From 10d6c58819874b3c6e8816398d88f9dc851c4240 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 15:00:20 +0200
Subject: [PATCH] LE cert for ftp-master

---
 modules/roles/manifests/ftp_master.pp         |   2 +-
 .../files/chains/ftp-master.debian.org.crt    |   1 -
 .../servicecerts/ftp-master.debian.org.crt    | 118 ------------------
 3 files changed, 1 insertion(+), 120 deletions(-)
 delete mode 120000 modules/ssl/files/chains/ftp-master.debian.org.crt
 delete mode 100644 modules/ssl/files/servicecerts/ftp-master.debian.org.crt

diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index 70c0dfccd..357b0d0e8 100644
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -7,6 +7,6 @@ class roles::ftp_master {
 
 	ssl::service { 'ftp-master.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 }
diff --git a/modules/ssl/files/chains/ftp-master.debian.org.crt b/modules/ssl/files/chains/ftp-master.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/ftp-master.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/ftp-master.debian.org.crt b/modules/ssl/files/servicecerts/ftp-master.debian.org.crt
deleted file mode 100644
index 10dbd61a1..000000000
--- a/modules/ssl/files/servicecerts/ftp-master.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            e4:44:4f:ad:f0:34:30:52:5c:a9:b1:2c:ca:d9:af:e9
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 22 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=ftp-master.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:9c:19:aa:17:5d:3f:1a:9f:83:3e:3d:e8:ae:5d:
-                    cc:89:fa:53:1c:1d:8f:9f:1a:9d:14:51:6c:18:41:
-                    44:80:d3:aa:44:2b:0f:f4:5f:50:5a:46:c7:21:9d:
-                    55:8c:90:74:4b:62:e3:6e:40:75:fd:32:60:74:53:
-                    98:7a:3f:dc:af:6f:68:f8:b9:a7:02:72:f3:f7:be:
-                    fb:de:a0:d6:e9:e0:53:02:3d:8b:3a:bd:e2:b6:c6:
-                    eb:58:3d:a9:52:8e:4e:66:d8:13:3c:4d:72:09:61:
-                    1c:23:88:40:ca:c8:68:db:16:c6:d2:57:24:ff:0d:
-                    f3:24:56:c6:6b:0d:83:e7:19:60:c3:bc:0a:bb:8d:
-                    b8:a2:b1:5d:77:16:24:5e:69:51:85:38:c5:5f:8b:
-                    34:29:02:bc:bc:31:d3:06:24:74:8e:ec:18:d8:86:
-                    b1:41:a9:c6:ea:d2:3e:5a:8e:94:e4:5d:b9:b6:72:
-                    04:1d:ac:40:c2:24:c3:2c:68:da:84:c3:99:e7:76:
-                    c4:c7:75:7a:0d:a5:5c:43:83:3d:b7:78:e7:20:e3:
-                    cc:d0:1e:24:b9:cc:2f:6a:d4:8e:f7:97:a1:1e:8e:
-                    61:30:87:f5:71:82:1f:ae:9b:78:83:ad:73:6a:90:
-                    e1:52:9d:0d:be:39:e9:9d:3c:64:5a:64:de:a1:64:
-                    1d:ad:e4:90:13:40:b2:af:9d:37:8d:f5:b2:c1:27:
-                    94:1d:da:52:e3:ac:5c:03:af:2c:ce:3f:7a:87:d1:
-                    4c:d9:54:e4:77:2c:5b:1a:ff:66:39:d2:ba:93:93:
-                    ff:bc:8e:8b:c5:f2:f6:18:59:a5:bd:73:d2:e8:b4:
-                    7f:77:16:65:17:3c:df:32:60:c0:c8:83:ba:de:27:
-                    c7:f4:3a:2b:6b:c9:ff:d9:60:39:d2:b3:20:f7:47:
-                    8d:1e:fd:e3:97:49:af:c5:f9:15:07:01:02:c5:71:
-                    40:14:18:76:96:24:81:9c:1e:45:1a:c4:a0:c0:06:
-                    8d:f8:83:45:ac:9e:6e:97:5e:23
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                C8:6D:7F:2E:48:0D:5C:A1:DB:6F:71:E7:34:F3:C1:E4:17:BE:DE:72
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:ftp-master.debian.org, DNS:www.ftp-master.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         7c:77:d5:76:b7:73:00:25:54:c7:6d:d6:67:1c:8c:46:49:52:
-         08:62:24:12:ab:b3:1a:91:36:59:22:d9:c3:13:4b:e7:77:c1:
-         7c:9b:9c:b7:ad:ca:3f:cc:0d:fc:00:d1:6a:9d:dc:8a:1d:d1:
-         26:7e:7b:24:f7:7e:7e:cf:f7:30:57:79:d2:dc:b8:48:7b:48:
-         a3:9a:a6:90:80:89:8e:8c:75:cc:ff:e3:12:94:de:6a:d2:bf:
-         70:50:83:ea:b9:8d:73:b4:1a:49:a8:33:d5:10:03:65:ce:a8:
-         0a:99:79:01:ba:4e:c4:a1:95:6a:e8:f2:6f:68:37:01:fc:c7:
-         ac:15:3b:4d:69:1f:36:11:70:e8:cd:34:ad:96:30:03:fc:35:
-         c2:76:90:68:83:af:ca:c5:92:56:10:ab:cd:94:af:34:78:2c:
-         90:da:29:62:42:a1:08:14:2f:30:e2:71:c1:20:d9:33:2a:e3:
-         3b:6c:cc:37:d4:ca:2f:f7:56:57:8f:04:1d:ee:17:ea:8f:d4:
-         65:69:96:73:df:97:46:92:04:2d:ff:26:b8:e0:6d:5b:26:1b:
-         01:66:c5:04:26:39:b6:dd:cd:32:f3:27:5d:be:9d:ea:a0:1d:
-         f1:45:98:e8:a4:f0:d0:36:d7:ec:ec:9e:64:b5:13:7d:aa:36:
-         da:7f:dc:5c
------BEGIN CERTIFICATE-----
-MIIFjzCCBHegAwIBAgIRAORET63wNDBSXKmxLMrZr+kwDQYJKoZIhvcNAQELBQAw
-XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
-MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE1MTIxMTAwMDAwMFoXDTE3MDEyMjIzNTk1OVowYDEhMB8GA1UECxMYRG9t
-YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
-U0wxHjAcBgNVBAMTFWZ0cC1tYXN0ZXIuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcN
-AQEBBQADggGPADCCAYoCggGBAJwZqhddPxqfgz496K5dzIn6Uxwdj58anRRRbBhB
-RIDTqkQrD/RfUFpGxyGdVYyQdEti425Adf0yYHRTmHo/3K9vaPi5pwJy8/e++96g
-1ungUwI9izq94rbG61g9qVKOTmbYEzxNcglhHCOIQMrIaNsWxtJXJP8N8yRWxmsN
-g+cZYMO8CruNuKKxXXcWJF5pUYU4xV+LNCkCvLwx0wYkdI7sGNiGsUGpxurSPlqO
-lORdubZyBB2sQMIkwyxo2oTDmed2xMd1eg2lXEODPbd45yDjzNAeJLnML2rUjveX
-oR6OYTCH9XGCH66beIOtc2qQ4VKdDb456Z08ZFpk3qFkHa3kkBNAsq+dN431ssEn
-lB3aUuOsXAOvLM4/eofRTNlU5HcsWxr/ZjnSupOT/7yOi8Xy9hhZpb1z0ui0f3cW
-ZRc83zJgwMiDut4nx/Q6K2vJ/9lgOdKzIPdHjR7945dJr8X5FQcBAsVxQBQYdpYk
-gZweRRrEoMAGjfiDRayebpdeIwIDAQABo4IBwzCCAb8wHwYDVR0jBBgwFoAUs5Cn
-2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFMhtfy5IDVyh229x5zTzweQXvt5y
-MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYB
-BQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1Ud
-HwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5k
-YXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6
-Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggr
-BgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA7BgNVHREENDAyghVm
-dHAtbWFzdGVyLmRlYmlhbi5vcmeCGXd3dy5mdHAtbWFzdGVyLmRlYmlhbi5vcmcw
-DQYJKoZIhvcNAQELBQADggEBAHx31Xa3cwAlVMdt1mccjEZJUghiJBKrsxqRNlki
-2cMTS+d3wXybnLetyj/MDfwA0Wqd3Iod0SZ+eyT3fn7P9zBXedLcuEh7SKOappCA
-iY6Mdcz/4xKU3mrSv3BQg+q5jXO0GkmoM9UQA2XOqAqZeQG6TsShlWro8m9oNwH8
-x6wVO01pHzYRcOjNNK2WMAP8NcJ2kGiDr8rFklYQq82UrzR4LJDaKWJCoQgULzDi
-ccEg2TMq4ztszDfUyi/3VlePBB3uF+qP1GVplnPfl0aSBC3/JrjgbVsmGwFmxQQm
-ObbdzTLzJ12+neqgHfFFmOik8NA21+zsnmS1E32qNtp/3Fw=
------END CERTIFICATE-----
-- 
2.20.1