Switch java-deptools from certbot to mod_md

playbooks/hosts/java-deptools.fedorainfracloud.org

@@ -30,7 +30,6 @@
 
   roles:
   - java-deptools
-  - certbot
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"

roles/java-deptools/tasks/main.yml

@@ -7,6 +7,7 @@
   package: name={{ item }} state=present
   with_items:
   - httpd
+  - mod_md
   - mod_ssl
   - postgresql-server
   - postgresql
@@ -74,13 +75,6 @@
   tags:
   - service
 
-- name: Obtain letsencrypt certificate
-  shell: certbot certonly -n --standalone --agree-tos -m sysadmin-koschei-members@fedoraproject.org -d {{ inventory_hostname }}
-  args:
-    creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
-  tags:
-  - config
-
 - name: Install proxy config
   template: src=proxy.conf.j2 dest=/etc/httpd/conf.d/java-deptools-proxy.conf
   notify:

roles/java-deptools/templates/proxy.conf.j2

@@ -1,4 +1,8 @@
+MDomain {{ inventory_hostname }}
 ServerName {{ inventory_hostname }}
+ServerAdmin mizdebsk@fedoraproject.org
+MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+MDRequireHttps temporary
 
 <Proxy *>
     AddDefaultCharset off
@@ -8,9 +12,6 @@ ServerName {{ inventory_hostname }}
 
 <VirtualHost *:443>
     SSLEngine on
-    SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
     SSLHonorCipherOrder On
     SSLCipherSuite {{ ssl_ciphers }}
     SSLProtocol {{ ssl_protocols }}
@@ -18,7 +19,3 @@ ServerName {{ inventory_hostname }}
     ProxyPass         /   http://localhost:9000/
     ProxyPassReverse  /   http://localhost:9000/
 </VirtualHost>
-
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]