I just did this to stop Ansible from overwriting my changes. Revert my
commit whenever the certificate is renewed/replaced.
diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index d6f296fe54..0b620115f8 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -21,11 +21,11 @@
- packages
- people
-- name: install main httpd config
- template: src=people.conf dest=/etc/httpd/conf.d/people.conf
- tags:
- - people
- - sslciphers
+#- name: install main httpd config
+# template: src=people.conf dest=/etc/httpd/conf.d/people.conf
+# tags:
+# - people
+# - sslciphers
- name: install httpd config
copy: src={{item}} dest=/etc/httpd/conf.d/{{item}}
On Fri, Oct 7, 2022 at 1:38 PM Nick Bebout <nick(a)bebout.net> wrote:
I don't think we can (easily) make it keep renewing the Let's
Encrypt
cert, as LE requires DNS validation for wildcard certs. I did the
validation manually. I could probably patch Ansible to not overwrite my
config changes, if we want to go that route.
On Fri, Oct 7, 2022 at 10:39 AM Stephen Smoogen <ssmoogen(a)redhat.com>
wrote:
>
>
> On Fri, 7 Oct 2022 at 11:28, Nick Bebout <nick(a)bebout.net> wrote:
>
>> fedorapeople.org's wildcard SSL cert expired. I generated a Let's
>> Encrypt wildcard cert using a DNS challenge and copied that to fedorapeople
>> and edited the /etc/httpd/conf.d/people.conf file to point to the LE cert.
>> I did this as an emergency fix to get the web server accessible again. I
>> did not change anything in Ansible for this emergency fix.
>>
>> Hopefully no one will run the people playbook before the regular cert
>> gets renewed, or my changes will be overwritten.
>>
>>
> OK. Thanks for doing this. What would it take to make this permanent on
> the server?
> +1
>
>
>
>> I think I need to ask for 2 (after the fact) +1's.
>>
>> nb
>> _______________________________________________
>> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
>> To unsubscribe send an email to
>> infrastructure-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>> Do not reply to spam, report it:
>>
https://pagure.io/fedora-infrastructure/new_issue
>>
>
>
> --
> Stephen Smoogen, Red Hat Automotive
> Let us be kind to one another, for most of us are fighting a hard battle.
> -- Ian MacClaren
> _______________________________________________
> infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
> Do not reply to spam, report it:
>
https://pagure.io/fedora-infrastructure/new_issue
>