---
---

ssl on;
ssl_certificate {{ site.cert-path }}/wildcard-untrusted-root.pem;
ssl_certificate_key /etc/keys/leaf-main.key;