library/roles/openvpn, library/roles/ubuntu-deb-general: The CA file that contains both the letsencrypt full chain and the INFN ca is now installed by the ubuntu-deb-general role.

openvpn/tasks/openvpn.yml

@@ -52,11 +52,6 @@
     creates: '{{ openvpn_conf_dir }}/ta.key'
   tags: openvpn
 
-- name: Install the alternate CA file
-  copy: src=ca.pem dest={{ openvpn_conf_dir }}/{{ openvpn_alternative_ca_name }}
-  when: openvpn_install_alternative_ca
-  tags: openvpn
-
 - name: Ensure that the OpenVPN service is enabled and running
   service: name=openvpn state=started enabled=yes
   when: openvpn_enabled

ubuntu-deb-general/tasks/install_external_ca_cert.yml

@@ -6,3 +6,6 @@
   notify: Update the CA bundle list
   tags: ca
 
+- name: Install a CA file that contains both the letsencrypt complete chain and the INFN CA certs
+  copy: src=infn-letsencrypt-ca.crt dest={{ pki_dir }}/infn-letsencrypt-ca.crt
+  tags: ca

ubuntu-deb-general/tasks/pki-basics.yml

@@ -25,9 +25,6 @@
     - letsencrypt_acme_user_home is defined
   tags: [ 'pki', 'ssl', 'letsencrypt' ]
 
-# 20160506121714 [WARN] fdb: "keys/fakeselfsignedcert" has wrong mode -rwxr-xr-x, changing to -rwx------
-# 20160506121714 [WARN] fdb: "keys/fakeselfsignedcert/privkey" has wrong mode -rw-r--r--, changing to -rw-------
-
 - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the certificate and private key
   command: openssl req -x509 -newkey rsa:2048 -keyout {{ letsencrypt_acme_user_home }}/keys/fakeselfsignedcert/privkey -out {{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/cert -days 10 -nodes -subj '/CN=self signed certificate'
   args: