see if we can use a letsencrypt ssl cert for wcidff

files/httpd/wcidff.org.conf

@@ -0,0 +1,2 @@
+RewriteEngine on
+RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]

playbooks/groups/proxies.yml

@@ -47,6 +47,24 @@
         state=link
     when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
 
+  - name: install special wcidff.conf with letsencrypt info
+    copy: src={{ files }}/httpd/wcidff.org.conf dest=/etc/httpd/conf.d/whatcanidoforfedora.org/wcidff.conf
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
+  - name: setup link to letsencrypt certs on proxy01
+    file: >
+        path=/etc/pki/tls/certs/whatcanidoforfedora.intermediate.cert
+        src=/etc/letsencrypt/live/whatcanidoforfedora.org/fullchain.pem
+        state=link
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
+  - name: setup link to letsencrypt certs on proxy01
+    file: >
+        path=/etc/pki/tls/certs/whatcanidoforfedora.org.cert
+        src=/etc/letsencrypt/live/whatcanidoforfedora.org/cert.pem
+        state=link
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
   - include: "{{ tasks_path }}/yumrepos.yml"
   - include: "{{ tasks_path }}/2fa_client.yml"
   - include: "{{ tasks_path }}/motd.yml"

playbooks/include/proxies-websites.yml

@@ -398,12 +398,22 @@
     ssl: false
     cert_name: "{{wildcard_cert_name}}"
 
+  - role: httpd/website
+    name: whatcanidoforfedora.org
+    server_aliases:
+    - www.whatcanidoforfedora.org
+    ssl: true
+    cert_name: whatcanidoforfedora.org
+    SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.cert
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
   - role: httpd/website
     name: whatcanidoforfedora.org
     server_aliases:
     - www.whatcanidoforfedora.org
     ssl: false
     cert_name: "{{wildcard_cert_name}}"
+    when: inventory_hostname != 'proxy01.phx2.fedoraproject.org'
 
   - role: httpd/website
     name: fedoramagazine.org