From 55fc22bb3b3c7adfd60c2c4865e52d71c7de3572 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 12 Feb 2017 10:36:08 +0000
Subject: [PATCH] Switch git.osm.org to letsencrypt

---
 cookbooks/git/recipes/web.rb               | 6 ++++++
 cookbooks/git/templates/default/apache.erb | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/cookbooks/git/recipes/web.rb b/cookbooks/git/recipes/web.rb
index 5a59e1c4b..5d298e7ca 100644
--- a/cookbooks/git/recipes/web.rb
+++ b/cookbooks/git/recipes/web.rb
@@ -32,6 +32,12 @@ template "/etc/gitweb.conf" do
   mode 0o644
 end
 
+ssl_certificate node[:git][:host] do
+  domains node[:git][:host]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site node[:git][:host] do
   template "apache.erb"
   directory git_directory
diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb
index e9bebd2ea..21e0aa077 100644
--- a/cookbooks/git/templates/default/apache.erb
+++ b/cookbooks/git/templates/default/apache.erb
@@ -7,6 +7,7 @@
 	CustomLog /var/log/apache2/<%= @name %>-access.log combined
 	ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
 	RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -15,6 +16,8 @@
 	ServerAdmin webmaster@openstreetmap.org
 
 	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+	SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
 	CustomLog /var/log/apache2/<%= @name %>-access.log combined
 	ErrorLog /var/log/apache2/<%= @name %>-error.log
-- 
2.43.2