postfix: use a chain file for ssl certs
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
b54b8a0bb7
commit
a336ba2a9e
1 changed files with 7 additions and 17 deletions
|
|
@ -80,26 +80,16 @@
|
|||
tags:
|
||||
- postfix
|
||||
|
||||
- name: install /etc/pki/tls/certs/gateway.crt
|
||||
# Install gateway tls cert as a pem file.
|
||||
# This has: private key, then cert, then intermediate cert
|
||||
# This cert is a digicert one, renew it there.
|
||||
- name: install /etc/pki/tls/private/gateway-chain.pem
|
||||
copy:
|
||||
src="{{private}}/files/smtpd/gateway.complete.crt"
|
||||
dest=/etc/pki/tls/certs/gateway.crt
|
||||
src="{{private}}/files/smtpd/gateway-chain.pem"
|
||||
dest=/etc/pki/tls/private/gateway-chain.pem
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
|
||||
notify:
|
||||
- restart postfix
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
- name: Copy gateway.key
|
||||
copy:
|
||||
src="{{private}}/files/smtpd/gateway.key"
|
||||
dest=/etc/pki/tls/private/gateway.key
|
||||
owner=root
|
||||
group=postfix
|
||||
mode=0640
|
||||
mode=0600
|
||||
when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
|
||||
notify:
|
||||
- restart postfix
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue