From: Julien Cristau Date: Fri, 5 Feb 2016 17:16:22 +0000 (+0100) Subject: switch search.d.o to letsencrypt X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=2406640350870f6d2ab9112a247fb733590f15de;p=mirror%2Fdsa-puppet.git switch search.d.o to letsencrypt Signed-off-by: Julien Cristau --- diff --git a/modules/roles/manifests/search_frontend.pp b/modules/roles/manifests/search_frontend.pp index 470e0f82a..4d66c1d45 100644 --- a/modules/roles/manifests/search_frontend.pp +++ b/modules/roles/manifests/search_frontend.pp @@ -1,6 +1,6 @@ class roles::search_frontend { ssl::service { 'search.debian.org': notify => Service['apache2'], - tlsaport => 0, + key => true, } } diff --git a/modules/ssl/files/chains/search.debian.org.crt b/modules/ssl/files/chains/search.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/search.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/search.debian.org.crt b/modules/ssl/files/servicecerts/search.debian.org.crt deleted file mode 100644 index a2813276c..000000000 --- a/modules/ssl/files/servicecerts/search.debian.org.crt +++ /dev/null @@ -1,107 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 88:fc:04:f1:bd:15:02:30:3c:2e:2b:d4:cc:6c:d6:1c - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Mar 4 00:00:00 2015 GMT - Not After : Mar 4 23:59:59 2016 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=search.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:f1:b0:01:cb:de:9a:0b:80:26:74:e1:bc:4d:b7: - f0:bd:eb:49:76:d1:f1:34:52:a8:65:18:ff:66:09: - fc:f1:96:60:1d:25:d7:3f:8a:c1:59:82:c6:6d:48: - c2:c0:b3:0f:3f:3d:8f:8e:cb:2c:ab:c8:07:38:91: - 32:0e:03:87:1d:20:16:df:ab:75:08:31:e6:82:f1: - 78:80:52:5c:81:d9:66:15:83:bc:a7:22:99:07:5f: - 79:05:49:57:ef:fc:ee:b5:18:23:5c:09:1a:85:22: - a7:72:12:06:db:ce:15:51:7b:04:2a:33:89:83:99: - 12:ae:c0:f6:8a:21:b7:5b:bd:ee:52:6a:b1:3a:9d: - d9:b5:ac:5e:01:0a:5a:09:eb:b7:ba:d6:90:0e:54: - fa:24:9c:5f:c3:9b:66:09:e6:e6:b6:a7:83:fb:89: - fc:9b:43:d9:76:f2:38:c2:c0:74:20:c8:fe:bc:2f: - 92:45:a2:a6:23:71:b5:65:bc:6c:21:18:99:cd:ee: - 02:04:3a:fb:b8:ab:4b:e3:29:15:83:6c:70:32:b5: - 2f:93:a4:74:ad:7c:51:22:00:16:04:6f:b1:89:20: - 06:f1:2d:be:08:4c:3c:45:d1:00:09:34:0f:c1:3e: - c8:05:96:36:e7:e8:a5:2a:af:38:8d:8a:71:2a:18: - 71:3f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - AF:16:13:71:D2:0F:CF:69:BF:8C:A4:B9:7F:0B:F8:4F:C6:2A:8D:6A - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:search.debian.org, DNS:www.search.debian.org - Signature Algorithm: sha256WithRSAEncryption - 5b:bd:c1:28:3c:19:63:88:85:50:ba:b8:27:5b:34:ab:cb:01: - 44:72:ed:dd:66:95:57:5d:a9:a1:34:6e:51:d8:9b:42:db:98: - 2d:51:79:ab:e4:c7:6d:00:60:1e:4f:41:a9:d8:3d:ab:4d:77: - 25:b6:97:ef:fe:db:67:09:ae:b2:75:13:a8:42:6c:e6:ed:94: - 95:3f:f7:24:cc:2f:69:1f:13:64:8b:ef:c5:ea:2f:32:a2:91: - 21:46:6f:36:41:b3:0f:6a:d0:b3:21:c4:8e:4e:00:5a:94:a4: - 3a:e9:6d:cb:76:98:26:d1:6e:0c:fa:d2:d3:9d:5d:c7:99:cb: - 09:cc:35:67:ae:85:e8:c3:09:09:9f:dc:ce:67:7f:13:80:bb: - d7:b2:a0:13:59:50:6a:60:21:c9:4a:73:80:15:a0:e3:5c:79: - eb:7c:11:29:51:3b:35:2a:bc:8f:2a:4a:f0:10:e3:e0:f6:50: - ec:5e:c2:03:d2:99:86:3b:bd:65:94:cf:10:5c:7e:52:2f:5b: - 3a:d9:ba:76:dc:cf:d1:8e:67:4f:c2:4f:43:10:6d:01:f6:3a: - 03:d4:b1:5a:a2:46:21:a2:11:f2:62:e0:c2:fc:b3:13:a0:86: - 60:b8:03:44:30:9e:1c:df:be:99:e4:79:dd:fd:99:72:2c:c1: - 3b:a1:e0:de ------BEGIN CERTIFICATE----- -MIIFAzCCA+ugAwIBAgIRAIj8BPG9FQIwPC4r1Mxs1hwwDQYJKoZIhvcNAQELBQAw -XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO -MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy -MB4XDTE1MDMwNDAwMDAwMFoXDTE2MDMwNDIzNTk1OVowXDEhMB8GA1UECxMYRG9t -YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT -U0wxGjAYBgNVBAMTEXNlYXJjaC5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA8bABy96aC4AmdOG8TbfwvetJdtHxNFKoZRj/Zgn88ZZg -HSXXP4rBWYLGbUjCwLMPPz2Pjsssq8gHOJEyDgOHHSAW36t1CDHmgvF4gFJcgdlm -FYO8pyKZB195BUlX7/zutRgjXAkahSKnchIG284VUXsEKjOJg5kSrsD2iiG3W73u -UmqxOp3ZtaxeAQpaCeu3utaQDlT6JJxfw5tmCebmtqeD+4n8m0PZdvI4wsB0IMj+ -vC+SRaKmI3G1ZbxsIRiZze4CBDr7uKtL4ykVg2xwMrUvk6R0rXxRIgAWBG+xiSAG -8S2+CEw8RdEACTQPwT7IBZY25+ilKq84jYpxKhhxPwIDAQABo4IBuzCCAbcwHwYD -VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFK8WE3HSD89p -v4ykuX8L+E/GKo1qMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB -AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG -Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv -bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB -BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM -Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAz -BgNVHREELDAqghFzZWFyY2guZGViaWFuLm9yZ4IVd3d3LnNlYXJjaC5kZWJpYW4u -b3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBbvcEoPBljiIVQurgnWzSrywFEcu3dZpVX -XamhNG5R2JtC25gtUXmr5MdtAGAeT0Gp2D2rTXcltpfv/ttnCa6ydROoQmzm7ZSV -P/ckzC9pHxNki+/F6i8yopEhRm82QbMPatCzIcSOTgBalKQ66W3Ldpgm0W4M+tLT -nV3HmcsJzDVnroXowwkJn9zOZ38TgLvXsqATWVBqYCHJSnOAFaDjXHnrfBEpUTs1 -KryPKkrwEOPg9lDsXsID0pmGO71llM8QXH5SL1s62bp23M/RjmdPwk9DEG0B9joD -1LFaokYhohHyYuDC/LMToIZguANEMJ4c376Z5Hnd/ZlyLME7oeDe ------END CERTIFICATE-----