commit 4fcbf2f1d61d84c79f04dc3f2805dfe48df7ac69 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Sat Dec 5 18:15:05 2020 +0100 Switch to live letsencrypt for koji roles/koji_hub/templates/koji-ssl.conf | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) --- diff --git a/roles/koji_hub/templates/koji-ssl.conf b/roles/koji_hub/templates/koji-ssl.conf index 47a08d6..daaf40c 100644 --- a/roles/koji_hub/templates/koji-ssl.conf +++ b/roles/koji_hub/templates/koji-ssl.conf @@ -98,7 +98,8 @@ SSLCipherSuite {{ ssl_ciphers }} # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. #SSLCertificateFile /etc/pki/tls/certs/localhost.crt -SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem +#SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem +SSLCertificateFile /etc/letsencrypt/live/koji.rpmfusion.org/cert.pem # Server Private Key: # If the key is not combined with the certificate, use this @@ -106,7 +107,8 @@ SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem +#SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem +SSLCertificateKeyFile /etc/letsencrypt/live/koji.rpmfusion.org/privkey.pem # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -116,7 +118,8 @@ SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt -SSLCertificateChainFile /etc/pki/tls/certs/extras_cacert.pem +#SSLCertificateChainFile /etc/pki/tls/certs/extras_cacert.pem +SSLCertificateChainFile /etc/letsencrypt/live/koji.rpmfusion.org/chain.pem # Certificate Authority (CA): # Set the CA certificate verification path where to find CA