pagure: handle stunnel bundled cert in letsencrypt renews

This commit removes the old tasks to try and create a cert/intermediate bundle file for stunnel in favor of just doing it when we renew/get the cert. It also fixes stunnel to use the correct bundled cert. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-01-20 11:55:13 -08:00 · 2023-01-20 11:55:13 -08:00 · d44bc3991c
commit d44bc3991c
parent ff51231e77
4 changed files with 18 additions and 25 deletions
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@ -135,3 +135,17 @@
  - letsencrypt
  delegate_to: "{{ certbot_addhost }}"
  when: certbot_addhost is defined
+
+- name: Install certificate bundle
+  copy: >
+    dest=/etc/pki/tls/certs/{{site_name}}.bundle.cert
+    content="{{certbot_chain.stdout}} {{certbot_certificate.stdout}}"
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload stunnel
+  tags:
+  - letsencrypt
+  delegate_to: "{{ certbot_bundlehost }}"
+  when: certbot_bundlehost is defined