if (size($tlsaports) > 0 and $ssl_ensure == "present") {
$portlist = join($tlsaports, "-")
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
zone => 'debian.org',
- certfile => [ "/srv/puppet.debian.org/from-letsencrypt/${name}.crt" ],
+ certfile => [ "${certdir}/${name}.crt" ],
port => $tlsaport,
hostname => "$name",
}