file { "/etc/ssl/debian/certs/$name.crt":
ensure => $ssl_ensure,
- source => [ "puppet:///modules/ssl/servicecerts/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.crt" ],
+ content => template('ssl/crt.erb'),
notify => [ Exec['refresh_debian_hashes'], $notify ],
}
file { "/etc/ssl/debian/certs/$name.crt-chain":
ensure => $ssl_ensure,
- source => [ "puppet:///modules/ssl/chains/${name}.crt", "puppet:///modules/ssl/servicecerts/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.crt-chain" ],
+ content => template('ssl/crt-chain.erb'),
notify => [ $notify ],
links => follow,
}
file { "/etc/ssl/debian/certs/$name.crt-chained":
ensure => $ssl_ensure,
- content => template('ssl/chained.erb'),
+ content => template('ssl/crt-chained.erb'),
notify => [ $notify ],
}
if $key {
ensure => $ssl_ensure,
mode => '0440',
group => 'ssl-cert',
- source => [ "puppet:///modules/ssl/keys/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.key" ],
+ content => template('ssl/key.erb'),
+ notify => [ $notify ],
+ links => follow,
+ }
+
+ file { "/etc/ssl/private/$name.key-certchain":
+ ensure => $ssl_ensure,
+ mode => '0440',
+ group => 'ssl-cert',
+ content => template('ssl/key-chained.erb'),
notify => [ $notify ],
links => follow,
}
if (size($tlsaports) > 0 and $ssl_ensure == "present") {
$portlist = join($tlsaports, "-")
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
zone => 'debian.org',
- certfile => [ "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt", "/etc/puppet/modules/ssl/files/from-letsencrypt/${name}.crt" ],
+ certfile => [ "${certdir}/${name}.crt" ],
port => $tlsaport,
hostname => "$name",
}