X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/429671f3522169d59628ad61852712f6ef840145..94c82143038ad02b0d0b7f8607d0b432c4831fe2:/cookbooks/exim/recipes/default.rb

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 6b20f5181..c46606dbf 100644
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -33,21 +33,35 @@ group "ssl-cert" do
   append true
 end
 
-openssl_x509_certificate "/etc/ssl/certs/exim.pem" do
-  key_file "/etc/ssl/private/exim.key"
-  owner "root"
-  group "ssl-cert"
-  mode 0o640
-  org "OpenStreetMap"
-  email "postmaster@openstreetmap.org"
-  common_name node[:fqdn]
-  expire 3650
+if node[:exim][:certificate_names]
+  include_recipe "apache"
+
+  apache_site node[:exim][:certificate_names].first do
+    template "apache.erb"
+    variables :aliases => node[:exim][:certificate_names].drop(1)
+  end
+
+  ssl_certificate node[:exim][:certificate_names].first do
+    domains node[:exim][:certificate_names]
+    notifies :restart, "service[exim4]"
+  end
+else
+  openssl_x509_certificate "/etc/ssl/certs/exim.pem" do
+    key_file "/etc/ssl/private/exim.key"
+    owner "root"
+    group "ssl-cert"
+    mode 0o640
+    org "OpenStreetMap"
+    email "postmaster@openstreetmap.org"
+    common_name node[:fqdn]
+    expire 3650
+    notifies :restart, "service[exim4]"
+  end
 end
 
 service "exim4" do
   action [:enable, :start]
   supports :status => true, :restart => true, :reload => true
-  subscribes :restart, "execute[/etc/ssl/certs/exim.pem]"
 end
 
 relay_to_domains = node[:exim][:relay_to_domains]