]> git.openstreetmap.org Git - chef.git/commitdiff
Remove legacy certificate support
authorTom Hughes <tom@compton.nu>
Sun, 19 Feb 2017 19:19:36 +0000 (19:19 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 19 Feb 2017 19:27:54 +0000 (19:27 +0000)
30 files changed:
cookbooks/apache/attributes/default.rb
cookbooks/apache/recipes/ssl.rb
cookbooks/apache/templates/default/ssl.erb
cookbooks/blogs/recipes/default.rb
cookbooks/cgiirc/recipes/default.rb
cookbooks/chef/recipes/server.rb
cookbooks/dns/recipes/default.rb
cookbooks/forum/recipes/default.rb
cookbooks/foundation/recipes/owg.rb
cookbooks/git/recipes/web.rb
cookbooks/gps-tile/recipes/default.rb
cookbooks/kibana/recipes/default.rb
cookbooks/mailman/recipes/default.rb
cookbooks/nominatim/recipes/default.rb
cookbooks/osqa/recipes/default.rb
cookbooks/otrs/recipes/default.rb
cookbooks/piwik/recipes/default.rb
cookbooks/planet/recipes/default.rb
cookbooks/serverinfo/recipes/default.rb
cookbooks/ssl/attributes/default.rb
cookbooks/ssl/files/default/rapidssl.pem [deleted file]
cookbooks/ssl/files/default/startcom.pem [deleted file]
cookbooks/ssl/recipes/default.rb
cookbooks/ssl/resources/certificate.rb
cookbooks/stats/recipes/default.rb
cookbooks/subversion/recipes/default.rb
cookbooks/taginfo/recipes/default.rb
cookbooks/tilecache/recipes/default.rb
cookbooks/trac/recipes/default.rb
cookbooks/web/recipes/rails.rb

index 46feacd34cb8124ba8ff94caef08abd87f652a4a..8e051057f8ccb88699c50a65caa81408103f8492 100644 (file)
@@ -28,6 +28,4 @@ default[:apache][:event][:max_connections_per_child] = 0
 
 default[:apache][:listen_address] = "*"
 
 
 default[:apache][:listen_address] = "*"
 
-default[:apache][:ssl][:certificate] = "openstreetmap"
-
 default[:apache][:buffered_logs] = true
 default[:apache][:buffered_logs] = true
index b9b2ca305787173a092101bf8f1714386af46792..b2818df708127d6ae4f44b313cd0b28c57e3b8db 100644 (file)
 # limitations under the License.
 #
 
 # limitations under the License.
 #
 
-certificate = node[:apache][:ssl][:certificate]
-
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
-
 include_recipe "apache"
 include_recipe "ssl"
 
 include_recipe "apache"
 include_recipe "ssl"
 
@@ -28,11 +24,5 @@ apache_module "ssl"
 
 apache_conf "ssl" do
   template "ssl.erb"
 
 apache_conf "ssl" do
   template "ssl.erb"
-  variables :certificate => certificate
   notifies :reload, "service[apache2]"
 end
   notifies :reload, "service[apache2]"
 end
-
-apache = resources("service[apache2]")
-
-apache.subscribes(:restart, "file[/etc/ssl/certs/#{certificate}.pem]")
-apache.subscribes(:restart, "file[/etc/ssl/private/#{certificate}.key]")
index 03b77f54b658c9792bd7379b2e88e3a51a5d8a7f..17ee112b6c9b5ee6915660aa0061794f71fc0809 100644 (file)
@@ -3,11 +3,9 @@
 SSLProtocol All -SSLv2 -SSLv3
 
 SSLHonorCipherOrder On
 SSLProtocol All -SSLv2 -SSLv3
 
 SSLHonorCipherOrder On
-SSLCipherSuite <%= node[:ssl][:ciphers] -%>
-
-SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
-SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
+SSLCipherSuite <%= node[:ssl][:ciphers] %>
 <% if node[:lsb][:release].to_f < 16.04 -%>
 <% if node[:lsb][:release].to_f < 16.04 -%>
+
 SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
 <% end -%>
 
 SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
 <% end -%>
 
index c2a4a1c4c2352cf7775f7bff70ae53e972613b31..8389b6260ad7f76283a09b32675288f95194571e 100644 (file)
@@ -61,7 +61,6 @@ end
 
 ssl_certificate "blogs.openstreetmap.org" do
   domains "blogs.openstreetmap.org"
 
 ssl_certificate "blogs.openstreetmap.org" do
   domains "blogs.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 173eebfdd5f404175e3a5204771a1c69600cfa62..2c80239ff6566cc4d830530b92a364484792d052 100644 (file)
@@ -40,7 +40,6 @@ end
 
 ssl_certificate "irc.openstreetmap.org" do
   domains "irc.openstreetmap.org"
 
 ssl_certificate "irc.openstreetmap.org" do
   domains "irc.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 2ebf64f72dc6be392acab827923bf87edc9caa6b..fe668ad1d74ddcaa6128fecd279255b83a85842c 100644 (file)
@@ -80,7 +80,6 @@ apache_module "proxy_http"
 
 ssl_certificate "chef.openstreetmap.org" do
   domains ["chef.openstreetmap.org", "chef.osm.org"]
 
 ssl_certificate "chef.openstreetmap.org" do
   domains ["chef.openstreetmap.org", "chef.osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 4fbde88c06ffa0ddfaaabe0f66c14bc68bc7e0f2..8db66d6c986e2a0c49d03714ef69ee51a9e53213 100644 (file)
@@ -73,7 +73,6 @@ end
 
 ssl_certificate "dns.openstreetmap.org" do
   domains "dns.openstreetmap.org"
 
 ssl_certificate "dns.openstreetmap.org" do
   domains "dns.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 7130c17289c08bf39e2f56dc9b342415087bbb3f..7288824b5ba897f3932b9de53b440a261a89f0b8 100644 (file)
@@ -33,7 +33,6 @@ apache_module "rewrite"
 
 ssl_certificate "forum.openstreetmap.org" do
   domains ["forum.openstreetmap.org", "forum.osm.org"]
 
 ssl_certificate "forum.openstreetmap.org" do
   domains ["forum.openstreetmap.org", "forum.osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index a34a16f2a2b2ba174c19c0e739851449f83bfc63..cc093b3c9036fd2ef8a670229333663283a83c9c 100644 (file)
@@ -58,7 +58,6 @@ end
 
 ssl_certificate "operations.osmfoundation.org" do
   domains "operations.osmfoundation.org"
 
 ssl_certificate "operations.osmfoundation.org" do
   domains "operations.osmfoundation.org"
-  fallback_certificate "osmfoundation"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 5d298e7ca8fe426aef038691ce69471522f324bd..24307121d00256ff535ffb5a0e16151b2c944e09 100644 (file)
@@ -34,7 +34,6 @@ end
 
 ssl_certificate node[:git][:host] do
   domains node[:git][:host]
 
 ssl_certificate node[:git][:host] do
   domains node[:git][:host]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 593e69ad13327bf50d6e3fa08f7b7a209cf5beaf..87c2c49ac92a3bb4a916279c4b3094e57db3a12d 100644 (file)
@@ -112,7 +112,6 @@ ssl_certificate "gps-tile.openstreetmap.org" do
            "gps-a.tile.openstreetmap.org",
            "gps-b.tile.openstreetmap.org",
            "gps-c.tile.openstreetmap.org"]
            "gps-a.tile.openstreetmap.org",
            "gps-b.tile.openstreetmap.org",
            "gps-c.tile.openstreetmap.org"]
-  fallback_certificate "tile.openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 8c7db202f3f9a3ba5f9eb839e8553bb25cadff62..6a985ae344a12bd46ee7634ace62891521100e47 100644 (file)
@@ -93,7 +93,6 @@ node[:kibana][:sites].each do |name, details|
 
   ssl_certificate details[:site] do
     domains details[:site]
 
   ssl_certificate details[:site] do
     domains details[:site]
-    fallback_certificate "openstreetmap"
     notifies :reload, "service[apache2]"
   end
 
     notifies :reload, "service[apache2]"
   end
 
index 6dca950675b2f4e8973da669ff7aad77c196602f..8fb1b90923f1edddaedd533786666c395324c0fc 100644 (file)
@@ -43,7 +43,6 @@ apache_module "rewrite"
 
 ssl_certificate "lists.openstreetmap.org" do
   domains "lists.openstreetmap.org"
 
 ssl_certificate "lists.openstreetmap.org" do
   domains "lists.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index b7954af92eedeb6b7fa35910843bd290835b7b21..b098c599d1e43a5f810f1cf9f9857cb64242317f 100644 (file)
@@ -338,7 +338,6 @@ ssl_certificate "nominatim.openstreetmap.org" do
            "nominatim.openstreetmap.net",
            "nominatim.openstreetmaps.org",
            "nominatim.openmaps.org"]
            "nominatim.openstreetmap.net",
            "nominatim.openstreetmaps.org",
            "nominatim.openmaps.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 482d73d8831a78f14e5121f17ef50e30fab7ed3a..5d5b4b1f2dee2521f15c7234db3867eeb7756930 100644 (file)
@@ -51,7 +51,6 @@ node[:osqa][:sites].each do |site|
 
   ssl_certificate site_name do
     domains site_name
 
   ssl_certificate site_name do
     domains site_name
-    fallback_certificate "openstreetmap"
     notifies :reload, "service[apache2]"
   end
 
     notifies :reload, "service[apache2]"
   end
 
index 03eb43aa0f0abc63d1b5441985246d19ef2452e6..b6861d1a2e5b630543473d2ffdf7bf8d823f16aa 100644 (file)
@@ -141,7 +141,6 @@ end
 
 ssl_certificate site do
   domains site
 
 ssl_certificate site do
   domains site
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 8561491b246c94ebe8d70550ed77afe4c48f9e9f..36bb05d2bba20d2d455681d6f6f7447b6e9feec8 100644 (file)
@@ -93,7 +93,6 @@ end
 
 ssl_certificate "piwik.openstreetmap.org" do
   domains ["piwik.openstreetmap.org", "piwik.osm.org"]
 
 ssl_certificate "piwik.openstreetmap.org" do
   domains ["piwik.openstreetmap.org", "piwik.osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 044a88bf8d4b6919a0fb55c0b4c847173315f307..452b54276f991f5fb801eaf35c53b320dfece3fe 100644 (file)
@@ -93,7 +93,6 @@ apache_module "proxy_http"
 
 ssl_certificate "planet.openstreetmap.org" do
   domains ["planet.openstreetmap.org", "planet.osm.org"]
 
 ssl_certificate "planet.openstreetmap.org" do
   domains ["planet.openstreetmap.org", "planet.osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index f38283fc97dd4786b865d64a115b1c1a1fead925..c027480d9b0df9ef6d2a67153ddaf816c527769f 100644 (file)
@@ -68,7 +68,6 @@ end
 
 ssl_certificate "hardware.openstreetmap.org" do
   domains "hardware.openstreetmap.org"
 
 ssl_certificate "hardware.openstreetmap.org" do
   domains "hardware.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 5db9abbb2ecb87275115001a93adbe4e2bc89ae4..1494dfe75044f05f860c08e4a782ce8defee0c2c 100644 (file)
@@ -1,2 +1 @@
-default[:ssl][:certificates] = []
 default[:ssl][:ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
 default[:ssl][:ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
diff --git a/cookbooks/ssl/files/default/rapidssl.pem b/cookbooks/ssl/files/default/rapidssl.pem
deleted file mode 100644 (file)
index fac0344..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMTMxMjExMjM0NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSUmFwaWRTU0wg
-U0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1jBEgEu
-l9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx2GCJ
-a1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6
-msrVMNI4/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpyg
-C04q18NhWoXdXBC5VD0tA/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZD
-dvDibvDfqCl158ikh4tq8bsIyTYYZe5QQ7hdctUoOeFTPiUs2itP3YqeUFDgb5rE
-1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwR
-fap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIGA1UdEwEB
-/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0
-dHA6Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEE
-IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMw
-QQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0
-LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1h
-bnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBWlLp6vXmp9uP+
-bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
-RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJR
-BBZqAOv5jUOB8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd
-4FB84XavXu0R0y8TubglpK9YCa81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4
-Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8
-2A==
------END CERTIFICATE-----
diff --git a/cookbooks/ssl/files/default/startcom.pem b/cookbooks/ssl/files/default/startcom.pem
deleted file mode 100644 (file)
index dbaeda6..0000000
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
-EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
-Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1
-NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
-BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
-BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
-IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I
-PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV
-sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k
-s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125
-w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH
-M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp
-Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
-BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA
-FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
-AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
-Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
-I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
-OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
-b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw
-tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u
-agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs
-BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy
-36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn
-cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy
-T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6
-4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV
-iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA
-7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u
-y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR
-RNvbaAxIU4U67YaZSw==
------END CERTIFICATE-----
index 1635ed24d52edd784c65c096db6d81efea3351f2..6dcc02444d26b864b242a026f9c0eb5832ea1032 100644 (file)
 # limitations under the License.
 #
 
 # limitations under the License.
 #
 
-keys = data_bag_item("ssl", "keys")
-certs = data_bag_item("ssl", "certs")
-
 package "openssl"
 package "ssl-cert"
 
 package "openssl"
 package "ssl-cert"
 
-%w(letsencrypt rapidssl startcom dhparam).each do |certificate|
+%w(letsencrypt dhparam).each do |certificate|
   cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
     owner "root"
     group "root"
   cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
     owner "root"
     group "root"
@@ -32,30 +29,12 @@ package "ssl-cert"
   end
 end
 
   end
 end
 
-["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate|
-  if node[:ssl][:certificates].include?(certificate)
-    file "/etc/ssl/certs/#{certificate}.pem" do
-      owner "root"
-      group "root"
-      mode 0o444
-      content certs[certificate].join("\n")
-      backup false
-    end
-
-    file "/etc/ssl/private/#{certificate}.key" do
-      owner "root"
-      group "ssl-cert"
-      mode 0o440
-      content keys[certificate].join("\n")
-      backup false
-    end
-  else
-    file "/etc/ssl/certs/#{certificate}.pem" do
-      action :delete
-    end
+["openstreetmap", "tile.openstreetmap", "osmfoundation", "rapidssl", "startcom"].each do |certificate|
+  file "/etc/ssl/certs/#{certificate}.pem" do
+    action :delete
+  end
 
 
-    file "/etc/ssl/private/#{certificate}.key" do
-      action :delete
-    end
+  file "/etc/ssl/private/#{certificate}.key" do
+    action :delete
   end
 end
   end
 end
index fc94d39deb840f07c2abf24e46e244c51372763e..c133491edb28eb5ff0f10ca42c793e0b2cb6c4de 100644 (file)
@@ -21,7 +21,6 @@ default_action :create
 
 property :name, String
 property :domains, [String, Array], :required => true
 
 property :name, String
 property :domains, [String, Array], :required => true
-property :fallback_certificate, String
 
 action :create do
   node.default[:letsencrypt][:certificates][name] = {
 
 action :create do
   node.default[:letsencrypt][:certificates][name] = {
@@ -53,14 +52,6 @@ action :create do
       manage_symlink_source false
       force_unlink true
     end
       manage_symlink_source false
       force_unlink true
     end
-  elsif fallback_certificate
-    link "/etc/ssl/certs/#{name}.pem" do
-      to "#{fallback_certificate}.pem"
-    end
-
-    link "/etc/ssl/private/#{name}.key" do
-      to "#{fallback_certificate}.key"
-    end
   else
     template "/tmp/#{name}.ssl.cnf" do
       cookbook "ssl"
   else
     template "/tmp/#{name}.ssl.cnf" do
       cookbook "ssl"
index 3f0303d2ef4b1a7baaa92fad26b36fad2382d36a..2c92fb2b2368f3e01fb60b73e9ae21a8766ec8cc 100644 (file)
@@ -75,7 +75,6 @@ end
 
 ssl_certificate "stats.openstreetmap.org" do
   domains ["stats.openstreetmap.org", "stats.osm.org"]
 
 ssl_certificate "stats.openstreetmap.org" do
   domains ["stats.openstreetmap.org", "stats.osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 8419bbc40dfd3d6348e51e76870961ec54c894a0..51a6de59ce6a390ed193452c72d8e06ec06b53c7 100644 (file)
@@ -53,7 +53,6 @@ end
 
 ssl_certificate site_name do
   domains site_name
 
 ssl_certificate site_name do
   domains site_name
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 35166f1d02c89e2900a3d3b416da863605d1e9e5..3b0983a25cf412a3aed2bc5575ff47f91bfc9a63 100644 (file)
@@ -236,7 +236,6 @@ node[:taginfo][:sites].each do |site|
 
   ssl_certificate site_name do
     domains site_name
 
   ssl_certificate site_name do
     domains site_name
-    fallback_certificate "openstreetmap"
     notifies :reload, "service[apache2]"
   end
 
     notifies :reload, "service[apache2]"
   end
 
index c275edb66b76699f79bbbf6077ee45d039b8a5e6..41a4e7f71935e018806e296b53ef4ac4b659ce57 100644 (file)
@@ -116,7 +116,6 @@ ssl_certificate "tile.openstreetmap.org" do
            "a.tile.openstreetmap.org",
            "b.tile.openstreetmap.org",
            "c.tile.openstreetmap.org"]
            "a.tile.openstreetmap.org",
            "b.tile.openstreetmap.org",
            "c.tile.openstreetmap.org"]
-  fallback_certificate "tile.openstreetmap"
   notifies :restart, "service[nginx]"
 end
 
   notifies :restart, "service[nginx]"
 end
 
index 551f28e71c0470aacfafc5a16e64b9e4fc98ae9c..fab0564b03977cfa3bc4281c2353beb5c67e990c 100644 (file)
@@ -73,7 +73,6 @@ apache_module "wsgi"
 
 ssl_certificate "trac.openstreetmap.org" do
   domains "trac.openstreetmap.org"
 
 ssl_certificate "trac.openstreetmap.org" do
   domains "trac.openstreetmap.org"
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end
 
index 4095be1bc06e2bba9710b26deb582825377b3f32..77017b73500880f978a0f5a88d5934f443c5d41c 100644 (file)
@@ -32,7 +32,6 @@ ssl_certificate "www.openstreetmap.org" do
   domains ["www.openstreetmap.org", "www.osm.org",
            "api.openstreetmap.org", "api.osm.org",
            "openstreetmap.org", "osm.org"]
   domains ["www.openstreetmap.org", "www.osm.org",
            "api.openstreetmap.org", "api.osm.org",
            "openstreetmap.org", "osm.org"]
-  fallback_certificate "openstreetmap"
   notifies :reload, "service[apache2]"
 end
 
   notifies :reload, "service[apache2]"
 end