diff options
| -rw-r--r-- | roles/dnsserver/tasks/crt.yml | 2 | ||||
| -rw-r--r-- | roles/mtaserver/tasks/crt.yml | 4 | ||||
| -rw-r--r-- | roles/mtaserver/templates/10-ssl.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/proxy/tasks/crt.yml | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/roles/dnsserver/tasks/crt.yml b/roles/dnsserver/tasks/crt.yml index 8adde34..66b003b 100644 --- a/roles/dnsserver/tasks/crt.yml +++ b/roles/dnsserver/tasks/crt.yml @@ -81,7 +81,7 @@ # distant. Basé sur les symlink de rétrocompat. # essayer de faire passer en args une variable pour crtversion et pour maindomain - name: Mise à jour du fichier fullchain.pem - shell: cat /etc/pki/tls/certs/casperlefantom.1.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.fullchain.crt + shell: cat /etc/pki/tls/certs/casperlefantom.1.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.fullchain.crt args: executable: /usr/bin/zsh when: crtupdate is changed diff --git a/roles/mtaserver/tasks/crt.yml b/roles/mtaserver/tasks/crt.yml index 468bfae..8aec7d5 100644 --- a/roles/mtaserver/tasks/crt.yml +++ b/roles/mtaserver/tasks/crt.yml @@ -35,7 +35,7 @@ # distant. # essayer de faire passer en args une variable pour basedomain - name: Mise à jour du fichier fullchain.pem - shell: cat /etc/pki/tls/certs/casperlefantom.net.postfix.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.postfix.fullchain.crt + shell: cat /etc/pki/tls/certs/casperlefantom.net.postfix.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.postfix.fullchain.crt args: executable: /usr/bin/zsh when: mtadomain is defined @@ -80,7 +80,7 @@ # distant. # essayer de faire passer en args une variable pour basedomain - name: Mise à jour du fichier fullchain.pem - shell: cat /etc/pki/tls/certs/casperlefantom.net.dovecot.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.dovecot.fullchain.crt + shell: cat /etc/pki/tls/certs/casperlefantom.net.dovecot.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.dovecot.fullchain.crt args: executable: /usr/bin/zsh when: mtadomain is defined diff --git a/roles/mtaserver/templates/10-ssl.conf.j2 b/roles/mtaserver/templates/10-ssl.conf.j2 index 8d81e7f..fedc92b 100644 --- a/roles/mtaserver/templates/10-ssl.conf.j2 +++ b/roles/mtaserver/templates/10-ssl.conf.j2 @@ -24,7 +24,7 @@ ssl_key = </etc/pki/tls/private/{{ mtadomain.0 }}.dovecot.key # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem) #ssl_ca = -ssl_ca = /etc/pki/ca-trust/source/anchors/root.pem +ssl_ca = /etc/pki/tls/certs/mon-ca.crt # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes diff --git a/roles/proxy/tasks/crt.yml b/roles/proxy/tasks/crt.yml index 61071d3..03d6767 100644 --- a/roles/proxy/tasks/crt.yml +++ b/roles/proxy/tasks/crt.yml @@ -32,7 +32,7 @@ # distant. # essayer de faire passer en args une variable pour basedomain - name: Mise à jour du fichier fullchain.pem - shell: cat /etc/pki/tls/certs/casperlefantom.net.squid.crt /etc/pki/ca-trust/source/anchors/root.pem > /etc/pki/tls/certs/casperlefantom.net.squid.fullchain.crt + shell: cat /etc/pki/tls/certs/casperlefantom.net.squid.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/casperlefantom.net.squid.fullchain.crt args: executable: /usr/bin/zsh tags: keys |