{% if certificate and certificate_id > 0 -%}
{% if certificate.provider == "letsencrypt" %}
  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
{% else %}
  # Custom SSL
  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
{% endif %}
{% endif %}
{% if access_list_id > 0 -%}
{% if access_list.clientcas.size > 0 %}
  # Client Certificate Authorization ({{access_list.clientcas.size}} CAs)
  ssl_client_certificate /data/clientca/{{ access_list_id }};
  ssl_verify_client optional;
{% endif %}
{% endif %}