X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/18e12b0e123fc3e5f344682f884feabc12da0f5a..9de17ece169e2c0f91c5545b328fc0cc2fc6a0f4:/cookbooks/letsencrypt/recipes/default.rb

diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 92c8311de..05b1c0fa8 100644
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -1,8 +1,8 @@
 #
-# Cookbook Name:: letsencrypt
+# Cookbook:: letsencrypt
 # Recipe:: default
 #
-# Copyright 2017, OpenStreetMap Foundation
+# Copyright:: 2017, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -124,7 +124,10 @@ certificates = search(:node, "letsencrypt:certificates").each_with_object({}) do
   n[:letsencrypt][:certificates].each do |name, details|
     c[name] ||= details.merge(:nodes => [])
 
-    c[name][:nodes] << { :name => n[:fqdn], :address => n[:ipaddress] }
+    c[name][:nodes] << {
+      :name => n[:fqdn],
+      :address => n.external_ipaddress || n.internal_ipaddress
+    }
   end
 end
 
@@ -147,6 +150,21 @@ certificates.each do |name, details|
   end
 end
 
+Dir.glob("*", :base => "/srv/acme.openstreetmap.org/requests") do |name|
+  next if certificates.include?(name)
+
+  file "/srv/acme.openstreetmap.org/requests/#{name}" do
+    action :delete
+  end
+
+  execute "certbot-delete-#{name}" do
+    command "/usr/bin/certbot delete --config-dir /srv/acme.openstreetmap.org/config --work-dir /srv/acme.openstreetmap.org/work --logs-dir /srv/acme.openstreetmap.org/logs --cert-name #{name}"
+    cwd "/srv/acme.openstreetmap.org"
+    user "letsencrypt"
+    group "letsencrypt"
+  end
+end
+
 template "/srv/acme.openstreetmap.org/bin/check-certificates" do
   source "check-certificates.erb"
   owner "root"