Switch HTTPS vhosts to Let's Encrypt certificates

For now I generated the certs manually, but in the future the play- book should run the letsencrypt-auto client for us! Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-11-07 20:52:48 +03:00
parent 13a1889017
commit c0431d4247
4 changed files with 64 additions and 903 deletions
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@ -4,8 +4,8 @@

    # concatenated key + cert
    # See: http://nginx.org/en/docs/http/configuring_https_servers.html
-    ssl_certificate {{ tls_key_dir }}/{{ domain_name }}.crt.pem;
-    ssl_certificate_key {{ tls_key_dir }}/{{ domain_name }}.crt.pem;
+    ssl_certificate {{ tls_key_dir }}/{{ domain_name }}/fullchain.pem;
+    ssl_certificate_key {{ tls_key_dir }}/{{ domain_name }}/privkey.pem;

    ssl_session_timeout {{ nginx_ssl_session_timeout }};
    ssl_session_cache {{ nginx_ssl_session_cache }};