From b25d5868502c9e5486b3dfde0fb76e30edd1d2e7 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 13 Jul 2023 12:57:02 +0200
Subject: [PATCH] Change the default fullchain path

---
 templates/nginx-server-ssl.conf.j2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/templates/nginx-server-ssl.conf.j2 b/templates/nginx-server-ssl.conf.j2
index c7f4a45..bca2241 100644
--- a/templates/nginx-server-ssl.conf.j2
+++ b/templates/nginx-server-ssl.conf.j2
@@ -43,7 +43,12 @@ ssl_stapling_verify on;
 {% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
 ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain;
 {% else %}
-ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/nginx/ssl/cacert.crt') }};
+{% if ansible_distribution_file_variety == "Debian" %}
+ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/ssl/certs/ca-certificates.crt') }};
+{% if ansible_distribution_file_variety == "RedHat" %}
+ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/pki/tls/cert.pem') }};
+{% endif %}
+{% endif %}
 {% endif %}
 add_header Strict-Transport-Security "max-age={{ nginx_strict_transport_security_expire }}{% if nginx_strict_transport_security_include_subdomains %}; includeSubdomains{% endif %}";
 {% endif %}