websites/pyrocufflink.net: Use lego certificate

This commit updates the configuration for *pyrocufflink.net* to use the wildcard certificate managed by *lego* instead of an unique certificate managed by *certbot*.
2020-03-15 17:20:37 -05:00 · 2020-03-15 17:20:37 -05:00 · 0694594445
parent f4510972f4
commit 0694594445
8 changed files with 13 additions and 12 deletions
--- a/.certs
+++ b/.certs
@ -1 +1 @@
-Subproject commit e335178e3fe9df1a82ac3de735d703b6a08939d0
+Subproject commit 7685cddf5200f168e26df2cf2b2863bc3e9dadb5
--- a/certs/websites/pyrocufflink.net.cer
+++ b/certs/websites/pyrocufflink.net.cer
@ -0,0 +1 @@
 ../lego/_.pyrocufflink.net.crt
--- a/certs/websites/pyrocufflink.net.key
+++ b/certs/websites/pyrocufflink.net.key
@ -0,0 +1 @@
 ../lego/_.pyrocufflink.net.key
--- a/group_vars/public-web.yml
+++ b/group_vars/public-web.yml
@ -6,8 +6,4 @@ nratonpass_publisher_keys: '{{ dchwww_publisher_keys }}'
 dcow_publisher_keys: '{{ dchwww_publisher_keys }}'
 chmod777_publisher_keys: '{{ dchwww_publisher_keys }}'
 apache_server_name: pyrocufflink.net
 apache_ssl_certificate:
  /var/lib/letsencrypt/live/pyrocufflink.net/fullchain.pem
 apache_ssl_certificate_key:
  /var/lib/letsencrypt/live/pyrocufflink.net/privkey.pem
 userdir_proxy_backend: http://files.pyrocufflink.blue
--- a/1
+++ b/1
@ -17,7 +17,6 @@ burp1.pyrocufflink.blue
 [certbot]
 bw0.pyrocufflink.blue
 web0.pyrocufflink.blue
 [dch-proxy]
 rprx0.pyrocufflink.blue
--- a/roles/websites/pyrocufflink.net/meta/main.yml
+++ b/roles/websites/pyrocufflink.net/meta/main.yml
@ -1,4 +0,0 @@
 dependencies:
 - role: certbot
  certbot_domains:
  - pyrocufflink.net
--- a/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
+++ b/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
@ -3,8 +3,8 @@
 <VirtualHost _default_:443>
    ServerName pyrocufflink.net
    Include conf.d/ssl.include
-    SSLCertificateFile {{ apache_ssl_certificate }}
+    SSLCertificateFile /etc/pki/tls/certs/pyrocufflink.net.cer
-    SSLCertificateKeyFile {{ apache_ssl_certificate_key }}
+    SSLCertificateKeyFile /etc/pki/tls/private/pyrocufflink.net.key
    ProxyRequests Off
    RewriteEngine On
--- a/websites.yml
+++ b/websites.yml
@ -3,6 +3,14 @@
    apache_default_ssl_vhost: false
  roles:
  - apache
  - role: cert
    vars:
      cert_src: websites/pyrocufflink.net.cer
      cert_dest: /etc/pki/tls/certs/pyrocufflink.net.cer
      cert_key_src: websites/pyrocufflink.net.key
      cert_key_dest: /etc/pki/tls/private/pyrocufflink.net.key
    tags:
    - websites/pyrocufflink.net
  - role: websites/pyrocufflink.net
    tags: websites/pyrocufflink.net
  - role: websites/dustin.hatch.name
		`@ -1 +1 @@`
			`Subproject commit e335178e3fe9df1a82ac3de735d703b6a08939d0`				`Subproject commit 7685cddf5200f168e26df2cf2b2863bc3e9dadb5`