Switch hardware.osm.org to letsencrypt

diff --git a/cookbooks/serverinfo/recipes/default.rb b/cookbooks/serverinfo/recipes/default.rb
index e68620f7bd15d8cafa2f7466efb5a8ea56e9e2d6..f38283fc97dd4786b865d64a115b1c1a1fead925 100644 (file)
--- a/cookbooks/serverinfo/recipes/default.rb
+++ b/cookbooks/serverinfo/recipes/default.rb
@@ -66,6 +66,12 @@ execute "/srv/hardware.openstreetmap.org" do
   group "nogroup"
 end
 
+ssl_certificate "hardware.openstreetmap.org" do
+  domains "hardware.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "hardware.openstreetmap.org" do
   template "apache.erb"
   directory "/srv/hardware.openstreetmap.org/_site"

diff --git a/cookbooks/serverinfo/templates/default/apache.erb b/cookbooks/serverinfo/templates/default/apache.erb
index 1cb0fe44c6c43972d90b0a344b63e969de029392..04e4a67972764895ae9c11a2289feabd0cb3b251 100644 (file)
--- a/cookbooks/serverinfo/templates/default/apache.erb
+++ b/cookbooks/serverinfo/templates/default/apache.erb
@@ -7,6 +7,7 @@
    CustomLog /var/log/apache2/<%= @name %>-access.log combined
    ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
    Redirect permanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -17,9 +18,11 @@
    CustomLog /var/log/apache2/<%= @name %>-access.log combined
    ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   DocumentRoot <%= @directory %>
-
    SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+   DocumentRoot <%= @directory %>
 </VirtualHost>
 
 <Directory <%= @directory %>>