diff --git a/certs/websites/hatchlearningcenter.org.cer b/certs/websites/hatchlearningcenter.org.cer
new file mode 120000
index 0000000..b9a21b5
--- /dev/null
+++ b/certs/websites/hatchlearningcenter.org.cer
@@ -0,0 +1 @@
+../lego/hatchlearningcenter.org.crt
\ No newline at end of file
diff --git a/certs/websites/hatchlearningcenter.org.key b/certs/websites/hatchlearningcenter.org.key
new file mode 120000
index 0000000..1637775
--- /dev/null
+++ b/certs/websites/hatchlearningcenter.org.key
@@ -0,0 +1 @@
+../lego/hatchlearningcenter.org.key
\ No newline at end of file
diff --git a/group_vars/public-web/main.yml b/group_vars/public-web/main.yml
index 0a13af9..39734e4 100644
--- a/group_vars/public-web/main.yml
+++ b/group_vars/public-web/main.yml
@@ -10,3 +10,4 @@ userdir_proxy_backend: http://files.pyrocufflink.blue
 tabitha_publisher_keys:
 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbeVaQ5eGTaQU9P0sqo9R2IISoe50qS/Hv/vvFdt3ce tabitha@Tabithas-MacBook-Pro.local
 dustinandtabitha_publisher_keys: '{{ tabitha_publisher_keys + dchwww_publisher_keys }}'
+hlc_publisher_keys: '{{ tabitha_publisher_keys }}'
diff --git a/roles/websites/hatchlearningcenter.org/files/hatchlearningcenter.org.httpd.conf b/roles/websites/hatchlearningcenter.org/files/hatchlearningcenter.org.httpd.conf
new file mode 100644
index 0000000..dc86bc1
--- /dev/null
+++ b/roles/websites/hatchlearningcenter.org/files/hatchlearningcenter.org.httpd.conf
@@ -0,0 +1,64 @@
+# vim: set ft=apache sw=4 ts=4 sts=4 et :
+<VirtualHost *:80>
+    ServerName hatchlearningcenter.org
+    ServerAlias \
+        www.hatchlearningcenter.org \
+        hatchlearningcenter.com \
+        www.hatchlearningcenter.com \
+        hlcks.org \
+        www.hlcks.org \
+        hlcks.com \
+        www.hlcks.com \
+        hlckc.org \
+        www.hlckc.org \
+        hlckc.com \
+        www.hlckc.com
+
+    RewriteEngine on
+    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    ServerName hatchlearningcenter.org
+    ServerAlias \
+        hatchlearningcenter.com \
+        www.hatchlearningcenter.com \
+        hlcks.org \
+        www.hlcks.org \
+        hlcks.com \
+        www.hlcks.com \
+        hlckc.org \
+        www.hlckc.org \
+        hlckc.com \
+        www.hlckc.com
+
+    Include conf.d/ssl.include
+
+    SSLCertificateFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
+    SSLCertificateKeyFile /etc/pki/tls/private/hatchlearningcenter.org.key
+    SSLCertificateChainFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
+
+    Header always set \
+        Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+    RewriteEngine On
+    RewriteRule /.* https://www.hatchlearningcenter.org$0 [R=301,L]
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    ServerName www.hatchlearningcenter.org
+
+    Include conf.d/ssl.include
+
+    SSLCertificateFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
+    SSLCertificateKeyFile /etc/pki/tls/private/hatchlearningcenter.org.key
+    SSLCertificateChainFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
+
+    Header always set \
+        Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+    DocumentRoot /srv/www/hatchlearningcenter.org/htdocs
+    <Directory /srv/www/hatchlearningcenter.org/htdocs>
+        Require all granted
+    </Directory>
+</VirtualHost>
diff --git a/roles/websites/hatchlearningcenter.org/meta/main.yml b/roles/websites/hatchlearningcenter.org/meta/main.yml
new file mode 100644
index 0000000..4d6317c
--- /dev/null
+++ b/roles/websites/hatchlearningcenter.org/meta/main.yml
@@ -0,0 +1,7 @@
+dependencies:
+- role: cert
+  vars:
+    cert_src: websites/hatchlearningcenter.org.cer
+    cert_dest: /etc/pki/tls/certs/hatchlearningcenter.org.cer
+    cert_key_src: websites/hatchlearningcenter.org.key
+    cert_key_dest: /etc/pki/tls/private/hatchlearningcenter.org.key
diff --git a/roles/websites/hatchlearningcenter.org/tasks/main.yml b/roles/websites/hatchlearningcenter.org/tasks/main.yml
new file mode 100644
index 0000000..77c73c9
--- /dev/null
+++ b/roles/websites/hatchlearningcenter.org/tasks/main.yml
@@ -0,0 +1,51 @@
+- name: ensure app group exists
+  group:
+    name: webapp.hlc
+    state: present
+  tags:
+  - group
+  - user
+
+- name: ensure app user exists
+  user:
+    name: webapp.hlc
+    group: webapp.hlc
+    home: /srv/www/hatchlearningcenter.org
+    createhome: true
+    state: present
+  tags:
+  - user
+
+- name: ensure app home directory permissions are set
+  file:
+    path: /srv/www/hatchlearningcenter.org
+    mode: u=rwx,go=rx
+    state: directory
+  tags:
+  - datadir
+
+- name: ensure publisher keys are trusted
+  authorized_key:
+    key: "{{ hlc_publisher_keys|join('\n') }}"
+    user: webapp.hlc
+    exclusive: true
+  tags:
+  - sshkey
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/hatchlearningcenter.org/.ssh/authorized_keys
+    mode: u=rw,go=
+    owner: webapp.hlc
+    group: webapp.hlc
+    setype: ssh_home_t
+  tags:
+  - sshkey
+
+- name: ensure apache is configured to serve hatchlearningcenter.org
+  copy:
+    src: hatchlearningcenter.org.httpd.conf
+    dest: /etc/httpd/conf.d/hatchlearningcenter.org.conf
+    mode: u=rw,go=r
+  notify: reload httpd
+  tags:
+  - apache-config
diff --git a/websites.yml b/websites.yml
index 51c7140..32e39f6 100755
--- a/websites.yml
+++ b/websites.yml
@@ -59,6 +59,9 @@
   - role: websites/dustinandtabitha.com
     tags:
     - websites/dustinandtabitha
+  - role: websites/hatchlearningcenter.org
+    tags:
+    - websites/hatchlearningcenter.org
   tasks:
   - name: ensure httpd service is running
     service: