X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fapache2%2Ftemplates%2Fssl-key-pins.erb;h=c46111d8ccad01a55b2ec0703ce7eb4851ed8a35;hb=2bd2dc5fafbd4e216394f487f9a22cae680ec9b3;hp=f79cfffe6d8299dbb80230b3e39c013a8b8c6d75;hpb=e116c9247d418e6fcd8072e0b20e1496ec759117;p=mirror%2Fdsa-puppet.git

diff --git a/modules/apache2/templates/ssl-key-pins.erb b/modules/apache2/templates/ssl-key-pins.erb
index f79cfffe6..c46111d8c 100644
--- a/modules/apache2/templates/ssl-key-pins.erb
+++ b/modules/apache2/templates/ssl-key-pins.erb
@@ -6,7 +6,7 @@
 <IfModule mod_macro.c>
 
 <%=
-  $cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt'
+  $cert_dir_le = scope().call_function('hiera', ['paths.letsencrypt_dir'])
   $cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
 
   def make_pin_macro(site)
@@ -23,7 +23,8 @@
     res << "<Macro http-pkp-#{site}>"
     if pin_info.size >= 2 then
       pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
-      pin_info << "max-age=10800"
+      # 60 days
+      pin_info << "max-age=5184000"
       pin_str = pin_info.join("; ")
       res << "  Header always set Public-Key-Pins \"#{pin_str}\""
     else