infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

start of a certbot role, but don't use it yet.

Browse source 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
This commit is contained in:
Rick Elrod 2016-06-29 15:08:26 +00:00
parent f4a609d445
commit 1213c5e6a7
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/certbot/README
View file

@ -19,4 +19,19 @@ To use it:
/srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org /srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
setenforce 1 setenforce 1
3) Add your SSL VirtualHost. An Ansible template with something like this
should possibly work:
<VirtualHost {{public_ip}}:443 _default_:443>
ServerName YOURINSTANCE.fedorainfracloud.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/fullchain.pem
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
SSLProtocol ALL -SSLv2
<!-- Your actual config goes here! -->
</VirtualHost>