Switch piuparts.d.o SSL cert to letsencrypt

Signed-off-by: Julien Cristau <jcristau@debian.org>

diff --git a/modules/roles/manifests/piuparts.pp b/modules/roles/manifests/piuparts.pp
index eeec705..fbd69ef 100644 (file)
--- a/modules/roles/manifests/piuparts.pp
+++ b/modules/roles/manifests/piuparts.pp
@@ -1,6 +1,6 @@
 class roles::piuparts {
        ssl::service { 'piuparts.debian.org':
                notify => Service['apache2'],
-               tlsaport => 0,
+               key => true,
        }
 }

diff --git a/modules/ssl/files/chains/piuparts.debian.org.crt b/modules/ssl/files/chains/piuparts.debian.org.crt
deleted file mode 120000 (symlink)
index 50d224a..0000000
--- a/modules/ssl/files/chains/piuparts.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file

diff --git a/modules/ssl/files/servicecerts/piuparts.debian.org.crt b/modules/ssl/files/servicecerts/piuparts.debian.org.crt
deleted file mode 100644 (file)
index b5ae9c3..0000000
--- a/modules/ssl/files/servicecerts/piuparts.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            75:ae:7b:37:be:17:c1:4f:27:c5:d3:d8:cc:e1:68:23
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 20 00:00:00 2014 GMT
-            Not After : Apr 10 23:59:59 2016 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=piuparts.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:ba:8c:a3:23:3c:be:33:25:5b:b0:0f:99:fc:34:
-                    ed:21:b4:1a:9e:24:34:e4:3e:5b:54:cf:3f:51:13:
-                    8a:b3:68:4c:2f:74:e4:ec:17:32:46:0e:83:5d:a2:
-                    f4:82:52:e9:7f:32:e9:d0:a7:ca:6e:1c:1c:53:cd:
-                    05:9b:3c:f5:2f:81:b3:c6:d3:ef:c4:a7:e3:16:35:
-                    96:23:76:32:86:a8:11:f6:2e:c0:30:54:ec:48:a2:
-                    95:c1:52:47:be:f2:2c:10:16:76:99:e3:66:90:90:
-                    ac:1c:f2:b3:31:be:21:eb:9c:53:e2:b4:aa:b7:72:
-                    1d:cd:4d:e5:76:f4:19:8a:71:e9:99:52:f6:c8:bd:
-                    87:72:ed:04:5a:9c:af:e7:3d:46:4a:8a:e1:bb:f3:
-                    6c:1d:d7:27:a7:ff:2d:8f:8b:ab:ef:69:6c:be:60:
-                    ef:c5:fe:1d:ae:fd:03:c7:81:d3:c8:e1:be:c8:50:
-                    95:b1:dc:cd:15:f4:2d:39:3d:ec:20:9e:44:33:1d:
-                    90:73:2b:14:0a:69:a1:66:d3:41:2c:75:69:3e:f3:
-                    93:52:0f:b2:53:46:eb:7a:03:85:00:de:8a:65:7f:
-                    dc:7a:8c:f4:fd:2a:8f:66:d6:ad:78:d3:6e:0a:77:
-                    37:7e:84:bf:63:40:1e:c3:0c:37:73:bb:e5:e8:06:
-                    da:ba:fe:52:1b:5e:c2:62:af:a6:35:ea:75:1b:d6:
-                    df:d5:22:67:5f:81:64:46:27:1e:c2:e9:a1:6c:ea:
-                    af:19:80:16:3e:ca:1a:bd:a4:d9:89:ac:ee:42:e3:
-                    2a:ea:55:eb:fb:a2:8d:92:ee:64:8f:9b:b8:fa:6e:
-                    a6:e0:ba:f4:b1:c9:98:bf:0a:6f:6a:05:84:cc:a7:
-                    ba:2e:be:2a:24:4a:78:08:2d:09:d3:85:e0:dc:6f:
-                    43:96:11:82:5a:c4:a1:d3:8c:12:f8:06:79:66:0b:
-                    5e:4f:24:06:35:3a:1f:c6:66:9c:15:c2:ab:fb:f5:
-                    09:b4:68:4c:b6:87:af:8d:11:eb
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                8E:CB:0F:25:4A:9D:0E:C0:3B:87:7F:FD:D5:80:EC:7E:36:52:E0:86
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:piuparts.debian.org, DNS:www.piuparts.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         8a:97:9b:31:4c:32:39:c2:f7:7b:ed:3b:a6:3c:51:6d:60:ea:
-         e6:70:fa:5d:dd:3c:e5:2a:5f:dc:cd:ad:3d:d1:c5:62:75:c2:
-         29:99:b9:fb:55:de:42:5c:92:5b:c1:94:73:73:f8:3a:c0:fd:
-         57:6c:72:cb:3d:34:f2:e9:eb:ca:c5:cd:94:0c:c5:02:6d:6d:
-         a5:cd:71:b4:ae:3b:22:96:4d:8b:ea:a8:73:5a:e4:ca:c3:dd:
-         10:b3:94:f3:6a:89:d5:e6:ef:b7:5f:1e:fc:a1:c1:ae:21:63:
-         b8:af:a0:5b:89:9f:e8:08:89:db:7e:63:b3:ee:bc:3e:57:c2:
-         d2:69:43:b0:ab:dc:12:be:2d:67:3b:3a:f8:b7:9c:90:56:49:
-         5c:ec:6c:88:3c:fd:4b:57:36:e3:32:ab:3a:2a:9b:4c:d9:cf:
-         56:2f:c6:86:83:42:42:dc:96:20:90:e1:33:24:e8:7b:f4:4d:
-         dc:e7:23:dd:05:d2:ae:36:89:e6:cb:d2:6b:21:ea:6a:a1:86:
-         0b:e7:9a:5a:e3:ac:5c:f8:ad:2c:c6:2f:f2:0a:6a:db:fd:f2:
-         18:55:93:1f:d5:29:b7:e6:82:07:9d:b4:68:d6:32:83:72:15:
-         7d:76:c2:ef:23:e7:e2:44:c5:0d:f1:c5:4c:78:7e:de:c8:b9:
-         c2:ba:2a:26
------BEGIN CERTIFICATE-----
-MIIFiDCCBHCgAwIBAgIQda57N74XwU8nxdPYzOFoIzANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTQxMjIwMDAwMDAwWhcNMTYwNDEwMjM1OTU5WjBeMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEcMBoGA1UEAxMTcGl1cGFydHMuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEB
-BQADggGPADCCAYoCggGBALqMoyM8vjMlW7APmfw07SG0Gp4kNOQ+W1TPP1ETirNo
-TC905OwXMkYOg12i9IJS6X8y6dCnym4cHFPNBZs89S+Bs8bT78Sn4xY1liN2Moao
-EfYuwDBU7EiilcFSR77yLBAWdpnjZpCQrBzyszG+IeucU+K0qrdyHc1N5Xb0GYpx
-6ZlS9si9h3LtBFqcr+c9RkqK4bvzbB3XJ6f/LY+Lq+9pbL5g78X+Ha79A8eB08jh
-vshQlbHczRX0LTk97CCeRDMdkHMrFAppoWbTQSx1aT7zk1IPslNG63oDhQDeimV/
-3HqM9P0qj2bWrXjTbgp3N36Ev2NAHsMMN3O75egG2rr+UhtewmKvpjXqdRvW39Ui
-Z1+BZEYnHsLpoWzqrxmAFj7KGr2k2Yms7kLjKupV6/uijZLuZI+buPpupuC69LHJ
-mL8Kb2oFhMynui6+KiRKeAgtCdOF4NxvQ5YRglrEodOMEvgGeWYLXk8kBjU6H8Zm
-nBXCq/v1CbRoTLaHr40R6wIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUs5Cn2Mmv
-Ts1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFI7LDyVKnQ7AO4d//dWA7H42UuCGMA4G
-A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUH
-AgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6
-MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJk
-U1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9j
-cnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEF
-BQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA3BgNVHREEMDAughNwaXVw
-YXJ0cy5kZWJpYW4ub3Jnghd3d3cucGl1cGFydHMuZGViaWFuLm9yZzANBgkqhkiG
-9w0BAQsFAAOCAQEAipebMUwyOcL3e+07pjxRbWDq5nD6Xd085Spf3M2tPdHFYnXC
-KZm5+1XeQlySW8GUc3P4OsD9V2xyyz008unrysXNlAzFAm1tpc1xtK47IpZNi+qo
-c1rkysPdELOU82qJ1ebvt18e/KHBriFjuK+gW4mf6AiJ235js+68PlfC0mlDsKvc
-Er4tZzs6+LeckFZJXOxsiDz9S1c24zKrOiqbTNnPVi/GhoNCQtyWIJDhMyToe/RN
-3Ocj3QXSrjaJ5svSayHqaqGGC+eaWuOsXPitLMYv8gpq2/3yGFWTH9Upt+aCB520
-aNYyg3IVfXbC7yPn4kTFDfHFTHh+3si5wroqJg==
------END CERTIFICATE-----