diff --git a/ec2.yml b/ec2.yml
index bb54376..a844a9b 100755
--- a/ec2.yml
+++ b/ec2.yml
@@ -38,3 +38,8 @@
         gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers"
         gitweb_url: "www.assburgers.club"
         gitweb_webroot: "/var/www/assburgers"
+    - role: redirect
+      vars:
+        redirect_from: "assburgers.club"
+        redirect_to: "www.assburgers.club"
+        redirect_webroot: "/var/www/redirect"
diff --git a/roles/redirect/meta/main.yml b/roles/redirect/meta/main.yml
new file mode 100644
index 0000000..f24d2df
--- /dev/null
+++ b/roles/redirect/meta/main.yml
@@ -0,0 +1,4 @@
+---
+allow_duplicates: yes
+dependencies:
+  - role: apache-php
diff --git a/roles/redirect/tasks/main.yml b/roles/redirect/tasks/main.yml
new file mode 100644
index 0000000..ac314f0
--- /dev/null
+++ b/roles/redirect/tasks/main.yml
@@ -0,0 +1,45 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Set up redirect
+  block:
+    - name: Set up Apache
+      block:
+        # Why does a redirect need a webroot?
+        # Answer: SSL certification
+        - name: Create webroot
+          file:
+            path: "{{ redirect_webroot }}"
+            mode: "0755"
+            recurse: yes
+            state: directory
+        - name: Clone repo
+          git:
+            repo: "{{ redirect_repo }}"
+            dest: "{{ redirect_webroot }}"
+            force: yes
+    - name: Register certificates
+      block:
+        - name: Configure temporary virtual host configs
+          template:
+            src: apache2-vhost.conf
+            dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf"
+        - name: Generate certificate
+          include_role:
+            name: https
+          vars:
+            website_url: "{{ redirect_url }}"
+            website_webroot: "{{ redirect_webroot }}"
+    - name: Configure Apache
+      block:
+        # If we copied over http-only configs before, they get oblooterated now
+        - name: Copy over redirect config
+          template:
+            src: apache2-redirect.conf
+            dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf"
+        - name: Reload Apache
+          service:
+            name: apache2
+            state: reloaded
+            enabled: true
+  become: yes
diff --git a/roles/redirect/templates/apache2-redirect.conf b/roles/redirect/templates/apache2-redirect.conf
new file mode 100644
index 0000000..79564ce
--- /dev/null
+++ b/roles/redirect/templates/apache2-redirect.conf
@@ -0,0 +1,20 @@
+# Configuration for {{ redirect_url }}
+# Redirect to {{ redirect_to }}
+# vim:ft=apache:
+
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ redirect_from }}
+	Redirect permanent / https://{{ redirect_to }}
+</VirtualHost>
+<VirtualHost *:443>
+	SSLEngine on
+	SSLCertificateFile /etc/pki/cert/crt/{{ redirect_url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_url}}-fullchain.crt
+	ServerName {{ redirect_url }}
+	Redirect permanent / https://{{ redirect_to }}
+</VirtualHost>
diff --git a/roles/redirect/templates/apache2-vhost.conf b/roles/redirect/templates/apache2-vhost.conf
new file mode 100644
index 0000000..26662f4
--- /dev/null
+++ b/roles/redirect/templates/apache2-vhost.conf
@@ -0,0 +1,12 @@
+# vim:ft=apache:
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ redirect_from }}
+	DocumentRoot {{ redirect_webroot }}
+	<Directory "{{ redirect_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+</VirtualHost>