From 183b72ad9ac5cf8a9ab2a29ff257633db11732cf Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 14:43:29 +0200
Subject: [PATCH] LE cert for munin

---
 modules/munin/manifests/master.pp             |   2 +-
 modules/ssl/files/chains/munin.debian.org.crt |   1 -
 .../files/servicecerts/munin.debian.org.crt   | 118 ------------------
 3 files changed, 1 insertion(+), 120 deletions(-)
 delete mode 120000 modules/ssl/files/chains/munin.debian.org.crt
 delete mode 100644 modules/ssl/files/servicecerts/munin.debian.org.crt

diff --git a/modules/munin/manifests/master.pp b/modules/munin/manifests/master.pp
index 734c4c4cf..a89677d60 100644
--- a/modules/munin/manifests/master.pp
+++ b/modules/munin/manifests/master.pp
@@ -11,7 +11,7 @@ class munin::master {
 
 	ssl::service { 'munin.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 	file { '/etc/munin/munin-conf.d':
 		ensure  => directory,
diff --git a/modules/ssl/files/chains/munin.debian.org.crt b/modules/ssl/files/chains/munin.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/munin.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/munin.debian.org.crt b/modules/ssl/files/servicecerts/munin.debian.org.crt
deleted file mode 100644
index 41dcb7dcb..000000000
--- a/modules/ssl/files/servicecerts/munin.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            45:85:54:2e:05:b2:b2:96:17:9a:2f:a2:cd:ef:82:7b
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 22 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=munin.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:ad:44:54:d7:90:e4:eb:64:c4:27:3c:b1:8f:ef:
-                    2f:28:3e:c5:07:b9:48:36:72:d4:1e:76:3e:81:e3:
-                    6a:74:2a:fa:e9:e3:c6:0d:5b:46:7a:dd:a8:9b:31:
-                    5a:38:e4:fa:72:52:10:29:04:9f:b9:ae:53:38:95:
-                    0e:70:3b:12:09:2c:ec:b9:e1:d0:b8:2b:07:84:4d:
-                    62:27:f2:13:24:9f:10:38:73:98:7b:ee:74:77:ea:
-                    86:2d:98:99:e5:2f:ad:9e:d1:a7:b3:9c:ce:de:a6:
-                    36:28:a3:6b:f5:16:60:52:f2:af:7a:ec:55:04:8c:
-                    bb:13:80:d8:2a:ca:41:40:8e:26:8b:85:56:25:97:
-                    eb:d0:83:68:f6:3d:f8:f2:03:e2:bc:5a:25:cf:ac:
-                    eb:1a:6b:98:46:25:b3:ec:f0:2d:05:67:07:de:89:
-                    62:2d:22:7d:e8:65:d8:2b:ec:63:20:06:9f:3d:bb:
-                    fe:8b:7a:99:c9:eb:69:1e:e1:dc:31:54:b0:8c:50:
-                    3e:9b:aa:f7:a7:52:f5:37:0d:be:8a:e3:11:41:9d:
-                    4b:05:7d:63:a6:bd:fd:90:9b:63:be:45:56:8b:11:
-                    79:c4:3b:82:43:49:54:d1:cd:f1:fe:92:bd:f7:83:
-                    90:3e:7b:3c:3b:46:7f:70:cf:e0:5b:b3:c0:3d:3f:
-                    41:32:6a:5b:48:47:52:89:c7:a1:8d:00:cc:ad:8b:
-                    e7:fb:97:36:d4:96:0f:31:66:44:b8:fc:67:b4:e3:
-                    30:64:37:b1:9b:ec:81:b0:a9:25:79:12:0e:d8:ec:
-                    5d:04:9a:6b:91:ef:d6:7a:07:f7:fd:94:fa:83:9b:
-                    d6:1a:e9:50:6f:38:08:ab:f3:06:df:e9:d3:15:42:
-                    e6:8f:e2:6d:54:9f:c7:dd:d4:2d:70:39:b9:b2:29:
-                    fd:a5:0e:aa:ae:5c:ea:a9:fd:95:73:27:5a:00:08:
-                    12:d0:c0:94:50:4a:f8:0b:f5:7d:cb:d6:9a:90:00:
-                    01:75:63:53:81:b4:f8:25:5e:45
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                F2:10:87:60:72:B8:D3:A5:A1:69:80:47:EE:52:B2:3B:18:4D:89:DC
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:munin.debian.org, DNS:www.munin.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         38:c9:52:4f:64:3e:4c:49:e4:4a:5d:3f:23:00:79:ad:d6:e5:
-         2b:20:52:5b:1f:76:9a:70:31:ba:07:bc:10:20:da:a6:d6:fb:
-         9d:b9:2f:7f:fe:67:b7:a3:bc:d8:ce:21:30:7f:b5:3b:8c:64:
-         24:98:00:0a:ac:88:66:ea:ff:09:ed:8a:7b:8a:ed:3e:21:04:
-         2c:a3:34:1c:c3:b2:fd:0f:09:7d:7e:36:d9:9c:7c:0b:f6:c1:
-         5d:e2:6c:fc:7f:fa:fb:74:c0:33:5f:19:a8:f1:24:8e:4c:b6:
-         99:a4:65:f3:b9:41:f7:51:be:ee:25:81:1f:d8:80:f6:84:95:
-         a5:35:d1:8b:bb:dc:33:ab:4f:58:bf:65:3c:25:96:8d:37:c9:
-         2f:4c:94:99:9d:6f:01:1c:a6:ee:c6:e2:2c:21:4e:a9:14:4e:
-         2c:bd:11:a9:e7:46:f1:87:0b:f8:a5:0a:b6:82:db:7b:4e:35:
-         82:b4:7e:dc:b1:7f:64:42:41:d9:90:ab:df:26:51:88:64:9f:
-         21:f9:5e:e2:08:2e:68:2e:b9:00:01:3e:59:fc:5b:bb:c5:01:
-         24:6f:2a:0c:f2:26:79:33:64:c1:61:5e:1e:4a:75:b9:d0:ba:
-         ba:b7:5b:b1:f5:a5:cf:bf:e5:43:9a:50:20:7b:aa:2c:33:e9:
-         fb:5d:55:8b
------BEGIN CERTIFICATE-----
-MIIFfzCCBGegAwIBAgIQRYVULgWyspYXmi+ize+CezANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIyMjM1OTU5WjBbMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEZMBcGA1UEAxMQbXVuaW4uZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQAD
-ggGPADCCAYoCggGBAK1EVNeQ5OtkxCc8sY/vLyg+xQe5SDZy1B52PoHjanQq+unj
-xg1bRnrdqJsxWjjk+nJSECkEn7muUziVDnA7Egks7Lnh0LgrB4RNYifyEySfEDhz
-mHvudHfqhi2YmeUvrZ7Rp7Oczt6mNiija/UWYFLyr3rsVQSMuxOA2CrKQUCOJouF
-ViWX69CDaPY9+PID4rxaJc+s6xprmEYls+zwLQVnB96JYi0ifehl2CvsYyAGnz27
-/ot6mcnraR7h3DFUsIxQPpuq96dS9TcNvorjEUGdSwV9Y6a9/ZCbY75FVosRecQ7
-gkNJVNHN8f6SvfeDkD57PDtGf3DP4FuzwD0/QTJqW0hHUonHoY0AzK2L5/uXNtSW
-DzFmRLj8Z7TjMGQ3sZvsgbCpJXkSDtjsXQSaa5Hv1noH9/2U+oOb1hrpUG84CKvz
-Bt/p0xVC5o/ibVSfx93ULXA5ubIp/aUOqq5c6qn9lXMnWgAIEtDAlFBK+Av1fcvW
-mpAAAXVjU4G0+CVeRQIDAQABo4IBuTCCAbUwHwYDVR0jBBgwFoAUs5Cn2MmvTs1h
-PJ98rV1/Qf1pMOowHQYDVR0OBBYEFPIQh2ByuNOloWmAR+5SsjsYTYncMA4GA1Ud
-DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
-BgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEW
-GWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgw
-NqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM
-Q0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQu
-dXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcw
-AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAxBgNVHREEKjAoghBtdW5pbi5k
-ZWJpYW4ub3JnghR3d3cubXVuaW4uZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOC
-AQEAOMlST2Q+TEnkSl0/IwB5rdblKyBSWx92mnAxuge8ECDaptb7nbkvf/5nt6O8
-2M4hMH+1O4xkJJgACqyIZur/Ce2Ke4rtPiEELKM0HMOy/Q8JfX422Zx8C/bBXeJs
-/H/6+3TAM18ZqPEkjky2maRl87lB91G+7iWBH9iA9oSVpTXRi7vcM6tPWL9lPCWW
-jTfJL0yUmZ1vARym7sbiLCFOqRROLL0RqedG8YcL+KUKtoLbe041grR+3LF/ZEJB
-2ZCr3yZRiGSfIfle4gguaC65AAE+Wfxbu8UBJG8qDPImeTNkwWFeHkp1udC6urdb
-sfWlz7/lQ5pQIHuqLDPp+11Viw==
------END CERTIFICATE-----
-- 
2.20.1