From 775c7f7346d6fcd32e87aed36c394031bce700da Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 13 Apr 2020 09:11:07 +0100
Subject: [PATCH] Give each nominatim server it's own SSL certificate

This allows us to include the server name so that we can query
specific servers when debugging.
---
 cookbooks/nominatim/recipes/default.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 8d10a4b93..76f7cdced 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -360,8 +360,9 @@ systemd_service "apache-nominatim" do
   notifies :restart, "service[apache2]"
 end
 
-ssl_certificate "nominatim.openstreetmap.org" do
-  domains ["nominatim.openstreetmap.org",
+ssl_certificate node[:fqdn] do
+  domains [node[:fqdn],
+           "nominatim.openstreetmap.org",
            "nominatim.osm.org",
            "nominatim.openstreetmap.com",
            "nominatim.openstreetmap.net",
-- 
2.39.5