roles/nginx: Use snakeoil cert from ssl-cert

Instead of manually creating our own self-signed certificate we can use the one created automatically by the ssl-cert package on Debian. This is only used by the dummy default HTTPS vhost.
2021-07-01 18:11:34 +03:00
parent 681be5eb19
commit 6c3cf40a16
3 changed files with 11 additions and 10 deletions
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@ -7,11 +7,6 @@
    notify:
      - reload nginx

-  - name: Generate self-signed TLS cert
-    command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt
-    notify:
-      - reload nginx
-
  - name: Download 4096-bit RFC 7919 dhparams
    get_url:
      url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem