Use letsencrypt cert for packages.d.o

Signed-off-by: Julien Cristau <jcristau@debian.org>

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 3227a6e..3e2b575 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -244,7 +244,7 @@ class roles {
        if has_role('packages') {
                ssl::service { 'packages.debian.org':
                        notify => Service['apache2'],
-                       tlsaport => [],
+                       key => true,
                }
        }
 

diff --git a/modules/ssl/files/chains/packages.debian.org.crt b/modules/ssl/files/chains/packages.debian.org.crt
deleted file mode 120000 (symlink)
index 50d224a..0000000
--- a/modules/ssl/files/chains/packages.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file

diff --git a/modules/ssl/files/servicecerts/packages.debian.org.crt b/modules/ssl/files/servicecerts/packages.debian.org.crt
deleted file mode 100644 (file)
index cd6dd74..0000000
--- a/modules/ssl/files/servicecerts/packages.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            db:c3:d4:d0:7c:e1:9c:fc:a9:69:04:ff:03:03:a9:d4
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 20 00:00:00 2014 GMT
-            Not After : Apr  2 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=packages.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:a2:fa:c4:d8:b0:0a:61:bf:f4:88:ba:c5:8a:c8:
-                    07:b6:cb:62:92:a1:ae:68:c9:f5:c5:a8:01:34:e3:
-                    97:db:f8:50:87:a9:e9:03:ec:6c:57:be:ad:eb:57:
-                    8e:7d:c1:07:cc:e4:6a:6e:6e:83:5b:d9:03:11:2d:
-                    2c:f7:a4:e4:3b:e2:97:65:c5:a2:13:65:81:6f:15:
-                    b1:ca:b2:a0:20:c0:b5:d8:c9:49:2c:30:74:14:21:
-                    1a:99:ef:6e:5d:99:64:75:e5:aa:69:7c:7a:08:81:
-                    7a:ed:d0:1a:47:28:74:d3:fd:45:60:6c:0e:7e:24:
-                    4b:48:0a:52:39:27:c0:23:3f:54:2f:b9:b8:dc:09:
-                    06:ce:bd:bf:a0:bc:82:26:28:c6:73:01:f9:aa:d9:
-                    ca:4a:35:4d:3a:54:14:43:b8:53:ec:f3:ce:cd:b3:
-                    6c:df:9b:69:59:30:a3:b9:f3:d0:51:6e:8c:9a:60:
-                    e8:07:82:64:04:7f:16:64:fe:8c:aa:59:d2:65:e2:
-                    4a:39:97:e4:ee:8f:d1:f9:36:5c:75:32:13:4d:9d:
-                    a1:c9:77:3b:8f:96:1e:77:38:39:90:18:c0:5f:80:
-                    b4:ac:9d:90:61:19:f6:06:f6:96:ec:34:63:5b:df:
-                    1f:4a:5a:54:63:c8:8a:60:3b:15:b3:a9:ae:bf:de:
-                    97:5e:ad:67:99:13:82:b3:39:df:ba:f5:86:43:c1:
-                    e1:32:68:2e:90:a2:d8:74:d7:ae:39:ab:ad:4a:06:
-                    34:ac:ea:a9:3c:a4:07:5d:c9:21:e6:6b:f0:a6:1e:
-                    1b:ce:f3:20:81:0c:32:e1:ac:11:8f:3e:65:ae:f2:
-                    cd:c5:02:50:6e:39:69:9c:13:99:bd:c2:69:5b:4b:
-                    f9:fd:9b:92:cf:99:61:57:d5:ae:b3:ad:f6:9f:ef:
-                    f4:71:16:61:25:ac:48:35:32:c0:81:ec:c2:b6:e2:
-                    25:e5:d8:94:a6:ec:cc:8c:12:be:f8:5f:34:11:89:
-                    41:58:cd:59:c8:4d:ef:7c:5e:09
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                7E:60:78:43:69:9A:AE:C0:6E:74:4D:AA:7B:E8:9B:E1:49:AC:8B:7C
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:packages.debian.org, DNS:www.packages.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         69:01:38:38:9e:33:d5:eb:ed:dc:1f:67:a3:a0:06:05:31:92:
-         2f:ed:8a:1a:4c:24:3c:0f:50:ad:9a:3d:0f:e6:ea:f0:e7:8c:
-         3c:94:72:aa:88:09:7a:4c:9f:12:ea:8c:fd:c0:39:c7:2c:f7:
-         b6:7d:26:78:42:1e:72:4f:dd:3e:5c:b1:e5:91:9f:03:fc:8f:
-         e1:59:5f:3e:93:fa:41:c4:68:9f:7a:9c:50:89:27:f4:a8:85:
-         bb:e1:6b:63:ab:ce:0a:91:05:6d:e0:ef:0f:75:a8:08:34:3e:
-         5d:11:a4:45:2d:60:ce:37:a5:0b:69:de:25:1f:ae:20:75:35:
-         ec:ad:84:83:c2:0f:c0:9b:a2:00:26:c2:b9:7d:35:84:89:79:
-         e5:0d:29:f2:5b:e6:74:6a:d1:59:b0:60:b5:c9:17:29:d6:83:
-         b3:93:c9:4c:47:26:e4:b3:5f:5f:ae:7d:e2:65:c4:b8:57:8f:
-         8a:ea:b5:a8:a4:33:13:51:28:1c:e5:0b:72:a9:45:11:6d:7a:
-         06:d9:02:76:a6:c9:bb:88:9c:3e:74:8d:77:f8:79:c8:ad:0f:
-         40:54:76:8a:2e:8c:08:bb:8c:6c:cd:5a:a4:cb:ea:03:48:6f:
-         f6:c8:8a:31:f0:15:00:d6:0a:b7:fd:09:18:ed:bf:df:cc:ac:
-         3a:66:7b:17
------BEGIN CERTIFICATE-----
-MIIFiTCCBHGgAwIBAgIRANvD1NB84Zz8qWkE/wMDqdQwDQYJKoZIhvcNAQELBQAw
-XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
-MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
-MB4XDTE0MTIyMDAwMDAwMFoXDTE2MDQwMjIzNTk1OVowXjEhMB8GA1UECxMYRG9t
-YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
-U0wxHDAaBgNVBAMTE3BhY2thZ2VzLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3DQEB
-AQUAA4IBjwAwggGKAoIBgQCi+sTYsAphv/SIusWKyAe2y2KSoa5oyfXFqAE045fb
-+FCHqekD7GxXvq3rV459wQfM5GpuboNb2QMRLSz3pOQ74pdlxaITZYFvFbHKsqAg
-wLXYyUksMHQUIRqZ725dmWR15appfHoIgXrt0BpHKHTT/UVgbA5+JEtIClI5J8Aj
-P1QvubjcCQbOvb+gvIImKMZzAfmq2cpKNU06VBRDuFPs887Ns2zfm2lZMKO589BR
-boyaYOgHgmQEfxZk/oyqWdJl4ko5l+Tuj9H5Nlx1MhNNnaHJdzuPlh53ODmQGMBf
-gLSsnZBhGfYG9pbsNGNb3x9KWlRjyIpgOxWzqa6/3pderWeZE4KzOd+69YZDweEy
-aC6Qoth01645q61KBjSs6qk8pAddySHma/CmHhvO8yCBDDLhrBGPPmWu8s3FAlBu
-OWmcE5m9wmlbS/n9m5LPmWFX1a6zrfaf7/RxFmElrEg1MsCB7MK24iXl2JSm7MyM
-Er74XzQRiUFYzVnITe98XgkCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFLOQp9jJ
-r07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBR+YHhDaZquwG50Tap76JvhSayLfDAO
-BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUF
-BwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8E
-OjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFy
-ZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8v
-Y3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYB
-BQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wNwYDVR0RBDAwLoITcGFj
-a2FnZXMuZGViaWFuLm9yZ4IXd3d3LnBhY2thZ2VzLmRlYmlhbi5vcmcwDQYJKoZI
-hvcNAQELBQADggEBAGkBODieM9Xr7dwfZ6OgBgUxki/tihpMJDwPUK2aPQ/m6vDn
-jDyUcqqICXpMnxLqjP3AOccs97Z9JnhCHnJP3T5cseWRnwP8j+FZXz6T+kHEaJ96
-nFCJJ/Sohbvha2OrzgqRBW3g7w91qAg0Pl0RpEUtYM43pQtp3iUfriB1NeythIPC
-D8CbogAmwrl9NYSJeeUNKfJb5nRq0VmwYLXJFynWg7OTyUxHJuSzX1+ufeJlxLhX
-j4rqtaikMxNRKBzlC3KpRRFtegbZAnamybuInD50jXf4ecitD0BUdooujAi7jGzN
-WqTL6gNIb/bIijHwFQDWCrf9CRjtv9/MrDpmexc=
------END CERTIFICATE-----