From: Tom Hughes Date: Mon, 13 Feb 2017 15:41:20 +0000 (+0000) Subject: Switch planet.osm.org to letsencrypt X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/0d9c8fe196af7428be06e2c5495b65d8506f4ab3 Switch planet.osm.org to letsencrypt --- diff --git a/cookbooks/planet/recipes/default.rb b/cookbooks/planet/recipes/default.rb index 45029875d..044a88bf8 100644 --- a/cookbooks/planet/recipes/default.rb +++ b/cookbooks/planet/recipes/default.rb @@ -91,6 +91,12 @@ apache_module "cgid" apache_module "rewrite" apache_module "proxy_http" +ssl_certificate "planet.openstreetmap.org" do + domains ["planet.openstreetmap.org", "planet.osm.org"] + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "planet.openstreetmap.org" do template "apache.erb" end diff --git a/cookbooks/planet/templates/default/apache.erb b/cookbooks/planet/templates/default/apache.erb index 4528f46fe..8790c8032 100644 --- a/cookbooks/planet/templates/default/apache.erb +++ b/cookbooks/planet/templates/default/apache.erb @@ -5,9 +5,13 @@ ServerName planet.openstreetmap.org ServerAlias planet.osm.org ServerAdmin webmaster@openstreetmap.org -<% if port == 443 -%> +<% if port == 443 -%> SSLEngine on + SSLCertificateFile /etc/ssl/certs/planet.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/planet.openstreetmap.org.key +<% else -%> + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ <% end -%> CustomLog /var/log/apache2/planet.openstreetmap.org-access.log combined