From: Julien Cristau <jcristau@debian.org>
Date: Sun, 9 Oct 2016 16:07:43 +0000 (+0200)
Subject: Switch lists.d.o to letsencrypt
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=89b528f4396c42b1c44424b809bf8f313ec246dc;p=mirror%2Fdsa-puppet.git

Switch lists.d.o to letsencrypt

Signed-off-by: Julien Cristau <jcristau@debian.org>
---

diff --git a/modules/roles/manifests/lists.pp b/modules/roles/manifests/lists.pp
index d1d9d237f..d4c36077e 100644
--- a/modules/roles/manifests/lists.pp
+++ b/modules/roles/manifests/lists.pp
@@ -1,7 +1,7 @@
 class roles::lists {
 	ssl::service { 'lists.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 
 	dnsextras::tlsa_record{ 'tlsa-mailport':
diff --git a/modules/ssl/files/chains/lists.debian.org.crt b/modules/ssl/files/chains/lists.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/lists.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/lists.debian.org.crt b/modules/ssl/files/servicecerts/lists.debian.org.crt
deleted file mode 100644
index 3c8d1ad08..000000000
--- a/modules/ssl/files/servicecerts/lists.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ca:b7:ff:6a:06:b6:56:ae:d8:eb:80:f3:c9:26:26:9c
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Dec 30 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=lists.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:c5:79:01:0f:20:72:4e:cb:76:ea:bb:65:d9:98:
-                    6c:4d:cb:2f:73:51:d8:a5:f6:ad:f3:2f:a1:24:5d:
-                    50:3b:f8:61:31:46:a1:19:ab:8e:b9:e6:34:19:48:
-                    ea:72:d8:9f:69:8a:fe:e9:5e:90:6b:49:ac:88:16:
-                    19:d0:75:3c:86:56:3c:a3:c8:51:03:e5:74:1d:71:
-                    b7:4a:b5:a4:ca:ff:29:b0:18:4e:34:21:5b:57:20:
-                    e3:0c:78:2d:61:d1:b2:f1:4a:d2:7f:6c:37:59:c1:
-                    6e:15:2a:f8:69:50:29:e6:5d:b2:22:1c:96:08:1f:
-                    01:d5:8a:b3:53:ae:e4:3b:1e:d4:31:33:44:c5:d3:
-                    a9:b1:f2:1c:10:26:3c:ed:e8:6d:2d:85:ad:06:2c:
-                    f7:4d:b4:82:a4:c4:c5:5c:4e:bb:08:ba:a6:c1:42:
-                    e0:c3:e6:e8:de:42:43:d7:dd:e8:ae:e9:c9:bd:56:
-                    db:d8:21:a5:f1:c8:2d:35:99:15:6a:cc:a7:7c:35:
-                    d8:fe:25:41:78:40:a4:b6:b0:55:ae:a9:53:8e:5c:
-                    51:21:23:41:89:d6:f2:61:e8:0e:34:89:7d:72:0d:
-                    26:3a:f1:1c:9d:27:09:cc:f6:89:7d:15:3c:27:84:
-                    eb:d8:01:5c:35:a8:ad:fa:54:c9:7f:ef:42:b0:bc:
-                    ff:7a:20:f4:0b:00:84:48:50:c4:fe:53:ae:bd:d9:
-                    da:e8:da:c4:81:e4:a7:2b:8d:16:5a:9f:92:39:c6:
-                    67:bd:b8:a0:10:02:e7:eb:9c:db:67:20:76:3b:6d:
-                    ec:d1:59:d1:33:f8:4a:dc:a2:31:0e:99:d4:ac:fd:
-                    d2:b7:40:a2:11:26:0a:12:08:4a:33:ad:0b:a8:e8:
-                    87:63:53:9d:9d:89:0f:66:da:6c:a2:a7:bf:40:d4:
-                    5b:b3:f5:2d:b9:73:cd:c7:3a:2f:41:94:58:92:a8:
-                    6c:23:bf:85:44:de:1c:c1:62:69:0b:ab:4f:8c:b5:
-                    86:98:7a:2f:42:fd:d7:09:57:bd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                D3:88:E4:8A:C4:E7:38:88:4F:8A:64:35:DD:6B:48:01:77:FC:D4:29
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:lists.debian.org, DNS:www.lists.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         20:fd:e9:3a:48:b0:02:5e:4c:24:e1:33:57:63:83:9e:d2:91:
-         c3:2f:92:5c:e3:c4:4e:22:77:e4:85:97:c6:34:d0:55:50:9f:
-         c9:09:8d:e4:db:c5:d2:9e:8a:68:d1:da:59:4a:fb:e4:e8:f0:
-         c5:cd:5a:bb:31:6b:85:16:62:12:50:9c:32:96:e2:63:c4:1c:
-         20:03:ae:6b:b9:d0:39:53:e4:d5:5f:28:bc:da:d8:48:bd:03:
-         a2:ca:21:e6:6b:f8:be:dd:45:3d:eb:2e:b1:9d:1b:ec:34:53:
-         9a:85:d5:bf:f6:98:78:36:da:b9:86:bd:19:a8:fb:e6:a5:e6:
-         f4:a6:66:d1:74:27:ae:9f:fc:a5:90:ca:91:3b:9d:89:29:a0:
-         d9:18:5f:b6:6e:d4:75:eb:35:8b:29:25:6f:0f:ff:10:0d:73:
-         55:09:a1:cc:05:65:46:52:b7:ce:0c:3d:f1:0e:88:d0:94:1a:
-         80:4a:d2:16:67:dc:c2:ee:0a:e2:80:62:42:e8:7d:1a:82:d9:
-         41:b0:ca:67:8b:f7:58:09:57:d1:48:6a:d9:b5:7a:d6:85:1b:
-         bd:f4:95:56:be:d8:53:c9:cf:fb:99:1f:58:22:8f:08:29:40:
-         29:57:31:8e:24:bb:10:1d:30:ef:30:5e:46:61:b0:0a:cf:c8:
-         f4:99:77:33
------BEGIN CERTIFICATE-----
-MIIFgDCCBGigAwIBAgIRAMq3/2oGtlau2OuA88kmJpwwDQYJKoZIhvcNAQELBQAw
-XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
-MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE1MTIxMTAwMDAwMFoXDTE2MTIzMDIzNTk1OVowWzEhMB8GA1UECxMYRG9t
-YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
-U0wxGTAXBgNVBAMTEGxpc3RzLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3DQEBAQUA
-A4IBjwAwggGKAoIBgQDFeQEPIHJOy3bqu2XZmGxNyy9zUdil9q3zL6EkXVA7+GEx
-RqEZq4655jQZSOpy2J9piv7pXpBrSayIFhnQdTyGVjyjyFED5XQdcbdKtaTK/ymw
-GE40IVtXIOMMeC1h0bLxStJ/bDdZwW4VKvhpUCnmXbIiHJYIHwHVirNTruQ7HtQx
-M0TF06mx8hwQJjzt6G0tha0GLPdNtIKkxMVcTrsIuqbBQuDD5ujeQkPX3eiu6cm9
-VtvYIaXxyC01mRVqzKd8Ndj+JUF4QKS2sFWuqVOOXFEhI0GJ1vJh6A40iX1yDSY6
-8RydJwnM9ol9FTwnhOvYAVw1qK36VMl/70KwvP96IPQLAIRIUMT+U6692dro2sSB
-5KcrjRZan5I5xme9uKAQAufrnNtnIHY7bezRWdEz+ErcojEOmdSs/dK3QKIRJgoS
-CEozrQuo6IdjU52diQ9m2myip79A1Fuz9S25c83HOi9BlFiSqGwjv4VE3hzBYmkL
-q0+MtYaYei9C/dcJV70CAwEAAaOCAbkwggG1MB8GA1UdIwQYMBaAFLOQp9jJr07N
-YTyffK1df0H9aTDqMB0GA1UdDgQWBBTTiOSKxOc4iE+KZDXda0gBd/zUKTAOBgNV
-HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIB
-FhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4
-MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNT
-TENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0
-LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUH
-MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wMQYDVR0RBCowKIIQbGlzdHMu
-ZGViaWFuLm9yZ4IUd3d3Lmxpc3RzLmRlYmlhbi5vcmcwDQYJKoZIhvcNAQELBQAD
-ggEBACD96TpIsAJeTCThM1djg57SkcMvklzjxE4id+SFl8Y00FVQn8kJjeTbxdKe
-imjR2llK++To8MXNWrsxa4UWYhJQnDKW4mPEHCADrmu50DlT5NVfKLza2Ei9A6LK
-IeZr+L7dRT3rLrGdG+w0U5qF1b/2mHg22rmGvRmo++al5vSmZtF0J66f/KWQypE7
-nYkpoNkYX7Zu1HXrNYspJW8P/xANc1UJocwFZUZSt84MPfEOiNCUGoBK0hZn3MLu
-CuKAYkLofRqC2UGwymeL91gJV9FIatm1etaFG730lVa+2FPJz/uZH1gijwgpQClX
-MY4kuxAdMO8wXkZhsArPyPSZdzM=
------END CERTIFICATE-----