IPA server: Fix the letsencrypt acme hook and the letsencrypt proxy entry for the httpd server.

This commit is contained in:
Andrea Dell'Amico 2020-03-31 23:20:52 +02:00
parent 54155b9672
commit 6043de35f4
2 changed files with 7 additions and 1 deletions

View File

@ -2,6 +2,12 @@
- block:
- name: Install the apache letsencrypt directives on trusty
template: src=letsencrypt-proxy.conf.j2 dest=/etc/apache2/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
when: ansible_distribution_file_variety == "Debian"
notify: httpd reload
- name: Install the apache letsencrypt directives on CentOS
template: src=letsencrypt-proxy.conf.j2 dest=/etc/httpd/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
when: ansible_distribution_file_variety == "RedHat"
notify: httpd reload
- name: Create the acme hooks directory if it does not yet exist

View File

@ -18,7 +18,7 @@ krb_realm=$( grep realm /etc/ipa/default.conf | awk '{ print $3 }' )
/bin/cp -f "$LE_CERTS_DIR/fullchain" /etc/pki/ipa/cert.pem
/bin/cp -f "$LE_CERTS_DIR/privkey" /etc/pki/ipa/cert-key.pem
ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p ''
ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p '{{ ipa_manager_password }}'
systemctl reload httpd
systemctl restart "dirsrv@${krb_realm//./-}.service"