Switch lists.osm.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:40:52 +0000 (10:40 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:40:52 +0000 (10:40 +0000)
cookbooks/mailman/recipes/default.rb
cookbooks/mailman/templates/default/apache.erb

index 7dab375eb56feac05eb98b7e0cf8434c92cf7b39..6dca950675b2f4e8973da669ff7aad77c196602f 100644 (file)
@@ -41,6 +41,12 @@ end
 apache_module "expires"
 apache_module "rewrite"
 
+ssl_certificate "lists.openstreetmap.org" do
+  domains "lists.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "lists.openstreetmap.org" do
   template "apache.erb"
 end
index 2262c3fa280b4f19d68c921dcafebca51536c47b..1c0f7ff8e96f67c13588270dbde6b629e8a6b106 100644 (file)
@@ -7,6 +7,7 @@
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -16,6 +17,8 @@
        ServerSignature On
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log