IPA server: Fix the letsencrypt acme hook and the letsencrypt proxy entry for the httpd server.
This commit is contained in:
parent
54155b9672
commit
6043de35f4
|
@ -2,6 +2,12 @@
|
|||
- block:
|
||||
- name: Install the apache letsencrypt directives on trusty
|
||||
template: src=letsencrypt-proxy.conf.j2 dest=/etc/apache2/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
notify: httpd reload
|
||||
|
||||
- name: Install the apache letsencrypt directives on CentOS
|
||||
template: src=letsencrypt-proxy.conf.j2 dest=/etc/httpd/conf.d/letsencrypt-proxy.conf owner=root group=root mode=0644
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
notify: httpd reload
|
||||
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
|
|
|
@ -18,7 +18,7 @@ krb_realm=$( grep realm /etc/ipa/default.conf | awk '{ print $3 }' )
|
|||
/bin/cp -f "$LE_CERTS_DIR/fullchain" /etc/pki/ipa/cert.pem
|
||||
/bin/cp -f "$LE_CERTS_DIR/privkey" /etc/pki/ipa/cert-key.pem
|
||||
|
||||
ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p ''
|
||||
ipa-server-certinstall -w -d /etc/pki/ipa/cert.pem /etc/pki/ipa/cert-key.pem --pin='' -p '{{ ipa_manager_password }}'
|
||||
systemctl reload httpd
|
||||
systemctl restart "dirsrv@${krb_realm//./-}.service"
|
||||
|
||||
|
|
Loading…
Reference in New Issue