From: Tom Hughes Date: Sun, 12 Feb 2017 10:32:49 +0000 (+0000) Subject: Switch blogs to letsencrypt X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/01b2f3402f5e3b7fbb20abdfde4444a72278f060 Switch blogs to letsencrypt --- diff --git a/cookbooks/blogs/recipes/default.rb b/cookbooks/blogs/recipes/default.rb index f90c3ce5d..6c0127ea2 100644 --- a/cookbooks/blogs/recipes/default.rb +++ b/cookbooks/blogs/recipes/default.rb @@ -59,6 +59,12 @@ execute "/srv/blogs.openstreetmap.org" do group "blogs" end +ssl_certificate "blops.openstreetmap.org" do + domains "blogs.openstreetmap.org" + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "blogs.openstreetmap.org" do template "apache.erb" directory "/srv/blogs.openstreetmap.org/build" diff --git a/cookbooks/blogs/templates/default/apache.erb b/cookbooks/blogs/templates/default/apache.erb index 1cb0fe44c..7986de430 100644 --- a/cookbooks/blogs/templates/default/apache.erb +++ b/cookbooks/blogs/templates/default/apache.erb @@ -7,6 +7,7 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ Redirect permanent / https://<%= @name %>/ @@ -20,6 +21,8 @@ DocumentRoot <%= @directory %> SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key >