Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 yıl önce
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 yıl önce
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 yıl önce
Tomas Bedrich
e08acd2deb
Simplified LE renew script
8 yıl önce
Carl Meyer
60855eda70
Fix typo in fail2ban config for dovecot.
8 yıl önce
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 yıl önce
Mike Ashley
4a33ebecdc
Add non-interactive to LE client options
Depending on when the client is run, there are no certificates to
update. By default, the client runs in interactive mode and wants to
notify the user of this. This causes Ansible to hang waiting for an
acknowledgement that will never come. Adding the non-interactive flag
fixes this.
8 yıl önce
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 yıl önce
Carl Meyer
579afa68d3
Add comment into letsencrypt-gencert script clarifying why we stop Apache.
8 yıl önce
Carl Meyer
0abf92734e
Don't stop Apache until we have to; start it again right after.
8 yıl önce
Carl Meyer
a636a43948
Don't try to execute any non-executable file in LE postrenew dir.
8 yıl önce
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 yıl önce
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 yıl önce
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 yıl önce
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 yıl önce
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 yıl önce
nodiscc
d876c87e21
bash syntax cleanup
as per discussion in https://github.com/sovereign/sovereign/pull/504
8 yıl önce
Carl Meyer
b93deb9411
Remove stray + prefix in sudoers file.
8 yıl önce
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 yıl önce
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 yıl önce
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 yıl önce
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 yıl önce
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 yıl önce
Mike Ashley
2ad6f78e45
Address incomplete chain error
Fix Apache's configuration for version 2.4.8 and above. See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903
8 yıl önce
Mike Ashley
58e9e7a445
Add a short introduction to Let's Encrypt
8 yıl önce
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 yıl önce
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 yıl önce
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
8 yıl önce
Mike Ashley
65729d12f8
Update xmpp role for LE certificate
9 yıl önce
Mike Ashley
7bb523950e
Draft design description for Let's Encrypt support
9 yıl önce
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 yıl önce
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 yıl önce
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 yıl önce
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 yıl önce
fengor
e63661f982
Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
see: http://undeadly.org/cgi?action=article&sid= 2016011414
8 yıl önce
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
9 yıl önce
Dan Milon
829c8491c7
restart apache on SSL changes
9 yıl önce
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 yıl önce
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 yıl önce
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 yıl önce
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 yıl önce
Alex Payne
0579cf1ba9
Use same Apache server name configuration across distros
9 yıl önce
Alex Payne
290a3b4312
Remove wheezy-specific Apache SSL config omission
9 yıl önce
Alex Payne
474c1d5f92
No longer need `fuse` group in Jessie.
9 yıl önce
Alex Payne
6906412f63
Remove wheezy-specific ufw task.
9 yıl önce
Alex Payne
6d1eebb9d2
Use Ansible task names, not comments.
9 yıl önce
Alex Payne
c9b32cd2e2
Same Google auth install should work for both Jessie and Trusty.
Move Apache task to their own file.
9 yıl önce
Alex Payne
006f8e9b82
Just plain Ruby
9 yıl önce
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
9 yıl önce
Laurent Arnoud
311fae7e11
Trailing whitespace
9 yıl önce