From ac127ff44da857007c2d4a02120e6ee9a27f0857 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kadl=C4=8D=C3=ADk?= <frostyx@email.cz>
Date: Sat, 1 Jun 2019 14:51:36 +0200
Subject: [PATCH] copr: frontend: fix selinux context for letsencrypt, see
 d6b034984

---
 roles/copr/frontend-cloud/tasks/letsencrypt.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/roles/copr/frontend-cloud/tasks/letsencrypt.yml b/roles/copr/frontend-cloud/tasks/letsencrypt.yml
index b8e6c886c0..6bd06a8320 100644
--- a/roles/copr/frontend-cloud/tasks/letsencrypt.yml
+++ b/roles/copr/frontend-cloud/tasks/letsencrypt.yml
@@ -21,9 +21,14 @@
   tags:
   - config
 
-- name: Set SELinux context for certs generation
+- name: certbot, correct fcontext mapping the web root
   sefcontext:
-    target: "/srv/web/acme-challenge/.well-known"
+    target: '/srv/web/acme-challenge/.well-known(/.*)'
     setype: httpd_sys_content_t
     state: present
-  when: devel
+
+- name: certbot, restorecon the web root
+  file:
+    path: /srv/web/acme-challenge/.well-known
+    state: directory
+    setype: httpd_sys_content_t