From 6043de35f451832f06e4d4f5f04e3e91c0f240c5 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 31 Mar 2020 23:20:52 +0200
Subject: [PATCH] IPA server: Fix the letsencrypt acme hook and the letsencrypt
 proxy entry for the httpd server.

---
 library/roles/ipa-server/tasks/main.yml                     | 6 ++++++
 .../roles/ipa-server/templates/ipa-letsencrypt-acmetool.sh  | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/library/roles/ipa-server/tasks/main.yml b/library/roles/ipa-server/tasks/main.yml
index 6c9057c2..350fe0e4 100644
--- a/library/roles/ipa-server/tasks/main.yml
+++ b/library/roles/ipa-server/tasks/main.yml
@@ -2,6 +2,12 @@
 - block:
   - name: Install the apache letsencrypt directives on trusty
     template: src=letsencrypt-proxy.conf.j2 dest=/etc/apache2/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
+    when:  ansible_distribution_file_variety == "Debian"
+    notify: httpd reload
+    
+  - name: Install the apache letsencrypt directives on CentOS
+    template: src=letsencrypt-proxy.conf.j2 dest=/etc/httpd/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
+    when:  ansible_distribution_file_variety == "RedHat"
     notify: httpd reload
     
   - name: Create the acme hooks directory if it does not yet exist
diff --git a/library/roles/ipa-server/templates/ipa-letsencrypt-acmetool.sh b/library/roles/ipa-server/templates/ipa-letsencrypt-acmetool.sh
index 47522aca..2f369cd3 100644
--- a/library/roles/ipa-server/templates/ipa-letsencrypt-acmetool.sh
+++ b/library/roles/ipa-server/templates/ipa-letsencrypt-acmetool.sh
@@ -18,7 +18,7 @@ krb_realm=$( grep realm /etc/ipa/default.conf | awk '{ print $3 }' )
 /bin/cp -f "$LE_CERTS_DIR/fullchain" /etc/pki/ipa/cert.pem
 /bin/cp -f "$LE_CERTS_DIR/privkey" /etc/pki/ipa/cert-key.pem
 
-ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p '' 
+ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p '{{ ipa_manager_password }}' 
 systemctl reload httpd
 systemctl restart "dirsrv@${krb_realm//./-}.service"