Switch chef.osm.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Mon, 13 Feb 2017 15:35:05 +0000 (15:35 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 13 Feb 2017 15:35:05 +0000 (15:35 +0000)
cookbooks/chef/recipes/server.rb
cookbooks/chef/templates/default/apache.erb

index ac6f0d95e1050ce783c5d3bd91a72d175ead8e16..2ebf64f72dc6be392acab827923bf87edc9caa6b 100644 (file)
@@ -78,6 +78,12 @@ end
 apache_module "alias"
 apache_module "proxy_http"
 
+ssl_certificate "chef.openstreetmap.org" do
+  domains ["chef.openstreetmap.org", "chef.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "chef.openstreetmap.org" do
   template "apache.erb"
 end
index f6c1806b1f704031ffe72065f9cff6df75137f1e..1fb417fcb50374ee682090e19e2e6f814b30af78 100644 (file)
@@ -8,6 +8,7 @@
        CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
        Redirect permanent / https://chef.openstreetmap.org/
 </VirtualHost>
 
@@ -20,6 +21,8 @@
 
        SSLEngine on
        SSLProxyEngine on
+       SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
 
        ProxyPass / https://<%= node[:fqdn] %>:4443/
 </VirtualHost>