/archive/${name}",
    require => File["${::certbot::basedir}/${name}"],
  }
}