Mercurial > repos > other > Puppet
diff modules/website/manifests/https/redir.pp @ 133:9337c9ce648a puppet-3.6
Switch to using LetsEncrypt certs by default
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Fri, 11 Nov 2016 17:15:23 +0000 |
parents | 501afb45ffc7 |
children | 765e72629b3e |
line wrap: on
line diff
--- a/modules/website/manifests/https/redir.pp Fri Nov 04 20:55:22 2016 +0000 +++ b/modules/website/manifests/https/redir.pp Fri Nov 11 17:15:23 2016 +0000 @@ -6,7 +6,7 @@ $redir, $ssl_cert = undef, $ssl_key = undef, - $ssl_ca_chain = $website::ca_chain, + $ssl_ca_chain = undef, $docroot_owner = undef, $docroot_group = undef, $serveraliases = [], @@ -35,35 +35,17 @@ } if $ssl_cert == undef { - $sslcert = "${website::certdir}/${shortdomain}.crt" - $sslkey = "${website::certdir}/${shortdomain}.key" - File { - mode => '0400', - owner => 'root', - group => 'root', - } - if ! defined(File[$sslcert]) { - file { $sslcert: - source => "puppet:///private/pki/custom/${shortdomain}.crt", - before => Apache::Vhost[$name], - notify => Service['httpd'], - ensure => present; - } - } - if ! defined(File[$sslkey]) { - file { $sslkey: - source => "puppet:///private/pki/custom/${shortdomain}.key", - before => Apache::Vhost[$name], - notify => Service['httpd'], - ensure => present; - } - } + $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" + $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" } else { $sslcert = $ssl_cert $sslkey = $ssl_key } - if $ssl_ca_chain == '' { + if $ssl_ca_chain == undef { + $ssl_chain = $website::ca_chain + } + elsif $ssl_ca_chain == '' { # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert $ssl_chain = undef } else {