websites/pyrocufflink.net: Use lego certificate

This commit updates the configuration for *pyrocufflink.net* to use the wildcard certificate managed by *lego* instead of an unique certificate managed by *certbot*.
2020-03-15 17:20:37 -05:00 · 2020-03-15 17:20:37 -05:00 · 0694594445
parent f4510972f4
commit 0694594445
8 changed files with 13 additions and 12 deletions
--- a/.certs
+++ b/.certs
@ -1 +1 @@
-Subproject commit e335178e3fe9df1a82ac3de735d703b6a08939d0
+Subproject commit 7685cddf5200f168e26df2cf2b2863bc3e9dadb5
--- a/certs/websites/pyrocufflink.net.cer
+++ b/certs/websites/pyrocufflink.net.cer
@ -0,0 +1 @@
+../lego/_.pyrocufflink.net.crt
--- a/certs/websites/pyrocufflink.net.key
+++ b/certs/websites/pyrocufflink.net.key
@ -0,0 +1 @@
+../lego/_.pyrocufflink.net.key
--- a/group_vars/public-web.yml
+++ b/group_vars/public-web.yml
@ -6,8 +6,4 @@ nratonpass_publisher_keys: '{{ dchwww_publisher_keys }}'
 dcow_publisher_keys: '{{ dchwww_publisher_keys }}'
 chmod777_publisher_keys: '{{ dchwww_publisher_keys }}'
 apache_server_name: pyrocufflink.net
-apache_ssl_certificate:
-  /var/lib/letsencrypt/live/pyrocufflink.net/fullchain.pem
-apache_ssl_certificate_key:
-  /var/lib/letsencrypt/live/pyrocufflink.net/privkey.pem
 userdir_proxy_backend: http://files.pyrocufflink.blue
--- a/1
+++ b/1
@ -17,7 +17,6 @@ burp1.pyrocufflink.blue

 [certbot]
 bw0.pyrocufflink.blue
-web0.pyrocufflink.blue

 [dch-proxy]
 rprx0.pyrocufflink.blue
--- a/roles/websites/pyrocufflink.net/meta/main.yml
+++ b/roles/websites/pyrocufflink.net/meta/main.yml
@ -1,4 +0,0 @@
-dependencies:
- role: certbot
-  certbot_domains:
-  - pyrocufflink.net
--- a/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
+++ b/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
@ -3,8 +3,8 @@
 <VirtualHost _default_:443>
    ServerName pyrocufflink.net
    Include conf.d/ssl.include
-    SSLCertificateFile {{ apache_ssl_certificate }}
-    SSLCertificateKeyFile {{ apache_ssl_certificate_key }}
+    SSLCertificateFile /etc/pki/tls/certs/pyrocufflink.net.cer
+    SSLCertificateKeyFile /etc/pki/tls/private/pyrocufflink.net.key

    ProxyRequests Off
    RewriteEngine On
--- a/websites.yml
+++ b/websites.yml
@ -3,6 +3,14 @@
    apache_default_ssl_vhost: false
  roles:
  - apache
+  - role: cert
+    vars:
+      cert_src: websites/pyrocufflink.net.cer
+      cert_dest: /etc/pki/tls/certs/pyrocufflink.net.cer
+      cert_key_src: websites/pyrocufflink.net.key
+      cert_key_dest: /etc/pki/tls/private/pyrocufflink.net.key
+    tags:
+    - websites/pyrocufflink.net
  - role: websites/pyrocufflink.net
    tags: websites/pyrocufflink.net
  - role: websites/dustin.hatch.name