websites/hlc: Switch to mod_md for cert management

To avoid having separate certificates for the canonical
_www.hatchlearningcenter.org_ site and all the redirects, we'll combine
these virtual hosts into one.  We can use a `RewriteCond` to avoid the
redirect for the canonical name itself.

roles/websites/hatchlearningcenter.org/files/hatchlearningcenter.org.httpd.conf

@@ -1,4 +1,6 @@
 # vim: set ft=apache sw=4 ts=4 sts=4 et :
+MDomain hatchlearningcenter.org
+
 <VirtualHost *:80>
     ServerName hatchlearningcenter.org
     ServerAlias \
@@ -21,6 +23,7 @@
 <VirtualHost _default_:443>
     ServerName hatchlearningcenter.org
     ServerAlias \
+        www.hatchlearningcenter.org \
         hatchlearningcenter.com \
         www.hatchlearningcenter.com \
         hlcks.org \
@@ -34,31 +37,12 @@
 
     Include conf.d/ssl.include
 
-    SSLCertificateFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
-    SSLCertificateKeyFile /etc/pki/tls/private/hatchlearningcenter.org.key
-    SSLCertificateChainFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
-
     Header always set \
         Strict-Transport-Security "max-age=63072000; includeSubDomains"
 
     RewriteEngine On
+    RewriteCond %{SERVER_NAME} !^www\.hatchlearningcenter\.org$
     RewriteRule /.* https://www.hatchlearningcenter.org$0 [R=301,L]
-</VirtualHost>
-
-<VirtualHost _default_:443>
-    ServerName www.hatchlearningcenter.org
-
-    Include conf.d/ssl.include
-
-    SSLCertificateFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
-    SSLCertificateKeyFile /etc/pki/tls/private/hatchlearningcenter.org.key
-    SSLCertificateChainFile /etc/pki/tls/certs/hatchlearningcenter.org.cer
-
-    Header always set \
-        Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
-    SSLProxyEngine On
-    RewriteEngine On
 
     DocumentRoot /srv/www/hatchlearningcenter.org/htdocs
     <Directory /srv/www/hatchlearningcenter.org/htdocs>