diff --git a/defaults/main.yml b/defaults/main.yml
index e40e378..baf6991 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
-# defaults file for ensure_apache
\ No newline at end of file
+# defaults file for ensure_apache
+lets_encrypt_admin: 'root@example.com'
+lets_encrypt_url: 'https://acme-v02.api.letsencrypt.org/directory'
diff --git a/templates/Fedora/34/etc/httpd/conf.d/vhost.conf b/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
index ca9211c..31481f1 100644
--- a/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
+++ b/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
@@ -1,16 +1,9 @@
 MDBaseServer on
-MDCertificateProtocol ACME
-MDCAChallenges http-01
-MDDriveMode auto
-MDPrivateKeys RSA 4096
-MDRenewWindow 33%
-MDStoreDir md
-# MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
-# We want staging for now...
-MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
-# MDCertificateAgreementhttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
-# https://httpd.apache.org/docs/trunk/mod/mod_md.html says the below works...
 MDCertificateAgreement accepted
+MDCertificateAuthority {{ lets_encrypt_url }}
+MDContactEmail {{ lets_encrypt_admin }}
+MDPrivateKeys secp384r1 secp256r1 RSA 4096
+MDRequireHttps temporary
 
 <Directory "/srv/http">
     AllowOverride None
@@ -24,54 +17,17 @@ MDCertificateAgreement accepted
     Require all granted
 </Directory>
 
-{% endfor %}
-{% for item in http_vhost %}
-{% if item.aliases is defined %}
-{% for item_alias in item.aliases %}
-<VirtualHost *:80>
-  ServerName {{ item_alias }}
-  ServerAdmin webmaster@firedragonenterprises.com
-  DocumentRoot /srv/http/{{ item.fqdn }}
-  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
-</VirtualHost>
-
-{% endfor %}
-{% endif %}
 <VirtualHost *:80>
   ServerName {{ item.fqdn }}
-  ServerAdmin webmaster@firedragonenterprises.com
-  DocumentRoot /srv/http/{{ item.fqdn }}
-  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
-</VirtualHost>
-
 {% if item.aliases is defined %}
 {% for item_alias in item.aliases %}
-<VirtualHost *:443>
-  SSLEngine on
-  SSLProtocol all -TLSv1.1
-  SSLProxyProtocol all -TLSv1.1
-  SSLHonorCipherOrder on
-  SSLCipherSuite PROFILE=SYSTEM
-  SSLProxyCipherSuite PROFILE=SYSTEM
-  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-  ServerName {{ item_alias }}
-  ServerAdmin webmaster@firedragonenterprises.com
-  DocumentRoot /srv/http/{{ item.fqdn }}
-  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
-  <Location /.ansible>
-    Require all denied
-  </Location>
-  <Location /.config>
-    Require all denied
-  </Location>
-  <Location /.ssh>
-    Require all denied
-  </Location>
-</VirtualHost>
-
+  ServerAlias {{ item_alias }}
 {% endfor %}
 {% endif %}
+  ServerAdmin webmaster@{{ item.fqdn }}
+  DocumentRoot /srv/http/{{ item.fqdn }}
+</VirtualHost>
+
 MDomain {{ item.fqdn }}
 
 <VirtualHost *:443>
@@ -81,14 +37,13 @@ MDomain {{ item.fqdn }}
   SSLHonorCipherOrder on
   SSLCipherSuite PROFILE=SYSTEM
   SSLProxyCipherSuite PROFILE=SYSTEM
-  # original
-  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-  # mod_md should change hte default value to this
-  # SSLCertificateFile /etc/httpd/md/domains/{{ item.fqdn }}/pubcert.pem
-  # SSLCertificateKeyFile /etc/httpd/md/domains/{{ item.fqdn }}/privkey.pem
   ServerName {{ item.fqdn }}
-  ServerAdmin webmaster@firedragonenterprises.com
+{% if item.aliases is defined %}
+{% for item_alias in item.aliases %}
+  ServerAlias {{ item_alias }}
+{% endfor %}
+{% endif %}
+  ServerAdmin webmaster@{{ item.fqdn }}
   DocumentRoot /srv/http/{{ item.fqdn }}
   Alias /error/ "/var/www/error/"
 {% if item.proxy is defined %}