From: Julien Cristau <jcristau@debian.org>
Date: Sun, 9 Oct 2016 15:43:55 +0000 (+0200)
Subject: Switch to letsencrypt for api.ftp-master.d.o
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=42d7037bc1d9ab4b9bf77f64c5a93f7a98699b1c;p=mirror%2Fdsa-puppet.git

Switch to letsencrypt for api.ftp-master.d.o
---

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index a6e0965b4..b034ce3f2 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -58,7 +58,7 @@ class roles {
 	if has_role('api.ftp-master') {
 		ssl::service { 'api.ftp-master.debian.org':
 			notify  => Exec['service apache2 reload'],
-			tlsaport => 0,
+			key => true,
 		}
 	}
 
diff --git a/modules/ssl/files/chains/api.ftp-master.debian.org.crt b/modules/ssl/files/chains/api.ftp-master.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/api.ftp-master.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/api.ftp-master.debian.org.crt b/modules/ssl/files/servicecerts/api.ftp-master.debian.org.crt
deleted file mode 100644
index 8c2a11301..000000000
--- a/modules/ssl/files/servicecerts/api.ftp-master.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            8c:e2:b2:a1:07:70:de:91:3c:09:91:30:7c:da:f2:97
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Oct 11 00:00:00 2015 GMT
-            Not After : Nov  7 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=api.ftp-master.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:fd:e7:7a:1e:56:95:eb:9d:83:3c:fc:e5:a7:17:
-                    6f:58:93:eb:46:d7:42:48:e5:89:36:a9:38:a1:19:
-                    fe:01:b1:13:16:65:97:cd:e9:4a:3e:7d:f4:04:46:
-                    bf:57:11:71:47:59:52:f4:f6:13:3d:e4:eb:de:2c:
-                    22:bd:d4:3a:ee:79:20:f6:0b:e6:1e:7b:a4:a9:fc:
-                    b8:e0:e7:09:05:05:c6:3f:dd:25:bd:f6:3f:58:68:
-                    e0:84:c2:d8:bb:40:d4:cc:4f:5f:d0:3e:e5:ad:d9:
-                    fb:6b:bf:28:62:b8:8a:ff:d7:00:50:09:af:3f:0d:
-                    78:1b:b2:f3:b4:50:93:7e:83:e7:0e:6b:2f:bc:bd:
-                    c6:f1:0d:86:71:12:1a:66:df:1e:0a:c1:aa:8b:33:
-                    df:f2:37:5e:0f:6b:7a:c2:a8:8c:26:59:c8:ee:2f:
-                    0c:81:25:67:00:f1:99:e8:56:ce:10:37:76:5d:30:
-                    80:5d:45:52:ef:6a:75:7c:4a:24:e3:87:79:48:95:
-                    2d:b3:b7:06:c6:59:77:3d:50:a7:b5:df:6b:ce:80:
-                    1a:2e:fe:77:60:c8:0c:72:49:0f:93:91:df:b7:f0:
-                    38:f7:6e:ff:a2:7f:ea:6d:ed:8c:df:55:25:d0:39:
-                    fc:24:18:57:fb:e0:cf:00:0a:76:fc:4a:97:35:8c:
-                    3f:19:cb:4b:86:0c:4b:70:1c:1c:d3:06:26:b5:f9:
-                    a9:d9:29:64:db:a0:76:c6:e5:50:88:7f:ee:18:c1:
-                    32:dd:9e:4d:23:a2:b8:a0:1a:d5:96:b4:41:62:ae:
-                    bb:a0:b0:92:75:8b:e3:b0:5b:8d:ec:92:24:41:2b:
-                    04:ed:3f:4b:09:40:e2:77:ba:02:4b:03:7a:60:67:
-                    a3:a6:ae:ec:f4:7a:77:60:88:35:32:53:8e:5a:cc:
-                    04:3e:73:19:01:09:33:50:5f:a4:d5:a5:cf:12:fb:
-                    43:63:0b:1b:0b:14:b4:a9:d7:c5:e0:43:31:90:75:
-                    78:30:08:dc:aa:a1:c2:b1:95:9f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                7A:0E:8D:72:FD:C8:05:B3:F3:0A:1C:64:C6:47:6C:A7:C0:DD:1F:2B
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:api.ftp-master.debian.org, DNS:www.api.ftp-master.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         20:97:bd:f0:f5:04:a0:76:00:3d:22:5c:c5:3a:17:0d:83:6f:
-         aa:87:45:c5:49:ce:ac:b1:c7:f0:62:10:4e:83:c5:73:04:46:
-         18:75:a0:24:a2:51:dd:22:cb:34:af:0a:be:ea:13:79:bc:b4:
-         7e:27:85:c0:be:dd:a2:ae:e7:d2:4c:43:1f:a6:b0:20:af:86:
-         91:22:73:14:2f:7d:1d:5d:34:0e:bc:f4:df:3a:16:6e:ce:06:
-         71:ba:b6:1a:f4:81:17:5e:90:89:70:75:57:82:52:5f:46:00:
-         ef:8e:f2:5a:78:30:fc:24:46:51:89:98:05:d7:36:cd:26:b0:
-         3d:8f:01:ca:3b:a9:4d:54:92:84:0d:2e:5b:25:76:db:01:cd:
-         7d:00:53:2c:c8:9f:c7:55:a1:eb:1f:41:b5:44:68:74:10:fb:
-         d6:f6:e3:49:11:2f:67:e6:3a:c7:8a:86:75:62:ca:35:18:12:
-         4b:f1:5c:a9:13:42:0f:99:ae:47:13:38:d1:a1:90:23:1e:43:
-         35:ee:0f:f3:af:8e:68:99:31:ba:17:25:9d:22:25:f3:72:27:
-         40:b0:49:71:1f:fa:a7:84:2d:c8:eb:06:af:76:9f:56:cb:3a:
-         31:6a:f0:01:76:32:e7:2f:b8:76:68:5a:81:a2:ea:21:9c:65:
-         0e:c9:77:5e
------BEGIN CERTIFICATE-----
-MIIFmzCCBIOgAwIBAgIRAIzisqEHcN6RPAmRMHza8pcwDQYJKoZIhvcNAQELBQAw
-XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
-MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE1MTAxMTAwMDAwMFoXDTE2MTEwNzIzNTk1OVowZDEhMB8GA1UECxMYRG9t
-YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
-U0wxIjAgBgNVBAMTGWFwaS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcwggGiMA0GCSqG
-SIb3DQEBAQUAA4IBjwAwggGKAoIBgQD953oeVpXrnYM8/OWnF29Yk+tG10JI5Yk2
-qTihGf4BsRMWZZfN6Uo+ffQERr9XEXFHWVL09hM95OveLCK91DrueSD2C+Yee6Sp
-/Ljg5wkFBcY/3SW99j9YaOCEwti7QNTMT1/QPuWt2ftrvyhiuIr/1wBQCa8/DXgb
-svO0UJN+g+cOay+8vcbxDYZxEhpm3x4KwaqLM9/yN14Pa3rCqIwmWcjuLwyBJWcA
-8ZnoVs4QN3ZdMIBdRVLvanV8SiTjh3lIlS2ztwbGWXc9UKe132vOgBou/ndgyAxy
-SQ+Tkd+38Dj3bv+if+pt7YzfVSXQOfwkGFf74M8ACnb8Spc1jD8Zy0uGDEtwHBzT
-Bia1+anZKWTboHbG5VCIf+4YwTLdnk0jorigGtWWtEFirrugsJJ1i+OwW43skiRB
-KwTtP0sJQOJ3ugJLA3pgZ6Omruz0endgiDUyU45azAQ+cxkBCTNQX6TVpc8S+0Nj
-CxsLFLSp18XgQzGQdXgwCNyqocKxlZ8CAwEAAaOCAcswggHHMB8GA1UdIwQYMBaA
-FLOQp9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBR6Do1y/cgFs/MKHGTGR2yn
-wN0fKzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUG
-CCsGAQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBB
-BgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlT
-dGFuZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBo
-dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQw
-JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wQwYDVR0RBDww
-OoIZYXBpLmZ0cC1tYXN0ZXIuZGViaWFuLm9yZ4Idd3d3LmFwaS5mdHAtbWFzdGVy
-LmRlYmlhbi5vcmcwDQYJKoZIhvcNAQELBQADggEBACCXvfD1BKB2AD0iXMU6Fw2D
-b6qHRcVJzqyxx/BiEE6DxXMERhh1oCSiUd0iyzSvCr7qE3m8tH4nhcC+3aKu59JM
-Qx+msCCvhpEicxQvfR1dNA689N86Fm7OBnG6thr0gRdekIlwdVeCUl9GAO+O8lp4
-MPwkRlGJmAXXNs0msD2PAco7qU1UkoQNLlsldtsBzX0AUyzIn8dVoesfQbVEaHQQ
-+9b240kRL2fmOseKhnViyjUYEkvxXKkTQg+ZrkcTONGhkCMeQzXuD/OvjmiZMboX
-JZ0iJfNyJ0CwSXEf+qeELcjrBq92n1bLOjFq8AF2MucvuHZoWoGi6iGcZQ7Jd14=
------END CERTIFICATE-----