Fix the letsencrypt defaults.

2021-10-09 17:21:53 +02:00 · 2021-10-09 17:21:53 +02:00 · 7b2a0a1b1e
parent 974c435e20
commit 7b2a0a1b1e
1 changed files with 3 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -120,8 +120,9 @@ psql_force_ssl_client_connection: False
 postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
 psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
-psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
-psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
+psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
+# In CentOS/RHEL is /etc/pki/tls/cert.pem
+psql_ssl_ca_file: '/etc/ssl/certs/ca-certificates.crt'
 psql_conf_ssl_parameters: 
  - { name: 'ssl', value: 'true' }
  - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }