From: Tom Hughes <tom@compton.nu>
Date: Mon, 18 Feb 2019 20:23:31 +0000 (+0000)
Subject: Cleanup unused certificates
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/d7a070fcfd61fe0c43f81d9cfefe1e0ee96152ac

Cleanup unused certificates
---

diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 61a120057..834f215da 100644
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -150,6 +150,21 @@ certificates.each do |name, details|
   end
 end
 
+Dir.each_child("/srv/acme.openstreetmap.org/requests") do |name|
+  next if certificates.include?(name)
+
+  file "/srv/acme.openstreetmap.org/requests/#{name}" do
+    action :delete
+  end
+
+  execute "certbot-delete-#{name}" do
+    command "/usr/bin/certbot delete --config-dir /srv/acme.openstreetmap.org/config --work-dir /srv/acme.openstreetmap.org/work --logs-dir /srv/acme.openstreetmap.org/logs --cert-name #{name}"
+    cwd "/srv/acme.openstreetmap.org"
+    user "letsencrypt"
+    group "letsencrypt"
+  end
+end
+
 template "/srv/acme.openstreetmap.org/bin/check-certificates" do
   source "check-certificates.erb"
   owner "root"