Switch stateofthemap.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 20:27:37 +0000 (20:27 +0000)
committerTom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 20:27:37 +0000 (20:27 +0000)
cookbooks/stateofthemap/recipes/default.rb
cookbooks/stateofthemap/templates/default/apache.erb

index 00e314b..a707e0c 100644 (file)
@@ -29,6 +29,12 @@ git "/srv/stateofthemap.org" do
   group "root"
 end
 
+ssl_certificate "stateofthemap.org" do
+  domains ["stateofthemap.org", "www.stateofthemap.org",
+           "stateofthemap.com", "www.stateofthemap.com"]
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "stateofthemap.org" do
   template "apache.erb"
   directory "/srv/stateofthemap.org"
index 53c3a79..7ed9d92 100644 (file)
@@ -10,6 +10,7 @@
         CustomLog /var/log/apache2/stateofthemap.org-access.log combined
         ErrorLog /var/log/apache2/stateofthemap.org-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://stateofthemap.org/
 </VirtualHost>
 
@@ -23,6 +24,8 @@
         ErrorLog /var/log/apache2/stateofthemap.org-error.log
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/stateofthemap.org.pem
+        SSLCertificateKeyFile /etc/ssl/private/stateofthemap.org.key
 
         RedirectPermanent / https://stateofthemap.org/
 </VirtualHost>
@@ -35,6 +38,8 @@
         ErrorLog /var/log/apache2/stateofthemap.org-error.log
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/stateofthemap.org.pem
+        SSLCertificateKeyFile /etc/ssl/private/stateofthemap.org.key
 
         DocumentRoot /srv/stateofthemap.org/html
 </VirtualHost>