Add the root CA to the full chain.

2021-09-29 23:17:51 +02:00 · 2021-09-29 23:17:51 +02:00 · 89ad15151c
parent 311fb2bf65
commit 89ad15151c
3 changed files with 3 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -29,5 +29,6 @@ ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns
 ipa_run_the_installation_command: True
 ipa_ssl_letsencrypt_managed: True
 ipa_ssl_letsencrypt_use_hook: False
+ipa_letsencrypt_root_ca: /etc/pki/ca-trust/source/anchors/isrgrootx1.pem
 ipa_letsencrypt_ca_filename: letsencrypt-ca-all.pem
 ipa_letsencrypt_cron_job_day: '1'
--- a/templates/ipa-letsencrypt-acmetool.sh
+++ b/templates/ipa-letsencrypt-acmetool.sh
@ -11,7 +11,7 @@ echo "$DATE" >> $LOG_FILE

 krb_realm=$( grep realm /etc/ipa/default.conf | awk '{ print $3 }' )

-/bin/cp -f "$LE_CERTS_DIR/fullchain" /etc/pki/ipa/cert.pem
+/bin/cat {{ ipa_letsencrypt_root_ca }} "$LE_CERTS_DIR/fullchain" > /etc/pki/ipa/cert.pem
 /bin/cp -f "$LE_CERTS_DIR/privkey" /etc/pki/ipa/cert-key.pem
 chmod 400 /etc/pki/ipa/cert-key.pem

--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,2 +1,2 @@
 ---
-# vars file for ansible-role-template
+trusted_ca_letsencrypt_install: True