certs/websites/dustin.hatch.name.cer

@@ -0,0 +1 @@
+../../.certs/acme.sh/dustin.hatch.name/fullchain.cer

certs/websites/dustin.hatch.name.key

@@ -0,0 +1 @@
+../../.certs/acme.sh/dustin.hatch.name/dustin.hatch.name.key

roles/apache/defaults/main.yml

@@ -1,7 +1,6 @@
 apache_mpm: event
 apache_keep_num_logs: 4
 apache_max_log_size: 256M
-apache_error_log: syslog:daemon
 apache_ssl_protocol:
 - all
 - '-SSLv2'

roles/apache/tasks/main.yml

@@ -5,16 +5,6 @@
   tags:
   - install
 
-- name: ensure global error log is configured
-  template:
-    src: errorlog.j2
-    dest: /etc/httpd/conf.d/00-errorlog.conf
-    owner: root
-    group: root
-    mode: u=rw,go=r
-  tags:
-  - apache-config
-
 - name: ensure http service keytab is in place
   copy:
     src={{ item }}

roles/apache/templates/errorlog.j2

@@ -1,5 +0,0 @@
-{% if apache_error_log %}
-ErrorLog {{ apache_error_log }}
-{% else %}
-# Use the default ErrorLog value set in httpd.conf
-{% endif %}

roles/apache/templates/ssl.include.j2

@@ -1,11 +1,7 @@
 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.
-{% if apache_ssl_error_log is defined %}
+ErrorLog logs/ssl_error_log
-ErrorLog {{ apache_ssl_error_log }}
+TransferLog logs/ssl_access_log
-{% endif %}
-{% if apache_ssl_transferlog is defined %}
-TransferLog {{ apache_ssl_transferlog }}
-{% endif %}
 LogLevel warn
 
 #   SSL Engine Switch:

roles/websites/dustin.hatch.name/files/dustin.hatch.name.httpd.conf

@@ -1,5 +1,4 @@
 # vim: set ft=apache :
-MDomain dustin.hatch.name
 
 <VirtualHost _default_:80>
 ServerName dustin.hatch.name
@@ -12,6 +11,8 @@ RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
 ServerName dustin.hatch.name
 
 Include conf.d/ssl.include
+SSLCertificateKeyFile /etc/pki/tls/private/dustin.hatch.name.key
+SSLCertificateFile /etc/pki/tls/certs/dustin.hatch.name.cer
 
 <IfModule mod_headers.c>
     Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

websites.yml

@@ -10,6 +10,12 @@
     tags: formsubmit
   - role: websites/pyrocufflink.net
     tags: websites/pyrocufflink.net
+  - role: cert
+    cert_src: websites/dustin.hatch.name.cer
+    cert_dest: /etc/pki/tls/certs/dustin.hatch.name.cer
+    cert_key_src: websites/dustin.hatch.name.key
+    cert_key_dest: /etc/pki/tls/private/dustin.hatch.name.key
+    tags: websites/dustin.hatch.name
   - role: websites/dustin.hatch.name
     tags: websites/dustin.hatch.name
   - role: websites/ebonfire.com