Speculation only (sorry!)... As the set is hardcoded;
... it looks like it will break when letsencrypt rolls over. I'm wondering if you can stay current via the symlink ...
I suspect apache2 will need to reload when the ssl target moves but maybe that's going to happen anyway when the cert changes (regardless of whether the site's apache2 .conf is updated).
Going wilder via the apache2 manual...
So, adding an
IncludeOptional directive to the
ssl.template.erb template might allow symbiosis to keep the main my-brilliant-site.conf up to date while the bespokery is external.