diff --git a/tasks/apache.yml b/tasks/apache.yml
index 5f2319ec2df6924e948ff594259e8072a5aeacd8..147224e570b6411b1fcee7570c1cdab7e69b044c 100644
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@@ -48,6 +48,7 @@
     - 'global-redirect'
     - 'global-deny'
     - 'letsencrypt-redirect'
+    - 'redirect-ssl'
     - 'other-vhosts-access-log'
   notify:
     - "Apache | Restart Apache"
diff --git a/templates/etc-apache2-conf-available-letsencrypt-redirect b/templates/etc-apache2-conf-available-letsencrypt-redirect
index b6c48718cd559feb9f429915b483c1b61a17e9bd..7ec45f132777fd54040a1efdd70ca35169da100e 100644
--- a/templates/etc-apache2-conf-available-letsencrypt-redirect
+++ b/templates/etc-apache2-conf-available-letsencrypt-redirect
@@ -1,6 +1,3 @@
-RewriteEngine on
-RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/*
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
 ProxyPass /.well-known/acme-challenge !
 Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
 <Directory "/var/www/html/.well-known/acme-challenge">
diff --git a/templates/etc-apache2-conf-available-redirect-ssl b/templates/etc-apache2-conf-available-redirect-ssl
new file mode 100644
index 0000000000000000000000000000000000000000..bab03b91b41698bdd04c141b617e76ea5216307f
--- /dev/null
+++ b/templates/etc-apache2-conf-available-redirect-ssl
@@ -0,0 +1,3 @@
+RewriteEngine on
+RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/*
+RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]