Use openssl_dhparam to create dhparam files

diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem
deleted file mode 100644 (file)
index c895dd7..0000000
--- a/cookbooks/ssl/files/default/dhparam.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEApDYHQhAm+Wje/kmAWAzCIOhzxJj6RjjKbOfsUp31PpBaeQKwdIZZ
-jStXfkdo1/c4FfpKczO4WMQJBJjCts6nmEfaPTq/ybcVtG0GQDwO6NIjM8sSymUF
-Qcnd9aH2jfUyciPqkAfTavvy+zZIU+3HxTvCA3I6JY5qLZ4YOpNheRu5Q9azBMLo
-vfb+6oQGMnMvUVCSU8aw8BQ1qwhzJJQNAszQqA3DrxG17jsk0mBzsR3KSs4eNcjx
-+65YhKArG76J1NolcP1rocehK5nrH2IO3cU2G/m2Y09DkXSP9thRSxUQ7rVKSgbC
-KhA263146gEf+bbKdMf6zrsNpjisMZ62ewIBAg==
------END DH PARAMETERS-----

diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index fa4ab02d8f1bf8cd3cec1dc6a984f42a658bc03c..ccb3508be195e7f54329aedb66e63258089e9f32 100644 (file)
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -20,11 +20,15 @@
 package "openssl"
 package "ssl-cert"
 
-%w[letsencrypt dhparam].each do |certificate|
-  cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
-    owner "root"
-    group "root"
-    mode 0o444
-    backup false
-  end
+cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
+  backup false
+end
+
+openssl_dhparam "/etc/ssl/certs/dhparam.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
 end