FreedomBox/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf

<Macro FreedomBoxTLSSiteMacro $domain>

    # mod_ssl default options. See /etc/apache2/sites-available/default-ssl.conf
    <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost
            ServerName $domain
            DocumentRoot /var/www/html

            SSLEngine on

            # Disable TLS1.1 and below. Client support: Firefox: 27, Android:
            # 4.4.2, Chrome: 31, Edge: 12, IE: 11 (Win7), Java: 8u31, OpenSSL:
            # 1.0.1, Opera: 20, Safari: 9. See:
            # https://wiki.mozilla.org/Security/Server_Side_TLS
            SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

            # Automatically obtained certificates from Let's Encrypt
            <IfFile /etc/letsencrypt/live/$domain/privkey.pem>
                SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem
            </IfFile>
            <IfFile !/etc/letsencrypt/live/$domain/privkey.pem>
                SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
            </IfFile>

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
            </Directory>

            <IfFile /etc/apache2/includes/all-domains-include-freedombox.conf>
                Include includes/all-domains-include-freedombox.conf
            </IfFile>
            <IfFile /etc/apache2/includes/all-domains-include.conf>
                Include includes/all-domains-include.conf
            </IfFile>
            <IfFile /etc/apache2/includes/$domain-include-freedombox.conf>
                Include includes/$domain-include-freedombox.conf
            </IfFile>
            <IfFile /etc/apache2/includes/$domain-include.conf>
                Include includes/$domain-include.conf
            </IfFile>
        </VirtualHost>
    </IfModule>
</Macro>