From 643f28e4f32f013c16d04378d7d1f3dd7d8edc17 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 19 Feb 2017 19:19:36 +0000 Subject: [PATCH] Remove legacy certificate support --- cookbooks/apache/attributes/default.rb | 2 -- cookbooks/apache/recipes/ssl.rb | 10 ------- cookbooks/apache/templates/default/ssl.erb | 6 ++-- cookbooks/blogs/recipes/default.rb | 1 - cookbooks/cgiirc/recipes/default.rb | 1 - cookbooks/chef/recipes/server.rb | 1 - cookbooks/dns/recipes/default.rb | 1 - cookbooks/forum/recipes/default.rb | 1 - cookbooks/foundation/recipes/owg.rb | 1 - cookbooks/git/recipes/web.rb | 1 - cookbooks/gps-tile/recipes/default.rb | 1 - cookbooks/kibana/recipes/default.rb | 1 - cookbooks/mailman/recipes/default.rb | 1 - cookbooks/nominatim/recipes/default.rb | 1 - cookbooks/osqa/recipes/default.rb | 1 - cookbooks/otrs/recipes/default.rb | 1 - cookbooks/piwik/recipes/default.rb | 1 - cookbooks/planet/recipes/default.rb | 1 - cookbooks/serverinfo/recipes/default.rb | 1 - cookbooks/ssl/attributes/default.rb | 1 - cookbooks/ssl/files/default/rapidssl.pem | 26 ---------------- cookbooks/ssl/files/default/startcom.pem | 34 --------------------- cookbooks/ssl/recipes/default.rb | 35 +++++----------------- cookbooks/ssl/resources/certificate.rb | 9 ------ cookbooks/stats/recipes/default.rb | 1 - cookbooks/subversion/recipes/default.rb | 1 - cookbooks/taginfo/recipes/default.rb | 1 - cookbooks/tilecache/recipes/default.rb | 1 - cookbooks/trac/recipes/default.rb | 1 - cookbooks/web/recipes/rails.rb | 1 - 30 files changed, 9 insertions(+), 136 deletions(-) delete mode 100644 cookbooks/ssl/files/default/rapidssl.pem delete mode 100644 cookbooks/ssl/files/default/startcom.pem diff --git a/cookbooks/apache/attributes/default.rb b/cookbooks/apache/attributes/default.rb index 46feacd34..8e051057f 100644 --- a/cookbooks/apache/attributes/default.rb +++ b/cookbooks/apache/attributes/default.rb @@ -28,6 +28,4 @@ default[:apache][:event][:max_connections_per_child] = 0 default[:apache][:listen_address] = "*" -default[:apache][:ssl][:certificate] = "openstreetmap" - default[:apache][:buffered_logs] = true diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb index b9b2ca305..b2818df70 100644 --- a/cookbooks/apache/recipes/ssl.rb +++ b/cookbooks/apache/recipes/ssl.rb @@ -17,10 +17,6 @@ # limitations under the License. # -certificate = node[:apache][:ssl][:certificate] - -node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate] - include_recipe "apache" include_recipe "ssl" @@ -28,11 +24,5 @@ apache_module "ssl" apache_conf "ssl" do template "ssl.erb" - variables :certificate => certificate notifies :reload, "service[apache2]" end - -apache = resources("service[apache2]") - -apache.subscribes(:restart, "file[/etc/ssl/certs/#{certificate}.pem]") -apache.subscribes(:restart, "file[/etc/ssl/private/#{certificate}.key]") diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb index 03b77f54b..17ee112b6 100644 --- a/cookbooks/apache/templates/default/ssl.erb +++ b/cookbooks/apache/templates/default/ssl.erb @@ -3,11 +3,9 @@ SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On -SSLCipherSuite <%= node[:ssl][:ciphers] -%> - -SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem -SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key +SSLCipherSuite <%= node[:ssl][:ciphers] %> <% if node[:lsb][:release].to_f < 16.04 -%> + SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem <% end -%> diff --git a/cookbooks/blogs/recipes/default.rb b/cookbooks/blogs/recipes/default.rb index c2a4a1c4c..8389b6260 100644 --- a/cookbooks/blogs/recipes/default.rb +++ b/cookbooks/blogs/recipes/default.rb @@ -61,7 +61,6 @@ end ssl_certificate "blogs.openstreetmap.org" do domains "blogs.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/cgiirc/recipes/default.rb b/cookbooks/cgiirc/recipes/default.rb index 173eebfdd..2c80239ff 100644 --- a/cookbooks/cgiirc/recipes/default.rb +++ b/cookbooks/cgiirc/recipes/default.rb @@ -40,7 +40,6 @@ end ssl_certificate "irc.openstreetmap.org" do domains "irc.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/chef/recipes/server.rb b/cookbooks/chef/recipes/server.rb index 2ebf64f72..fe668ad1d 100644 --- a/cookbooks/chef/recipes/server.rb +++ b/cookbooks/chef/recipes/server.rb @@ -80,7 +80,6 @@ apache_module "proxy_http" ssl_certificate "chef.openstreetmap.org" do domains ["chef.openstreetmap.org", "chef.osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/dns/recipes/default.rb b/cookbooks/dns/recipes/default.rb index 4fbde88c0..8db66d6c9 100644 --- a/cookbooks/dns/recipes/default.rb +++ b/cookbooks/dns/recipes/default.rb @@ -73,7 +73,6 @@ end ssl_certificate "dns.openstreetmap.org" do domains "dns.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb index 7130c1728..7288824b5 100644 --- a/cookbooks/forum/recipes/default.rb +++ b/cookbooks/forum/recipes/default.rb @@ -33,7 +33,6 @@ apache_module "rewrite" ssl_certificate "forum.openstreetmap.org" do domains ["forum.openstreetmap.org", "forum.osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb index a34a16f2a..cc093b3c9 100644 --- a/cookbooks/foundation/recipes/owg.rb +++ b/cookbooks/foundation/recipes/owg.rb @@ -58,7 +58,6 @@ end ssl_certificate "operations.osmfoundation.org" do domains "operations.osmfoundation.org" - fallback_certificate "osmfoundation" notifies :reload, "service[apache2]" end diff --git a/cookbooks/git/recipes/web.rb b/cookbooks/git/recipes/web.rb index 5d298e7ca..24307121d 100644 --- a/cookbooks/git/recipes/web.rb +++ b/cookbooks/git/recipes/web.rb @@ -34,7 +34,6 @@ end ssl_certificate node[:git][:host] do domains node[:git][:host] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb index 593e69ad1..87c2c49ac 100644 --- a/cookbooks/gps-tile/recipes/default.rb +++ b/cookbooks/gps-tile/recipes/default.rb @@ -112,7 +112,6 @@ ssl_certificate "gps-tile.openstreetmap.org" do "gps-a.tile.openstreetmap.org", "gps-b.tile.openstreetmap.org", "gps-c.tile.openstreetmap.org"] - fallback_certificate "tile.openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb index 8c7db202f..6a985ae34 100644 --- a/cookbooks/kibana/recipes/default.rb +++ b/cookbooks/kibana/recipes/default.rb @@ -93,7 +93,6 @@ node[:kibana][:sites].each do |name, details| ssl_certificate details[:site] do domains details[:site] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/mailman/recipes/default.rb b/cookbooks/mailman/recipes/default.rb index 6dca95067..8fb1b9092 100644 --- a/cookbooks/mailman/recipes/default.rb +++ b/cookbooks/mailman/recipes/default.rb @@ -43,7 +43,6 @@ apache_module "rewrite" ssl_certificate "lists.openstreetmap.org" do domains "lists.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb index b7954af92..b098c599d 100644 --- a/cookbooks/nominatim/recipes/default.rb +++ b/cookbooks/nominatim/recipes/default.rb @@ -338,7 +338,6 @@ ssl_certificate "nominatim.openstreetmap.org" do "nominatim.openstreetmap.net", "nominatim.openstreetmaps.org", "nominatim.openmaps.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/osqa/recipes/default.rb b/cookbooks/osqa/recipes/default.rb index 482d73d88..5d5b4b1f2 100644 --- a/cookbooks/osqa/recipes/default.rb +++ b/cookbooks/osqa/recipes/default.rb @@ -51,7 +51,6 @@ node[:osqa][:sites].each do |site| ssl_certificate site_name do domains site_name - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb index 03eb43aa0..b6861d1a2 100644 --- a/cookbooks/otrs/recipes/default.rb +++ b/cookbooks/otrs/recipes/default.rb @@ -141,7 +141,6 @@ end ssl_certificate site do domains site - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb index 8561491b2..36bb05d2b 100644 --- a/cookbooks/piwik/recipes/default.rb +++ b/cookbooks/piwik/recipes/default.rb @@ -93,7 +93,6 @@ end ssl_certificate "piwik.openstreetmap.org" do domains ["piwik.openstreetmap.org", "piwik.osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/planet/recipes/default.rb b/cookbooks/planet/recipes/default.rb index 044a88bf8..452b54276 100644 --- a/cookbooks/planet/recipes/default.rb +++ b/cookbooks/planet/recipes/default.rb @@ -93,7 +93,6 @@ apache_module "proxy_http" ssl_certificate "planet.openstreetmap.org" do domains ["planet.openstreetmap.org", "planet.osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/serverinfo/recipes/default.rb b/cookbooks/serverinfo/recipes/default.rb index f38283fc9..c027480d9 100644 --- a/cookbooks/serverinfo/recipes/default.rb +++ b/cookbooks/serverinfo/recipes/default.rb @@ -68,7 +68,6 @@ end ssl_certificate "hardware.openstreetmap.org" do domains "hardware.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb index 5db9abbb2..1494dfe75 100644 --- a/cookbooks/ssl/attributes/default.rb +++ b/cookbooks/ssl/attributes/default.rb @@ -1,2 +1 @@ -default[:ssl][:certificates] = [] default[:ssl][:ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" diff --git a/cookbooks/ssl/files/default/rapidssl.pem b/cookbooks/ssl/files/default/rapidssl.pem deleted file mode 100644 index fac034465..000000000 --- a/cookbooks/ssl/files/default/rapidssl.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTMxMjExMjM0NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSUmFwaWRTU0wg -U0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1jBEgEu -l9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx2GCJ -a1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6 -msrVMNI4/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpyg -C04q18NhWoXdXBC5VD0tA/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZD -dvDibvDfqCl158ikh4tq8bsIyTYYZe5QQ7hdctUoOeFTPiUs2itP3YqeUFDgb5rE -1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwR -fap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIGA1UdEwEB -/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0 -dHA6Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEE -IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMw -QQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0 -LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1h -bnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBWlLp6vXmp9uP+ -bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar -RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJR -BBZqAOv5jUOB8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd -4FB84XavXu0R0y8TubglpK9YCa81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4 -Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8 -2A== ------END CERTIFICATE----- diff --git a/cookbooks/ssl/files/default/startcom.pem b/cookbooks/ssl/files/default/startcom.pem deleted file mode 100644 index dbaeda6ad..000000000 --- a/cookbooks/ssl/files/default/startcom.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG -EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp -Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1 -NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp -BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV -BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I -PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV -sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k -s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125 -w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH -M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp -Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E -BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw -AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw -Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg -I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow -OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w -b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw -tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u -agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs -BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy -36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn -cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy -T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6 -4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV -iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA -7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u -y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR -RNvbaAxIU4U67YaZSw== ------END CERTIFICATE----- diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb index 1635ed24d..6dcc02444 100644 --- a/cookbooks/ssl/recipes/default.rb +++ b/cookbooks/ssl/recipes/default.rb @@ -17,13 +17,10 @@ # limitations under the License. # -keys = data_bag_item("ssl", "keys") -certs = data_bag_item("ssl", "certs") - package "openssl" package "ssl-cert" -%w(letsencrypt rapidssl startcom dhparam).each do |certificate| +%w(letsencrypt dhparam).each do |certificate| cookbook_file "/etc/ssl/certs/#{certificate}.pem" do owner "root" group "root" @@ -32,30 +29,12 @@ package "ssl-cert" end end -["openstreetmap", "tile.openstreetmap", "osmfoundation"].each do |certificate| - if node[:ssl][:certificates].include?(certificate) - file "/etc/ssl/certs/#{certificate}.pem" do - owner "root" - group "root" - mode 0o444 - content certs[certificate].join("\n") - backup false - end - - file "/etc/ssl/private/#{certificate}.key" do - owner "root" - group "ssl-cert" - mode 0o440 - content keys[certificate].join("\n") - backup false - end - else - file "/etc/ssl/certs/#{certificate}.pem" do - action :delete - end +["openstreetmap", "tile.openstreetmap", "osmfoundation", "rapidssl", "startcom"].each do |certificate| + file "/etc/ssl/certs/#{certificate}.pem" do + action :delete + end - file "/etc/ssl/private/#{certificate}.key" do - action :delete - end + file "/etc/ssl/private/#{certificate}.key" do + action :delete end end diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb index fc94d39de..c133491ed 100644 --- a/cookbooks/ssl/resources/certificate.rb +++ b/cookbooks/ssl/resources/certificate.rb @@ -21,7 +21,6 @@ default_action :create property :name, String property :domains, [String, Array], :required => true -property :fallback_certificate, String action :create do node.default[:letsencrypt][:certificates][name] = { @@ -53,14 +52,6 @@ action :create do manage_symlink_source false force_unlink true end - elsif fallback_certificate - link "/etc/ssl/certs/#{name}.pem" do - to "#{fallback_certificate}.pem" - end - - link "/etc/ssl/private/#{name}.key" do - to "#{fallback_certificate}.key" - end else template "/tmp/#{name}.ssl.cnf" do cookbook "ssl" diff --git a/cookbooks/stats/recipes/default.rb b/cookbooks/stats/recipes/default.rb index 3f0303d2e..2c92fb2b2 100644 --- a/cookbooks/stats/recipes/default.rb +++ b/cookbooks/stats/recipes/default.rb @@ -75,7 +75,6 @@ end ssl_certificate "stats.openstreetmap.org" do domains ["stats.openstreetmap.org", "stats.osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb index 8419bbc40..51a6de59c 100644 --- a/cookbooks/subversion/recipes/default.rb +++ b/cookbooks/subversion/recipes/default.rb @@ -53,7 +53,6 @@ end ssl_certificate site_name do domains site_name - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb index 35166f1d0..3b0983a25 100644 --- a/cookbooks/taginfo/recipes/default.rb +++ b/cookbooks/taginfo/recipes/default.rb @@ -236,7 +236,6 @@ node[:taginfo][:sites].each do |site| ssl_certificate site_name do domains site_name - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb index c275edb66..41a4e7f71 100644 --- a/cookbooks/tilecache/recipes/default.rb +++ b/cookbooks/tilecache/recipes/default.rb @@ -116,7 +116,6 @@ ssl_certificate "tile.openstreetmap.org" do "a.tile.openstreetmap.org", "b.tile.openstreetmap.org", "c.tile.openstreetmap.org"] - fallback_certificate "tile.openstreetmap" notifies :restart, "service[nginx]" end diff --git a/cookbooks/trac/recipes/default.rb b/cookbooks/trac/recipes/default.rb index 551f28e71..fab0564b0 100644 --- a/cookbooks/trac/recipes/default.rb +++ b/cookbooks/trac/recipes/default.rb @@ -73,7 +73,6 @@ apache_module "wsgi" ssl_certificate "trac.openstreetmap.org" do domains "trac.openstreetmap.org" - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index 4095be1bc..77017b735 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -32,7 +32,6 @@ ssl_certificate "www.openstreetmap.org" do domains ["www.openstreetmap.org", "www.osm.org", "api.openstreetmap.org", "api.osm.org", "openstreetmap.org", "osm.org"] - fallback_certificate "openstreetmap" notifies :reload, "service[apache2]" end -- 2.43.2