From: Tom Hughes <tom@compton.nu>
Date: Sun, 12 Feb 2017 10:52:09 +0000 (+0000)
Subject: Switch OTRS to letsencrypt
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/a449993c2f97f5bfa7c66e8bc1e453946fe25bc7?ds=sidebyside

Switch OTRS to letsencrypt
---

diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index c1a027e56..03eb43aa0 100644
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -139,6 +139,12 @@ Dir.glob("/opt/otrs/var/cron/*.dist") do |distname|
   end
 end
 
+ssl_certificate site do
+  domains site
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site site do
   template "apache.erb"
 end
diff --git a/cookbooks/otrs/templates/default/apache.erb b/cookbooks/otrs/templates/default/apache.erb
index 3b889ce3d..e392d8765 100644
--- a/cookbooks/otrs/templates/default/apache.erb
+++ b/cookbooks/otrs/templates/default/apache.erb
@@ -7,6 +7,7 @@
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://otrs.openstreetmap.org/
 </VirtualHost>
 
@@ -18,6 +19,8 @@
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
         ScriptAlias /otrs/ /opt/otrs/bin/cgi-bin/
         Alias /otrs-web/ /opt/otrs/var/httpd/htdocs/