Catching up Webserver config

roles/WebServer/files/conf/letsencrypt.conf

@@ -1,5 +1,4 @@
-location ~ ^/.well-known/acme-challenge
-{
+location /.well-known/acme-challenge {
   allow all;
   root /var/lib/letsencrypt/;
   default_type "text/plain";

roles/WebServer/files/conf/sec.conf

@@ -1,22 +0,0 @@
-ssl_dhparam          /etc/ssl/certs/dhparam.pem;
-ssl_certificate      /etc/letsencrypt/live/aninix.net-0001/fullchain.pem;
-ssl_certificate_key  /etc/letsencrypt/live/aninix.net-0001/privkey.pem;
-
-ssl_session_cache    shared:SSL:1m;
-ssl_session_timeout  5m;
-
-ssl_protocols        TLSv1.2 TLSv1.3;
-ssl_ciphers          "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-ssl_prefer_server_ciphers  on;
-
-add_header           "Strict-Transport-Security" "max-age=63072000; includeSubDomains; preload";
-add_header           "X-Content-Type-Options" "nosniff";
-add_header           "Public-Key-Pins" "pin-sha256=\"JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=\"; max-age=315360000; includeSubDomains";
-add_header           "X-XSS-Protection" "1; mode=block";
-add_header           "X-Frame-Options" "SAMEORIGIN";
-
-# Cross-Origin Resource Sharing
-# add_header 'Access-Control-Allow-Origin' '*' always;
-# add_header 'Access-Control-Allow_Credentials' 'true' always;
-# add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
-# add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;