Switch planet.osm.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Mon, 13 Feb 2017 15:41:20 +0000 (15:41 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 13 Feb 2017 15:41:20 +0000 (15:41 +0000)
cookbooks/planet/recipes/default.rb
cookbooks/planet/templates/default/apache.erb

index 45029875d687a3809ea89acf6bb7159432df291a..044a88bf8d4b6919a0fb55c0b4c847173315f307 100644 (file)
@@ -91,6 +91,12 @@ apache_module "cgid"
 apache_module "rewrite"
 apache_module "proxy_http"
 
+ssl_certificate "planet.openstreetmap.org" do
+  domains ["planet.openstreetmap.org", "planet.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "planet.openstreetmap.org" do
   template "apache.erb"
 end
index 4528f46fef8ace583339f0ea9e5bf7c2b4001466..8790c80328d18d463299542c5545f61ac127dadb 100644 (file)
@@ -5,9 +5,13 @@
         ServerName planet.openstreetmap.org
         ServerAlias planet.osm.org
         ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
 
+<% if port == 443 -%>
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/planet.openstreetmap.org.pem
+        SSLCertificateKeyFile /etc/ssl/private/planet.openstreetmap.org.key
+<% else -%>
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
 <% end -%>
 
         CustomLog /var/log/apache2/planet.openstreetmap.org-access.log combined