From 02e3228d73a05d78eaa784d6b83f9625b09c2360 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Wed, 31 Oct 2018 17:40:22 +0100
Subject: [PATCH] Update the ssl cert config for ci-cc

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/ci_resultsdb/templates/cert.conf | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/ci_resultsdb/templates/cert.conf b/roles/ci_resultsdb/templates/cert.conf
index 6931b625dc..1e5e4e8572 100644
--- a/roles/ci_resultsdb/templates/cert.conf
+++ b/roles/ci_resultsdb/templates/cert.conf
@@ -1,5 +1,19 @@
 <VirtualHost *:80>
   ServerName resultsdb.ci.centos.org
-  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+  RewriteEngine on
+  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName resultsdb.ci.centos.org
+
+  SSLEngine on
+  SSLCertificateFile    /etc/letsencrypt/live/resultsdb.ci.centos.org/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/resultsdb.ci.centos.org/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/resultsdb.ci.centos.org/fullchain.pem
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+  SSLProtocol ALL -SSLv2
+
 </VirtualHost>