@when('certificates.server.cert.available', 'config.set.tls')
def save_crt_key(tls):
    '''Read the server crt/key from the relation object and
    write to /etc/ssl/certs'''

    opts = options('nginx')
    crt = os.path.join(opts.get('ssl-dir'), 'server.crt')
    key = os.path.join(opts.get('ssl-dir'), 'server.key')
    # Remove the crt/key if they pre-exist
    if os.path.exists(crt):
        os.remove(crt)
    if os.path.exists(key):
        os.remove(key)
    # Get and write out crt/key
    server_cert, server_key = tls.get_server_cert()
    with open(crt, 'w') as crt_file:
        crt_file.write(server_cert)
    with open(key, 'w') as key_file:
        key_file.write(server_key)

    hookenv.status_set('active', 'NGINX is ready')
    set_state('nginx.ssl.available')