# limitations under the License.
#
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["crm.osmfoundation"]
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["osmfoundation"]
include_recipe "wordpress"
include_recipe "mysql"
wordpress_site "crm.osmfoundation.org" do
ssl_enabled true
- ssl_certificate "crm.osmfoundation"
+ ssl_certificate "osmfoundation"
+ ssl_certificate_chain "startcom"
database_name "civicrm"
database_user "civicrm"
database_password database_password
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFATCCAumgAwIBAgIDAlJkMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
-Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
-BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTQxMjE2MTIwODIxWhcNMTYxMjE1
-MTIwODIxWjAgMR4wHAYDVQQDExVjcm0ub3NtZm91bmRhdGlvbi5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5UVvmSjwN7x03au9xudnXAdK6Hjzr
-bnKpSZMLjmjZGdrtJELRl0/xkbk984A4SufMm5TtdrehBinjug7my9BZocyCAscW
-RTe3O3S6i+LQaKQe+2CtzVAx4fZSIznE4VCSFB5pRgpaffXQMr1aXTGGoODjet4T
-3hEUzVg0WwymbLh62eN4aIFvCLtN3U4+7l8UhZD5LDYDjU1wsE80yX+z96/6s0OY
-3T85bgNg7u/qMKczY9FlWY8Rz+ORcDElMO+tATq89+tcvuYBNIAfaqH2H49+Y5Lh
-LTKeotMuJyZwJInUsDtryY/QsPltEWbkiR0xbSpzTgK8R9HIbRORAfxDAgMBAAGj
-ggEOMIIBCjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTAr
-BggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggr
-BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcv
-MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMt
-cmV2b2tlLmNybDBFBgNVHREEPjA8ghVjcm0ub3NtZm91bmRhdGlvbi5vcmegIwYI
-KwYBBQUHCAWgFwwVY3JtLm9zbWZvdW5kYXRpb24ub3JnMA0GCSqGSIb3DQEBCwUA
-A4ICAQA7OZ1BHDxvKFZzmhjUnrtaCMus9vTwenq4b3ml4WZHpVOMPUe6wmm9cvRf
-UdzbZ8EPFvTkXgxJrRSAqSwbcwtOTyy4IIRR1CjrfHQHc/Gx/GRlc4sUFSHDGFH3
-bcwAUfOPTE741G+ir+1yltakfAoRWbf7wJWFaFIzJjSsEYbx9x4eoeeU+J0vGLHT
-1yXty57WWtclH1UoSte+1dqec0Gj949DOgMczygeiC25VrNyEnHw8SZudLLNDQIX
-4GNd0n02gKzyjipG4bRPXlyjfARF3OxZr/A2jgOzcAwPJmVWmORckpw5fWtTf1Kj
-D2cFgNRjzdHnGX1R77PdtXqsEPnap6f1W74H+PT3s1vIkqwT+meRqQITeIxAsu2B
-Ytk2ogRgWcqosb+SU4pQwvL/BeQocCdWZLt5wIkAuJjUvtVRl2WDJu+4ODT0Fjq0
-tveXh1C5uZAKPtTo97osvK9YsLVCwfrz+qTAUlVnZXBekmLsX8YslNdMP00P44oP
-zSdv2jEu1oFJR28epu77wz85WWo6Dam18xsSA8LE2ZPmi+xyCGuBTBpaP7yTCarh
-jOqt/dWOeWSgtXFmzGvhHet+k7bzzyITMHxBrSyIl+T97h50tbY1UB0x5vx6bU9F
-0izvC+d5RULNW240ZMsbcPx983USj9+4dUAJ5P9FMqtWcqWYLQ==
------END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIIzDCCB7SgAwIBAgIHBsLao8VPUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
+BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
+aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
+YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDIyMTAz
+MDg1OFoXDTE3MDIyMTAwNDk1OFowgacxCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpC
+aXJtaW5naGFtMRkwFwYDVQQHExBTdXR0b24gQ29sZGZpZWxkMSEwHwYDVQQKExhP
+cGVuU3RyZWV0TWFwIEZvdW5kYXRpb24xHDAaBgNVBAMUEyoub3NtZm91bmRhdGlv
+bi5vcmcxJzAlBgkqhkiG9w0BCQEWGGFkbWluc0BvcGVuc3RyZWV0bWFwLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJuxe5wR46CZT0V6j6mTiRf2
+14sK3tPuYsd88RplllgPpBFBBgbXaQHye/65b+TBKTwi1gaOFl9dwwa//Zo0iser
+rz+vO2/NKVnJVfZoP6X3TOGMGAssHxWsaPVaD/Kju91B6oC+8XlN3US2Pyzizt6M
+C7SqS31xd8xyKjgStqflvP3Wc8Xz0cjvAi/K32O2FbgNgslQHCFM5AY+B5BG5+7S
+fgRetFbpPukmCX153DlaZEV9cYHAk6Qho+4RyOxuIrSoWl/vIl3oOT2MSjqogJRm
+tiM+zAUYoZpuuG8fieyIFAmaFsuK7wb/ZBPgoVlG2K9v79aM9w97K70Ri4t+5SMC
+AwEAAaOCBRQwggUQMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQG
+CCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUYRF/TPT7QpZHP10ciyUfzpmZ
+5nUwHwYDVR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwggJOBgNVHREEggJF
+MIICQYITKi5vc21mb3VuZGF0aW9uLm9yZ4IRb3NtZm91bmRhdGlvbi5vcmeCEW9w
+ZW5zdHJlZXRtYXAub3JnghZibG9nLm9wZW5zdHJlZXRtYXAub3Jnggdvc20ub3Jn
+ggxibG9nLm9zbS5vcmeCFmJsb2cub3NtZm91bmRhdGlvbi5vcmeCDnN3aXRjaDJv
+c20ub3JnghFzdGF0ZW9mdGhlbWFwLmNvbYIPb3Blbmdlb2RhdGEub3JnghFzdGF0
+ZW9mdGhlbWFwLm9yZ4IZdGhpbmt1cC5vcGVuc3RyZWV0bWFwLm9yZ4IPdGhpbmt1
+cC5vc20ub3JnghZvdHJzLm9wZW5zdHJlZXRtYXAub3JnggxvdHJzLm9zbS5vcmeC
+HGZvdW5kYXRpb24ub3BlbnN0cmVldG1hcC5vcmeCEmZvdW5kYXRpb24ub3NtLm9y
+Z4ITKi5zdGF0ZW9mdGhlbWFwLmNvbYITKi5zdGF0ZW9mdGhlbWFwLm9yZ4IQKi5z
+d2l0Y2gyb3NtLm9yZ4IOc3dpdGNoMm9zbS5jb22CECouc3dpdGNoMm9zbS5jb22C
+Em9wZW5zdHJlZXRtYXBzLm9yZ4IXYmxvZy5vcGVuc3RyZWV0bWFwcy5vcmeCEW9w
+ZW5zdHJlZXRtYXAuY29tghZibG9nLm9wZW5zdHJlZXRtYXAuY29tghEqLm9wZW5n
+ZW9kYXRhLm9yZ4IRb3BlbnN0cmVldG1hcC5uZXSCFmJsb2cub3BlbnN0cmVldG1h
+cC5uZXQwggFWBgNVHSAEggFNMIIBSTAIBgZngQwBAgIwggE7BgsrBgEEAYG1NwEC
+AzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGlj
+eS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
+b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9m
+IHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBp
+bnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy
+dHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuc3Rh
+cnRzc2wuY29tL2NydDItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEF
+BQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvc2VydmVy
+L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9z
+dWIuY2xhc3MyLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z
+dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAfe1P5cQXxgiaT2kNBIkCF
+LVIu8UCZnpkipshwuL8+TXQ0HGUC10Mw/sg6bSAMkBhtE7ffypBlgmI49FHmekae
+eAwygd1uubzInmtrXWhpNmQ3M4W53RJlOeU98TMkJiUcqx2kqBFyYbvT2G6u2nxQ
+6U9ytr2VZF59iQ9tE9hDM+aqVPjMQdk45TKdraDu1MW0Q/zRPBp+FLn7+nl83Zdd
+HEk0+GC4+fU4L5luprtmlkSESA2+beQ613OzKcwYMfClPCRTTooJbgK1OShRCgYm
+gqEPJj20V0So8A1pTcLB2VQ68Fwrj5ckqJrjXN1djneWcnIFzEG9UvJlCKxd2pPc
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
+EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
+Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1
+NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
+BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
+BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I
+PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV
+sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k
+s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125
+w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH
+M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp
+Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
+AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
+Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
+I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
+OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
+b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw
+tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u
+agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs
+BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy
+36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn
+cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy
+T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6
+4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV
+iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA
+7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u
+y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR
+RNvbaAxIU4U67YaZSw==
+-----END CERTIFICATE-----
package "openssl"
package "ssl-cert"
-cookbook_file "/etc/ssl/certs/rapidssl.pem" do
- owner "root"
- group "root"
- mode 0444
- backup false
+%w(rapidssl startcom).each do |certificate|
+ cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
+ owner "root"
+ group "root"
+ mode 0444
+ backup false
+ end
end
-["openstreetmap", "tile.openstreetmap", "crm.osmfoundation"].each do |certificate|
+["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate|
if node[:ssl][:certificates].include?(certificate)
cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
owner "root"
variables :aliases => Array(new_resource.aliases),
:urls => new_resource.urls,
:ssl_enabled => new_resource.ssl_enabled,
- :ssl_certificate => new_resource.ssl_certificate
+ :ssl_certificate => new_resource.ssl_certificate,
+ :ssl_certificate_chain => new_resource.ssl_certificate_chain
reload_apache false
end
attribute :database_prefix, :kind_of => String, :default => "wp_"
attribute :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false
attribute :ssl_certificate, :kind_of => String
+attribute :ssl_certificate_chain, :kind_of => String
attribute :urls, :kind_of => Hash, :default => {}
attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key
<% end -%>
+<% if @ssl_certificate -%>
+ SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_certificate_chain %>.pem
+<% end -%>
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log