external certificate / symlinks / apache fails

Hi, i am making my first steps with debops and try to setup a nextcloud. I provided an external certificate in ansible/secret/pki/realms/by-host/cloud.<dom.main>/ I can see those files end up on the tar in /etc/pki/realms/domain on the target. No when the apache role runs it fails because there is no /etc/pkg/realms/domain/default.crt I would have expected a default.crt/default.key to be symlinks to the files in external. root@cloud:/etc/pki/realms/domain# ls -la total 32 drwxr-xr-x 8 root root 4096 Mar 9 12:46 . drwxr-xr-x 3 root root 4096 Mar 9 11:31 .. drwxr-x--- 2 root pki-acme 4096 Mar 9 11:31 acme lrwxrwxrwx 1 root root 18 Mar 9 11:31 CA.crt -> public/trusted.pem drwxr-xr-x 2 root root 4096 Mar 9 11:31 config lrwxrwxrwx 1 root root 15 Mar 9 11:31 default.key -> private/key.pem drwxr-xr-x 2 root root 4096 Mar 9 11:31 external drwxr-xr-x 2 root root 4096 Mar 9 11:31 internal drwxr-x--- 2 root ssl-cert 4096 Mar 9 11:31 private drwxr-xr-x 2 root root 4096 Mar 9 11:31 public lrwxrwxrwx 1 root root 18 Mar 9 11:31 trusted.crt -> public/trusted.pem I am a bit puzzled on what little config detail i missed. I have no inventory variables mentioning the external certificate. From what i understand from the documentation its enough to drop it into the hosts directory. OTOH the hostname matches the debops.owncloud owncloud__fqdn. Flo -- Florian Lohoff f(a)zz.de Any sufficiently advanced technology is indistinguishable from magic.