From 89ad15151c6ed7082658009b57bf20774ced8fd8 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 29 Sep 2021 23:17:51 +0200
Subject: [PATCH] Add the root CA to the full chain.

---
 defaults/main.yml                     | 1 +
 templates/ipa-letsencrypt-acmetool.sh | 2 +-
 vars/main.yml                         | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 10822f0..9fb412b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -29,5 +29,6 @@ ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns
 ipa_run_the_installation_command: True
 ipa_ssl_letsencrypt_managed: True
 ipa_ssl_letsencrypt_use_hook: False
+ipa_letsencrypt_root_ca: /etc/pki/ca-trust/source/anchors/isrgrootx1.pem
 ipa_letsencrypt_ca_filename: letsencrypt-ca-all.pem
 ipa_letsencrypt_cron_job_day: '1'
diff --git a/templates/ipa-letsencrypt-acmetool.sh b/templates/ipa-letsencrypt-acmetool.sh
index 025c82e..46cdcdc 100644
--- a/templates/ipa-letsencrypt-acmetool.sh
+++ b/templates/ipa-letsencrypt-acmetool.sh
@@ -11,7 +11,7 @@ echo "$DATE" >> $LOG_FILE
 
 krb_realm=$( grep realm /etc/ipa/default.conf | awk '{ print $3 }' )
 
-/bin/cp -f "$LE_CERTS_DIR/fullchain" /etc/pki/ipa/cert.pem
+/bin/cat {{ ipa_letsencrypt_root_ca }} "$LE_CERTS_DIR/fullchain" > /etc/pki/ipa/cert.pem
 /bin/cp -f "$LE_CERTS_DIR/privkey" /etc/pki/ipa/cert-key.pem
 chmod 400 /etc/pki/ipa/cert-key.pem
 
diff --git a/vars/main.yml b/vars/main.yml
index 3808477..d219392 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-# vars file for ansible-role-template
\ No newline at end of file
+trusted_ca_letsencrypt_install: True