From ccdce84c876fc2873b93ca4ff26e2d15679077fb Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Wed, 17 Oct 2018 20:54:48 +0000
Subject: [PATCH] Switch java-deptools from certbot to mod_md

---
 playbooks/hosts/java-deptools.fedorainfracloud.org |  1 -
 roles/java-deptools/tasks/main.yml                 |  8 +-------
 roles/java-deptools/templates/proxy.conf.j2        | 11 ++++-------
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/playbooks/hosts/java-deptools.fedorainfracloud.org b/playbooks/hosts/java-deptools.fedorainfracloud.org
index 3ef559a0d1..4a48122589 100644
--- a/playbooks/hosts/java-deptools.fedorainfracloud.org
+++ b/playbooks/hosts/java-deptools.fedorainfracloud.org
@@ -30,7 +30,6 @@
 
   roles:
   - java-deptools
-  - certbot
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/roles/java-deptools/tasks/main.yml b/roles/java-deptools/tasks/main.yml
index 80d414459b..1e7430c2dd 100644
--- a/roles/java-deptools/tasks/main.yml
+++ b/roles/java-deptools/tasks/main.yml
@@ -7,6 +7,7 @@
   package: name={{ item }} state=present
   with_items:
   - httpd
+  - mod_md
   - mod_ssl
   - postgresql-server
   - postgresql
@@ -74,13 +75,6 @@
   tags:
   - service
 
-- name: Obtain letsencrypt certificate
-  shell: certbot certonly -n --standalone --agree-tos -m sysadmin-koschei-members@fedoraproject.org -d {{ inventory_hostname }}
-  args:
-    creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
-  tags:
-  - config
-
 - name: Install proxy config
   template: src=proxy.conf.j2 dest=/etc/httpd/conf.d/java-deptools-proxy.conf
   notify:
diff --git a/roles/java-deptools/templates/proxy.conf.j2 b/roles/java-deptools/templates/proxy.conf.j2
index ef5f914d97..6b26f90f0e 100644
--- a/roles/java-deptools/templates/proxy.conf.j2
+++ b/roles/java-deptools/templates/proxy.conf.j2
@@ -1,4 +1,8 @@
+MDomain {{ inventory_hostname }}
 ServerName {{ inventory_hostname }}
+ServerAdmin mizdebsk@fedoraproject.org
+MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+MDRequireHttps temporary
 
 <Proxy *>
     AddDefaultCharset off
@@ -8,9 +12,6 @@ ServerName {{ inventory_hostname }}
 
 <VirtualHost *:443>
     SSLEngine on
-    SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
     SSLHonorCipherOrder On
     SSLCipherSuite {{ ssl_ciphers }}
     SSLProtocol {{ ssl_protocols }}
@@ -18,7 +19,3 @@ ServerName {{ inventory_hostname }}
     ProxyPass         /   http://localhost:9000/
     ProxyPassReverse  /   http://localhost:9000/
 </VirtualHost>
-
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]