define certbot::manage(
  $pre_hook = '',
  $ensure   = present,
  $email    = hiera('certbot::manage::email'),
  $size     = hiera('certbot::manage::size', '4096'),
){
  file { "${::certbot::basedir}/${name}":
    ensure  => directory,
    owner   => 'root',
    group   => "${::certbot::owner}",
    mode    => '0750',
    require => Package["${::certbot::tool}"],
  }

  if $pre_hook != '' {
    $real_pre_hook = "${pre_hook} && "
  }

  # Make sure nginx is restarted and request a certificate
  exec { "certbot-${name}":
    command => "${real_pre_hook}/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos",
    creates => "/etc/letsencrypt/archive/${name}",
    require => File["${::certbot::basedir}/${name}"],
  }
}