From e907af2356704731fcaf16b7e00b655cd363f5f5 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Fri, 1 Jul 2016 22:56:02 +0200
Subject: [PATCH] Switch wiki.debian.org to letsencrypt

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
 modules/roles/manifests/wiki.pp               |   2 +-
 modules/ssl/files/chains/wiki.debian.org.crt  |   1 -
 .../files/servicecerts/wiki.debian.org.crt    | 118 ------------------
 3 files changed, 1 insertion(+), 120 deletions(-)
 delete mode 120000 modules/ssl/files/chains/wiki.debian.org.crt
 delete mode 100644 modules/ssl/files/servicecerts/wiki.debian.org.crt

diff --git a/modules/roles/manifests/wiki.pp b/modules/roles/manifests/wiki.pp
index f745f041d..b5939dc37 100644
--- a/modules/roles/manifests/wiki.pp
+++ b/modules/roles/manifests/wiki.pp
@@ -1,7 +1,7 @@
 class roles::wiki {
 	ssl::service { 'wiki.debian.org':
 		notify => Service['apache2'],
-		tlsaport => [],
+		key => true,
 	}
 	rsync::site { 'wiki':
 		source => 'puppet:///modules/roles/wiki/rsyncd.conf',
diff --git a/modules/ssl/files/chains/wiki.debian.org.crt b/modules/ssl/files/chains/wiki.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/wiki.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/wiki.debian.org.crt b/modules/ssl/files/servicecerts/wiki.debian.org.crt
deleted file mode 100644
index 004cd26b0..000000000
--- a/modules/ssl/files/servicecerts/wiki.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            46:bf:97:ce:03:e1:6f:ba:6d:20:c2:a0:85:98:bb:b2
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Jul 13 00:00:00 2015 GMT
-            Not After : Jul 29 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=wiki.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:d1:0d:ee:73:7a:54:33:34:d6:fe:41:c8:e6:0a:
-                    57:08:3b:a6:41:0a:47:05:21:b4:80:a6:f7:e6:8e:
-                    02:dd:d9:27:e5:65:30:2f:6e:bc:42:b5:2f:97:a5:
-                    d1:17:a2:43:bb:fe:00:61:85:cc:52:d1:12:56:97:
-                    ac:33:61:2b:8b:35:51:6e:da:90:e0:8e:c6:6f:63:
-                    bc:be:ee:c7:a2:eb:e2:2b:0e:fe:bb:6a:00:7e:4d:
-                    69:e7:a3:1f:5a:f2:4d:49:c6:28:3e:ec:f7:36:3a:
-                    65:78:21:0c:65:c3:f0:28:1f:e1:96:f1:0b:72:62:
-                    02:e9:95:53:13:50:eb:5b:4b:91:ae:9d:0f:79:74:
-                    cb:ce:a2:a6:5e:f8:7c:1e:72:79:94:13:f1:c0:1e:
-                    52:d3:1b:07:66:6b:72:e9:57:f6:b0:2f:12:4f:06:
-                    af:12:7c:b6:0b:b6:87:a9:03:2c:7d:d6:ff:6c:a4:
-                    df:e3:9c:ab:7b:cc:2b:8e:b9:ef:2c:13:c9:b4:34:
-                    a7:59:5d:70:0a:40:2b:d8:6a:53:99:80:80:43:d4:
-                    01:36:f7:22:2d:6c:9e:f8:34:b3:30:fa:c3:eb:5a:
-                    f0:dd:6e:68:3a:94:ac:1e:9c:46:0d:60:dd:5f:36:
-                    2f:7c:1b:00:df:de:26:95:57:91:52:3f:47:84:d5:
-                    4d:c1:3c:92:f7:13:9e:69:3e:c9:52:ab:1e:f5:12:
-                    0e:bf:b5:3f:f3:3f:5e:9b:74:14:c4:0e:31:6c:46:
-                    e5:66:b0:03:c3:7a:e3:79:6e:8f:e7:b0:fb:7e:a2:
-                    a0:b0:8a:3a:17:c4:62:ff:57:4a:d6:80:53:02:99:
-                    da:7d:36:29:b1:43:0c:cb:3d:78:e0:e7:c6:0c:81:
-                    5a:c8:1d:48:2a:f6:ce:c1:4c:8f:ad:6b:97:5a:32:
-                    d2:f8:68:3a:17:fa:6e:1e:8f:f4:5c:fa:35:32:15:
-                    da:8f:5a:d0:88:cc:07:ef:ab:0e:c0:96:36:b9:68:
-                    b8:6a:f5:a1:5a:5c:62:95:ab:59
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                FA:AE:C6:F4:6E:42:7E:7C:95:04:0D:3A:AF:C6:55:3A:3F:B5:5B:19
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:wiki.debian.org, DNS:www.wiki.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         68:fa:21:89:a9:f7:41:b2:7b:b4:b9:84:35:85:ce:50:42:cb:
-         c1:cd:a0:c1:89:35:12:2d:35:a4:f6:32:1d:f2:b5:28:93:0d:
-         1c:8c:9d:ec:08:23:bf:0c:a3:85:68:94:0d:75:da:96:99:c5:
-         68:77:d5:56:d7:a5:c8:f4:49:43:14:4d:b0:48:7d:85:27:ac:
-         70:cb:21:12:3b:cc:9c:7e:1a:01:8c:2e:aa:ae:91:48:63:76:
-         0c:40:30:c9:ae:eb:ae:3a:61:34:36:96:e7:64:71:db:1e:7e:
-         a5:45:ee:37:02:2d:9d:af:8c:ca:9b:c8:25:5a:4a:a9:b7:75:
-         46:fc:d5:15:30:1f:9d:4a:f7:21:bc:e1:bc:fe:ea:6e:de:f4:
-         68:0d:c5:6e:04:4e:c6:8c:fb:d0:2a:d7:42:21:3c:75:e2:88:
-         0d:2e:aa:3e:19:d1:d5:f2:34:13:63:67:03:be:61:94:22:d5:
-         f9:ce:58:20:f5:1d:cd:76:a1:b8:72:8a:a5:32:01:8a:a7:5c:
-         4a:32:8c:dd:49:6f:ed:26:29:a2:3c:04:f2:25:e2:22:12:1a:
-         7a:92:55:55:b4:67:2a:43:d8:9b:06:b2:ef:c0:65:78:43:d1:
-         4f:ee:c2:53:83:b2:7d:66:d8:bd:3c:d4:81:e0:11:4b:19:3a:
-         63:c0:75:39
------BEGIN CERTIFICATE-----
-MIIFfDCCBGSgAwIBAgIQRr+XzgPhb7ptIMKghZi7sjANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUwNzEzMDAwMDAwWhcNMTYwNzI5MjM1OTU5WjBaMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEYMBYGA1UEAxMPd2lraS5kZWJpYW4ub3JnMIIBojANBgkqhkiG9w0BAQEFAAOC
-AY8AMIIBigKCAYEA0Q3uc3pUMzTW/kHI5gpXCDumQQpHBSG0gKb35o4C3dkn5WUw
-L268QrUvl6XRF6JDu/4AYYXMUtESVpesM2ErizVRbtqQ4I7Gb2O8vu7HouviKw7+
-u2oAfk1p56MfWvJNScYoPuz3NjpleCEMZcPwKB/hlvELcmIC6ZVTE1DrW0uRrp0P
-eXTLzqKmXvh8HnJ5lBPxwB5S0xsHZmty6Vf2sC8STwavEny2C7aHqQMsfdb/bKTf
-45yre8wrjrnvLBPJtDSnWV1wCkAr2GpTmYCAQ9QBNvciLWye+DSzMPrD61rw3W5o
-OpSsHpxGDWDdXzYvfBsA394mlVeRUj9HhNVNwTyS9xOeaT7JUqse9RIOv7U/8z9e
-m3QUxA4xbEblZrADw3rjeW6P57D7fqKgsIo6F8Ri/1dK1oBTApnafTYpsUMMyz14
-4OfGDIFayB1IKvbOwUyPrWuXWjLS+Gg6F/puHo/0XPo1MhXaj1rQiMwH76sOwJY2
-uWi4avWhWlxilatZAgMBAAGjggG3MIIBszAfBgNVHSMEGDAWgBSzkKfYya9OzWE8
-n3ytXX9B/Wkw6jAdBgNVHQ4EFgQU+q7G9G5CfnyVBA06r8ZVOj+1WxkwDgYDVR0P
-AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcCARYZ
-aHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDowODA2
-oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xD
-QTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2NydC51
-c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUFBzAB
-hhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMC8GA1UdEQQoMCaCD3dpa2kuZGVi
-aWFuLm9yZ4ITd3d3Lndpa2kuZGViaWFuLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEA
-aPohian3QbJ7tLmENYXOUELLwc2gwYk1Ei01pPYyHfK1KJMNHIyd7AgjvwyjhWiU
-DXXalpnFaHfVVtelyPRJQxRNsEh9hSescMshEjvMnH4aAYwuqq6RSGN2DEAwya7r
-rjphNDaW52Rx2x5+pUXuNwItna+MypvIJVpKqbd1RvzVFTAfnUr3IbzhvP7qbt70
-aA3FbgROxoz70CrXQiE8deKIDS6qPhnR1fI0E2NnA75hlCLV+c5YIPUdzXahuHKK
-pTIBiqdcSjKM3Ulv7SYpojwE8iXiIhIaepJVVbRnKkPYmway78BleEPRT+7CU4Oy
-fWbYvTzUgeARSxk6Y8B1OQ==
------END CERTIFICATE-----
-- 
2.20.1