@@ -, +, @@ 
    Bug #49844: add HSTS to letsencrypt virtual hosts
--- a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf	
+++ a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf	
@@ -27,6 +27,11 @@ except AttributeError as e:
 	domains = []
 
 if configRegistry.is_true('letsencrypt/services/apache2'):
+	try:
+		with open('/etc/univention/templates/files/etc/apache2/sites-available/ssl.d/10hsts') as fd:
+			hsts = run_filter(fd.read(), configRegistry)
+	except IOERror:
+		hsts = ''
 	for domain in domains:
 		if domain == fqdn:
 			continue
@@ -51,12 +56,14 @@ if configRegistry.is_true('letsencrypt/services/apache2'):
 	SSLCertificateKeyFile {key}
 
 	{docker_apps_reverse_proxy}
+	{hsts}
 
 </VirtualHost>""".format(
 			domain=domain,
 			cert=cert_path,
 			key=key_path,
-			docker_apps_reverse_proxy = docker_apps_reverse_proxy
+			docker_apps_reverse_proxy=docker_apps_reverse_proxy,
+			hsts=hsts,
 		))
 @!@
 </IfModule>
--- a/univention-letsencrypt/debian/control	
+++ a/univention-letsencrypt/debian/control	
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>> 7),
 
 Package: univention-letsencrypt
 Architecture: all
-Depends: python, univention-config
+Depends: python, univention-config, univention-apache
 Recommends: apache2
 Description: univention-letsencrypt - automatically request SSL certificates
  This package contains acme_tiny.py for semi-automatic request of SSL