Stop copr-fe from installing a file, then modifying it every time.

roles/copr/frontend/files/httpd/coprs_ssl.conf

@@ -6,10 +6,12 @@
     SSLHonorCipherOrder on
     Header always add Strict-Transport-Security "max-age=15768000; preload"
 
-    SSLCertificateFile /etc/pki/tls/ca.crt
-    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
     ServerName copr-fe.cloud.fedoraproject.org:443
 
+    SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt"
+    SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key"
+    SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt"
+
     WSGIPassAuthorization On
     #WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
     WSGIScriptAlias / /usr/share/copr/coprs_frontend/application

roles/copr/frontend/tasks/install_certs.yml

@@ -12,16 +12,3 @@
   copy: src=DigiCertCA.crt dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
   tags:
   - config
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateFile " insertafter="^#SSLCertificateFile " line="SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt"
-  notify:
-  - restart httpd
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateKeyFile " insertafter="^#SSLCertificateKeyFile " line="SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key"
-  notify:
-  - restart httpd
-
-- lineinfile: dest=/etc/httpd/conf.d/copr_ssl.conf regexp="SSLCertificateChainFile " insertafter="SSLCertificateKeyFile " line="SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt"
-  notify:
-  - restart httpd
-