}
file { "/etc/ssl/debian/certs/$name.crt":
- source => "puppet:///modules/ssl/servicecerts/${name}.crt",
+ source => [ "puppet:///modules/ssl/servicecerts/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.crt" ],
notify => [ Exec['refresh_debian_hashes'], $notify ],
}
file { "/etc/ssl/debian/certs/$name.crt-chain":
- source => [ "puppet:///modules/ssl/chains/${name}.crt", "puppet:///modules/ssl/servicecerts/${name}.crt" ],
+ source => [ "puppet:///modules/ssl/chains/${name}.crt", "puppet:///modules/ssl/servicecerts/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.crt-chain" ],
notify => [ $notify ],
links => follow,
}
if $tlsaport > 0 {
dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":
zone => 'debian.org',
- certfile => "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt",
+ certfile => [ "puppet:///modules/ssl/servicecerts/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.crt" ],
port => $tlsaport,
hostname => "$name",
}
<%=
- File.read("/etc/puppet/modules/ssl/files/servicecerts/#{name}.crt")
-%>
-<%=
- fn = "/etc/puppet/modules/ssl/files/chains/#{name}.crt"
- File.exist?(fn) ? File.read(fn) : ''
+ out = ""
+ fn = "/etc/puppet/modules/ssl/files/servicecerts/#{name}.crt"
+ if File.exist?(fn) then
+ out = File.read(fn)
+
+ chain = "/etc/puppet/modules/ssl/files/chains/#{name}.crt"
+ File.exist?(chain) ? File.read(chain) : ''
+ else
+ fn = "/etc/puppet/modules/ssl/files/from-letsencrypt/#{name}.crt-chained"
+ out = File.read(fn)
+ end
+ out
%>
projects / mirror / dsa-puppet.git / commitdiff