From 7b2a0a1b1ebd8b5826add3f9c40120e700905cfb Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Sat, 9 Oct 2021 17:21:53 +0200
Subject: [PATCH] Fix the letsencrypt defaults.

---
 defaults/main.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 723b705..c278749 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -120,8 +120,9 @@ psql_force_ssl_client_connection: False
 postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
 psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
-psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
-psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
+psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
+# In CentOS/RHEL is /etc/pki/tls/cert.pem
+psql_ssl_ca_file: '/etc/ssl/certs/ca-certificates.crt'
 psql_conf_ssl_parameters: 
   - { name: 'ssl', value: 'true' }
   - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }