From 7797ba038f496cb453193df985523e0dc5c435ec Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 12 Sep 2018 20:44:56 +0100
Subject: [PATCH 1/1] Use openssl_dhparam to create dhparam files

---
 cookbooks/ssl/files/default/dhparam.pem |  8 --------
 cookbooks/ssl/recipes/default.rb        | 18 +++++++++++-------
 2 files changed, 11 insertions(+), 15 deletions(-)
 delete mode 100644 cookbooks/ssl/files/default/dhparam.pem

diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem
deleted file mode 100644
index c895dd70d..000000000
--- a/cookbooks/ssl/files/default/dhparam.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEApDYHQhAm+Wje/kmAWAzCIOhzxJj6RjjKbOfsUp31PpBaeQKwdIZZ
-jStXfkdo1/c4FfpKczO4WMQJBJjCts6nmEfaPTq/ybcVtG0GQDwO6NIjM8sSymUF
-Qcnd9aH2jfUyciPqkAfTavvy+zZIU+3HxTvCA3I6JY5qLZ4YOpNheRu5Q9azBMLo
-vfb+6oQGMnMvUVCSU8aw8BQ1qwhzJJQNAszQqA3DrxG17jsk0mBzsR3KSs4eNcjx
-+65YhKArG76J1NolcP1rocehK5nrH2IO3cU2G/m2Y09DkXSP9thRSxUQ7rVKSgbC
-KhA263146gEf+bbKdMf6zrsNpjisMZ62ewIBAg==
------END DH PARAMETERS-----
diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index fa4ab02d8..ccb3508be 100644
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -20,11 +20,15 @@
 package "openssl"
 package "ssl-cert"
 
-%w[letsencrypt dhparam].each do |certificate|
-  cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
-    owner "root"
-    group "root"
-    mode 0o444
-    backup false
-  end
+cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
+  backup false
+end
+
+openssl_dhparam "/etc/ssl/certs/dhparam.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
 end
-- 
2.43.2