From 48f47b890545b20b4eae60fe32c123718e1884d8 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 23 Jul 2025 10:02:18 -0500
Subject: [PATCH] websites: apps.d.x: Switch to mod_md for cert

The _apps.du5t1n.xyz_ site now obtains its certificate from Let's
Encrypt using the Apache _mod_md_ (managed domain) module.  This
dramatically simplifies the deployment of this certificate, eliminating
the need for _cert-manager_ to obtain it, _cert-exporter_ to add it to
_certs.git_, and Jenkins to push it out to the web server.
---
 certs/websites/apps.du5t1n.xyz.cer                         | 1 -
 certs/websites/apps.du5t1n.xyz.key                         | 1 -
 .../apps.du5t1n.xyz/files/apps.du5t1n.xyz.httpd.conf       | 4 ++--
 roles/websites/apps.du5t1n.xyz/meta/main.yml               | 7 -------
 4 files changed, 2 insertions(+), 11 deletions(-)
 delete mode 120000 certs/websites/apps.du5t1n.xyz.cer
 delete mode 120000 certs/websites/apps.du5t1n.xyz.key
 delete mode 100644 roles/websites/apps.du5t1n.xyz/meta/main.yml

diff --git a/certs/websites/apps.du5t1n.xyz.cer b/certs/websites/apps.du5t1n.xyz.cer
deleted file mode 120000
index e8dcb1c..0000000
--- a/certs/websites/apps.du5t1n.xyz.cer
+++ /dev/null
@@ -1 +0,0 @@
-../../.certs/certificates/apps.du5t1n.xyz.crt
\ No newline at end of file
diff --git a/certs/websites/apps.du5t1n.xyz.key b/certs/websites/apps.du5t1n.xyz.key
deleted file mode 120000
index af5560e..0000000
--- a/certs/websites/apps.du5t1n.xyz.key
+++ /dev/null
@@ -1 +0,0 @@
-../../.certs/certificates/apps.du5t1n.xyz.key
\ No newline at end of file
diff --git a/roles/websites/apps.du5t1n.xyz/files/apps.du5t1n.xyz.httpd.conf b/roles/websites/apps.du5t1n.xyz/files/apps.du5t1n.xyz.httpd.conf
index ce4b0cc..e447e09 100644
--- a/roles/websites/apps.du5t1n.xyz/files/apps.du5t1n.xyz.httpd.conf
+++ b/roles/websites/apps.du5t1n.xyz/files/apps.du5t1n.xyz.httpd.conf
@@ -1,3 +1,5 @@
+MDomain apps.du5t1n.xyz
+
 <VirtualHost _default_:80>
 ServerName apps.du5t1n.xyz
 
@@ -9,8 +11,6 @@ RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
 ServerName apps.du5t1n.xyz
 
 Include conf.d/ssl.include
-SSLCertificateKeyFile /etc/pki/tls/private/apps.du5t1n.xyz.key
-SSLCertificateFile /etc/pki/tls/certs/apps.du5t1n.xyz.cer
 
 <IfModule mod_headers.c>
 	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
diff --git a/roles/websites/apps.du5t1n.xyz/meta/main.yml b/roles/websites/apps.du5t1n.xyz/meta/main.yml
deleted file mode 100644
index 2a3807b..0000000
--- a/roles/websites/apps.du5t1n.xyz/meta/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-dependencies:
-- role: cert
-  vars:
-    cert_src: websites/apps.du5t1n.xyz.cer
-    cert_dest: /etc/pki/tls/certs/apps.du5t1n.xyz.cer
-    cert_key_src: websites/apps.du5t1n.xyz.key
-    cert_key_dest: /etc/pki/tls/private/apps.du5t1n.xyz.key