From 8afa9c8430e784f33e55fca3249324dbb1ec2cec Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 12 Feb 2017 10:40:52 +0000
Subject: [PATCH] Switch lists.osm.org to letsencrypt

---
 cookbooks/mailman/recipes/default.rb           | 6 ++++++
 cookbooks/mailman/templates/default/apache.erb | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/cookbooks/mailman/recipes/default.rb b/cookbooks/mailman/recipes/default.rb
index 7dab375eb..6dca95067 100644
--- a/cookbooks/mailman/recipes/default.rb
+++ b/cookbooks/mailman/recipes/default.rb
@@ -41,6 +41,12 @@ end
 apache_module "expires"
 apache_module "rewrite"
 
+ssl_certificate "lists.openstreetmap.org" do
+  domains "lists.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "lists.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/mailman/templates/default/apache.erb b/cookbooks/mailman/templates/default/apache.erb
index 2262c3fa2..1c0f7ff8e 100644
--- a/cookbooks/mailman/templates/default/apache.erb
+++ b/cookbooks/mailman/templates/default/apache.erb
@@ -7,6 +7,7 @@
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -16,6 +17,8 @@
 	ServerSignature On
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
 	CustomLog /var/log/apache2/<%= @name %>-access.log combined
 	ErrorLog /var/log/apache2/<%= @name %>-error.log
-- 
2.43.2