LE for releases.stg.pagure.org, infra #6576

Signed-off-by: Rick Elrod <relrod@redhat.com>

roles/letsencrypt/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+server_aliases: []

roles/pagure/frontend/tasks/main.yml

@@ -239,6 +239,12 @@
   - web
   - pagure
 
+- name: Letsencrypt for releases.stg.pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: releases.stg.pagure.org
+  when: env == 'pagure-staging'
+
 - name: Install the SSL cert so that we can use https
   copy: >
       src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}

roles/pagure/frontend/templates/0_pagure.conf

@@ -32,6 +32,7 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 {% if env == 'pagure-staging' %}
   ServerName releases.stg.pagure.org
   #Redirect permanent / https://releases.stg.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
 {% else %}
   ServerName releases.pagure.org
   #Redirect permanent / https://releases.pagure.org/
@@ -171,6 +172,13 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
   DocumentRoot "/var/www/releases"
 {% if env == 'pagure-staging' %}
   ServerName releases.stg.pagure.org
+  SSLEngine on
+  SSLCertificateFile /etc/pki/tls/certs/releases.stg.pagure.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/releases.stg.pagure.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/releases.stg.pagure.org.intermediate.cert
+  SSLHonorCipherOrder On
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
 {% else %}
   ServerName releases.pagure.org
 {% endif %}