diff --git a/puppet/modules/web/manifests/init.pp b/puppet/modules/web/manifests/init.pp index 1ca76708b..f8298b962 100644 --- a/puppet/modules/web/manifests/init.pp +++ b/puppet/modules/web/manifests/init.pp @@ -15,37 +15,6 @@ letsencrypt => $https, } - if $https { - $letsencypt_domain = 'theforeman.org' - - letsencrypt::certonly { $letsencypt_domain: - plugin => 'webroot', - # domain / webroot_paths must match exactly - domains => [ - 'theforeman.org', - 'archivedeb.theforeman.org', - 'deb.theforeman.org', - 'debugs.theforeman.org', - 'downloads.theforeman.org', - 'stagingdeb.theforeman.org', - 'www.theforeman.org', - 'yum.theforeman.org', - 'stagingyum.theforeman.org', - ], - webroot_paths => [ - '/var/www/vhosts/web/htdocs', - '/var/www/vhosts/archivedeb/htdocs', - '/var/www/vhosts/deb/htdocs', - '/var/www/vhosts/debugs/htdocs', - '/var/www/vhosts/downloads/htdocs', - '/var/www/vhosts/stagingdeb/htdocs', - '/var/www/vhosts/web/htdocs', - '/var/www/vhosts/yum/htdocs', - '/var/www/vhosts/stagingyum/htdocs', - ], - } - } - if $facts['os']['selinux']['enabled'] { include selinux diff --git a/puppet/modules/web/manifests/vhost.pp b/puppet/modules/web/manifests/vhost.pp index 7ba173b9e..e2ade8eca 100644 --- a/puppet/modules/web/manifests/vhost.pp +++ b/puppet/modules/web/manifests/vhost.pp @@ -52,6 +52,13 @@ } if $web::https { + letsencrypt::certonly { $servername: + plugin => 'webroot', + # domain / webroot_paths must match exactly + domains => [$servername] + $serveraliases, + webroot_paths => [$docroot] + ([$docroot] * $serveraliases.lenth), + } + apache::vhost { "${title}-https": servername => $servername, serveraliases => $serveraliases, @@ -62,10 +69,10 @@ docroot_mode => $docroot_mode, port => 443, ssl => true, - ssl_cert => "${letsencrypt::config_dir}/live/${web::letsencypt_domain}/cert.pem", - ssl_chain => "${letsencrypt::config_dir}/live/${web::letsencypt_domain}/chain.pem", - ssl_key => "${letsencrypt::config_dir}/live/${web::letsencypt_domain}/privkey.pem", - require => Letsencrypt::Certonly[$web::letsencypt_domain], + ssl_cert => "${letsencrypt::config_dir}/live/${servername}/cert.pem", + ssl_chain => "${letsencrypt::config_dir}/live/${servername}/chain.pem", + ssl_key => "${letsencrypt::config_dir}/live/${servername}/privkey.pem", + require => Letsencrypt::Certonly[$servername], * => $attrs, } }