Hubs: fix letsencrypt setup

2018-01-13 10:57:21 +00:00 · 2018-01-13 10:57:21 +00:00 · d548b86bef
commit d548b86bef
parent 8c05e1685b
3 changed files with 4 additions and 2 deletions
--- a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
@ -58,7 +58,7 @@
    hubs_secret_key: demotestinghubsmachine
    hubs_db_type: sqlite
    hubs_dev_mode: false
-    hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/cert.pem
+    hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem
    hubs_ssl_key: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem


--- a/roles/hubs/tasks/webserver.yml
+++ b/roles/hubs/tasks/webserver.yml
@ -41,7 +41,7 @@
  dnf: name=python2-certbot-nginx state=present

 - name: get the letencrypt cert
-  command: certbot certonly -n --nginx -d {{ ansible_fqdn }}
+  command: certbot certonly -n --nginx -d {{ ansible_fqdn }} --agree-tos --email admin@fedoraproject.org
  args:
    creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
  notify:
--- a/roles/hubs/templates/nginx_ssl_params
+++ b/roles/hubs/templates/nginx_ssl_params
@ -1,3 +1,5 @@
 ssl                  on;
 ssl_certificate      {{ hubs_ssl_cert }};
 ssl_certificate_key  {{ hubs_ssl_key }};
+include /etc/letsencrypt/options-ssl-nginx.conf;
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;