X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fapache2%2Ftemplates%2Fssl-key-pins.erb;h=7e891a293b9e0678b398cade7d4d3e2ae2a39f76;hb=32244ad7ddec069b40c6322b338c01f71d0c04f3;hp=273cc69e34b46f5c09615b168bdaae59c00a9550;hpb=c2f13d4cf63d9d2143ebe02109eb5f157e4eea73;p=mirror%2Fdsa-puppet.git

diff --git a/modules/apache2/templates/ssl-key-pins.erb b/modules/apache2/templates/ssl-key-pins.erb
index 273cc69e3..7e891a293 100644
--- a/modules/apache2/templates/ssl-key-pins.erb
+++ b/modules/apache2/templates/ssl-key-pins.erb
@@ -3,6 +3,8 @@
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 ##
 
+<IfModule mod_macro.c>
+
 <%=
   $cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt'
   $cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
@@ -21,7 +23,8 @@
     res << "<Macro http-pkp-#{site}>"
     if pin_info.size >= 2 then
       pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
-      pin_info << "max-age=300"
+      # 60 days
+      pin_info << "max-age=5184000"
       pin_str = pin_info.join("; ")
       res << "  Header always set Public-Key-Pins \"#{pin_str}\""
     else
@@ -41,3 +44,5 @@
   end
   macros.join("\n")
 -%>
+
+</IfModule>