Mercurial > repos > other > Puppet
diff modules/website/manifests/https.pp @ 133:9337c9ce648a puppet-3.6
Switch to using LetsEncrypt certs by default
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Fri, 11 Nov 2016 17:15:23 +0000 |
| parents | ef0926ee389a |
| children | 765e72629b3e |
line wrap: on
line diff
--- a/modules/website/manifests/https.pp Fri Nov 04 20:55:22 2016 +0000 +++ b/modules/website/manifests/https.pp Fri Nov 11 17:15:23 2016 +0000 @@ -5,7 +5,7 @@ $ip = $website::primary_ip, $ssl_cert = undef, $ssl_key = undef, - $ssl_ca_chain = $website::ca_chain, + $ssl_ca_chain = undef, $priority = undef, $docroot_owner = undef, $docroot_group = undef, @@ -70,31 +70,17 @@ } if $ssl_cert == undef { - $sslcert = "${website::certdir}/${shortdomain}.crt" - $sslkey = "${website::certdir}/${shortdomain}.key" - File { - mode => '0400', - owner => 'root', - group => 'root', - } - file { $sslcert: - source => "puppet:///private/pki/custom/${shortdomain}.crt", - before => Apache::Vhost[$name], - notify => Service['httpd'], - ensure => present; - } - file { $sslkey: - source => "puppet:///private/pki/custom/${shortdomain}.key", - before => Apache::Vhost[$name], - notify => Service['httpd'], - ensure => present; - } + $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" + $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" } else { $sslcert = $ssl_cert - $sslkey = $ssl_key + $sslkey = $ssl_key } - if $ssl_ca_chain == '' { + if $ssl_ca_chain == undef { + $ssl_chain = $website::ca_chain + } + elsif $ssl_ca_chain == '' { # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert $ssl_chain = undef } else {