{% if https %}
<VirtualHost *:80>
ServerName {{ domain }}
{% for alias in domain_aliases %}
ServerAlias {{ alias }}
{% endfor %}
RewriteEngine On
{% if letsencrypt %}
RewriteCond %{REQUEST_URI} !^/.well-known/
{% endif %}
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=permanent,L]
</VirtualHost>
{% endif %}
This will redirect (with permanent, 301 status) all requests except any to /.well-known/
which is used by LetEncrypt webroot authentication.