From d548b86bef07fcaa66d089adc19975487f2fc0f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Sat, 13 Jan 2018 10:57:21 +0000 Subject: [PATCH] Hubs: fix letsencrypt setup --- playbooks/hosts/hubs-dev.fedorainfracloud.org.yml | 2 +- roles/hubs/tasks/webserver.yml | 2 +- roles/hubs/templates/nginx_ssl_params | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml index 6c2215e564..4189bee60f 100644 --- a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml @@ -58,7 +58,7 @@ hubs_secret_key: demotestinghubsmachine hubs_db_type: sqlite hubs_dev_mode: false - hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/cert.pem + hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem hubs_ssl_key: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem diff --git a/roles/hubs/tasks/webserver.yml b/roles/hubs/tasks/webserver.yml index 2ef0483419..3db6d340e4 100644 --- a/roles/hubs/tasks/webserver.yml +++ b/roles/hubs/tasks/webserver.yml @@ -41,7 +41,7 @@ dnf: name=python2-certbot-nginx state=present - name: get the letencrypt cert - command: certbot certonly -n --nginx -d {{ ansible_fqdn }} + command: certbot certonly -n --nginx -d {{ ansible_fqdn }} --agree-tos --email admin@fedoraproject.org args: creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem notify: diff --git a/roles/hubs/templates/nginx_ssl_params b/roles/hubs/templates/nginx_ssl_params index c8ab38de24..9a411c4157 100644 --- a/roles/hubs/templates/nginx_ssl_params +++ b/roles/hubs/templates/nginx_ssl_params @@ -1,3 +1,5 @@ ssl on; ssl_certificate {{ hubs_ssl_cert }}; ssl_certificate_key {{ hubs_ssl_key }}; +include /etc/letsencrypt/options-ssl-nginx.conf; +ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;