From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 29 Jun 2016 19:25:47 +0000 (+0200)
Subject: Switch people.debian.org to letsencrypt
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=79bcc9aeded0f84856c4f80405e51cddcdea85f4;p=mirror%2Fdsa-puppet.git

Switch people.debian.org to letsencrypt

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 84ce24f95..e535a62b0 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -102,7 +102,7 @@ class roles {
 	if has_role('people') {
 		ssl::service { 'people.debian.org':
 			notify => Service['apache2'],
-			tlsaport => [],
+			key => true,
 		}
 	}
 
diff --git a/modules/ssl/files/chains/people.debian.org.crt b/modules/ssl/files/chains/people.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/people.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/people.debian.org.crt b/modules/ssl/files/servicecerts/people.debian.org.crt
deleted file mode 100644
index 9c1600ab2..000000000
--- a/modules/ssl/files/servicecerts/people.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            e0:c3:a1:74:af:f7:c1:7d:ed:60:17:90:11:13:d3:03
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Jul 13 00:00:00 2015 GMT
-            Not After : Jul 27 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=people.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:be:d6:84:d3:1e:3d:ca:3d:29:a2:30:a3:b2:57:
-                    9b:d0:c1:dc:30:eb:92:a1:d2:30:5d:90:f9:8c:af:
-                    73:1e:a9:7b:cb:e7:dc:c3:e9:0a:4e:0b:3f:d5:3c:
-                    70:c8:28:9d:53:40:17:8a:ef:ae:10:3d:62:b0:d0:
-                    22:22:bb:ee:86:33:99:8b:f3:57:dc:44:2f:43:06:
-                    e0:cd:10:34:71:60:b5:64:e1:9c:6e:66:e5:86:fb:
-                    5b:6c:63:58:7c:55:78:2b:a8:ed:ab:53:60:8e:44:
-                    51:93:61:cf:7d:d7:7d:c0:ec:30:4b:c1:65:e7:a1:
-                    35:93:53:65:10:41:4e:ea:4c:e1:87:72:6d:20:07:
-                    2c:53:ec:99:e5:7e:42:64:a0:62:ff:91:93:89:ab:
-                    19:1e:7b:02:84:2f:bc:74:38:03:a6:6a:21:11:d0:
-                    b6:ba:24:ab:ec:6a:b4:67:74:33:bf:9b:c9:67:dc:
-                    5f:73:9a:ae:c4:1d:48:72:9f:35:9d:13:8d:54:04:
-                    5f:3c:e2:49:30:44:69:19:6e:12:95:e5:1c:98:86:
-                    0b:56:27:86:62:b9:5b:af:49:48:86:18:3b:d4:be:
-                    89:ec:f7:30:02:23:17:e7:de:d1:ad:2e:a4:c9:7f:
-                    9d:88:1f:eb:79:2d:6e:eb:dc:a4:77:57:b9:1c:9d:
-                    95:56:46:96:93:d4:fa:e2:ad:79:d0:22:e7:51:59:
-                    d6:bd:29:b7:71:0f:2f:98:37:ff:9f:5e:1a:e8:fc:
-                    73:0a:09:a2:fe:26:13:1d:f8:05:55:66:cf:ba:c8:
-                    be:e0:22:4b:b8:d7:28:2a:52:8a:34:08:33:68:84:
-                    e9:cd:88:72:11:51:e6:8c:fc:a9:01:ff:b4:96:c3:
-                    e0:e9:3d:0c:46:48:00:86:25:74:25:60:7f:33:20:
-                    0b:1a:13:9b:cd:46:9e:c8:19:64:c1:97:d8:7c:9f:
-                    2c:99:04:07:f9:c0:33:b2:17:8e:a8:98:9d:f8:ad:
-                    0e:76:3e:e0:40:63:7a:45:3e:2f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                8E:22:C1:B4:53:40:A3:E9:31:81:23:CB:C9:77:6B:FA:9B:C3:5D:FB
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:people.debian.org, DNS:www.people.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         92:fe:5d:c6:c0:32:ae:d2:b2:dc:70:87:80:8f:b9:d9:ea:ad:
-         52:88:75:1f:bd:9b:ae:9d:e1:70:a3:de:09:42:7c:b9:dc:17:
-         fb:d7:5c:f4:8d:5b:f1:ba:e0:70:09:2b:ae:1e:59:5c:d6:7a:
-         28:6d:54:d7:c0:83:92:0a:d9:15:25:bb:2d:e6:e9:af:1c:fe:
-         00:d4:74:dc:45:bb:8f:ed:0a:0e:31:3c:26:fd:aa:ec:52:f2:
-         e7:6d:bb:5f:a3:07:7b:18:8f:81:12:16:38:fb:ef:bf:fd:6e:
-         99:53:de:ba:e7:c9:92:e2:30:6d:84:41:a2:69:aa:24:b4:4d:
-         4d:17:e9:f1:b2:ba:5e:51:81:f5:9e:2f:95:c2:2d:7f:18:94:
-         71:75:d6:87:4b:53:6e:02:45:03:ea:49:4f:a0:7f:1f:dc:23:
-         62:a8:2f:80:66:62:aa:e3:23:7f:2b:aa:4f:41:61:a7:ad:1b:
-         18:61:3b:8c:8f:0d:ba:25:06:a9:79:ab:df:80:0b:26:f8:57:
-         2b:8a:d4:8e:78:e9:0e:49:d9:36:5b:f2:c8:ce:84:05:26:c9:
-         41:b8:76:84:58:a0:ac:f2:64:22:42:e6:e1:58:57:72:c8:de:
-         d8:b8:62:70:60:af:29:c4:6f:93:df:c4:32:15:04:f4:11:0f:
-         d7:27:57:69
------BEGIN CERTIFICATE-----
-MIIFgzCCBGugAwIBAgIRAODDoXSv98F97WAXkBET0wMwDQYJKoZIhvcNAQELBQAw
-XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
-MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE1MDcxMzAwMDAwMFoXDTE2MDcyNzIzNTk1OVowXDEhMB8GA1UECxMYRG9t
-YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
-U0wxGjAYBgNVBAMTEXBlb3BsZS5kZWJpYW4ub3JnMIIBojANBgkqhkiG9w0BAQEF
-AAOCAY8AMIIBigKCAYEAvtaE0x49yj0pojCjsleb0MHcMOuSodIwXZD5jK9zHql7
-y+fcw+kKTgs/1TxwyCidU0AXiu+uED1isNAiIrvuhjOZi/NX3EQvQwbgzRA0cWC1
-ZOGcbmblhvtbbGNYfFV4K6jtq1NgjkRRk2HPfdd9wOwwS8Fl56E1k1NlEEFO6kzh
-h3JtIAcsU+yZ5X5CZKBi/5GTiasZHnsChC+8dDgDpmohEdC2uiSr7Gq0Z3Qzv5vJ
-Z9xfc5quxB1Icp81nRONVARfPOJJMERpGW4SleUcmIYLVieGYrlbr0lIhhg71L6J
-7PcwAiMX597RrS6kyX+diB/reS1u69ykd1e5HJ2VVkaWk9T64q150CLnUVnWvSm3
-cQ8vmDf/n14a6PxzCgmi/iYTHfgFVWbPusi+4CJLuNcoKlKKNAgzaITpzYhyEVHm
-jPypAf+0lsPg6T0MRkgAhiV0JWB/MyALGhObzUaeyBlkwZfYfJ8smQQH+cAzsheO
-qJid+K0Odj7gQGN6RT4vAgMBAAGjggG7MIIBtzAfBgNVHSMEGDAWgBSzkKfYya9O
-zWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUjiLBtFNAo+kxgSPLyXdr+pvDXfswDgYD
-VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcC
-ARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDow
-ODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRT
-U0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2Ny
-dC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUF
-BzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMDMGA1UdEQQsMCqCEXBlb3Bs
-ZS5kZWJpYW4ub3JnghV3d3cucGVvcGxlLmRlYmlhbi5vcmcwDQYJKoZIhvcNAQEL
-BQADggEBAJL+XcbAMq7Sstxwh4CPudnqrVKIdR+9m66d4XCj3glCfLncF/vXXPSN
-W/G64HAJK64eWVzWeihtVNfAg5IK2RUluy3m6a8c/gDUdNxFu4/tCg4xPCb9quxS
-8udtu1+jB3sYj4ESFjj777/9bplT3rrnyZLiMG2EQaJpqiS0TU0X6fGyul5RgfWe
-L5XCLX8YlHF11odLU24CRQPqSU+gfx/cI2KoL4BmYqrjI38rqk9BYaetGxhhO4yP
-DbolBql5q9+ACyb4VyuK1I546Q5J2TZb8sjOhAUmyUG4doRYoKzyZCJC5uFYV3LI
-3ti4YnBgrynEb5PfxDIVBPQRD9cnV2k=
------END CERTIFICATE-----