websites/pyrocufflink: Switch to mod_md for cert

The _pyrocufflink.net_ site now obtains its certificate from Let's Encrypt using the Apache _mod_md_ (managed domain) module. This dramatically simplifies the deployment of this certificate, eliminating the need for _cert-manager_ to obtain it, _cert-exporter_ to add it to _certs.git_, and Jenkins to push it out to the web server.
2025-09-03 08:46:49 -05:00 · 2025-09-03 08:46:49 -05:00 · 8e8c109bf6
parent 29cdafac2a
commit 8e8c109bf6
4 changed files with 1 additions and 13 deletions
--- a/certs/websites/pyrocufflink.net.cer
+++ b/certs/websites/pyrocufflink.net.cer
@ -1 +0,0 @@
-../lego/_.pyrocufflink.net.crt
--- a/certs/websites/pyrocufflink.net.key
+++ b/certs/websites/pyrocufflink.net.key
@ -1 +0,0 @@
-../lego/_.pyrocufflink.net.key
--- a/roles/websites/pyrocufflink.net/meta/main.yml
+++ b/roles/websites/pyrocufflink.net/meta/main.yml
@ -1,9 +0,0 @@
-dependencies:
- role: cert
-  vars:
-    cert_src: websites/pyrocufflink.net.cer
-    cert_dest: /etc/pki/tls/certs/pyrocufflink.net.cer
-    cert_key_src: websites/pyrocufflink.net.key
-    cert_key_dest: /etc/pki/tls/private/pyrocufflink.net.key
-  tags:
-  - websites/pyrocufflink.net
--- a/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
+++ b/roles/websites/pyrocufflink.net/templates/pyrocufflink.httpd.conf.j2
@ -1,4 +1,5 @@
 # vim: set sw=4 ts=4 sts=4 et :
+MDomain pyrocufflink.net

 <VirtualHost _default_:80>
    ServerName pyrocufflink.net
@ -11,8 +12,6 @@
 <VirtualHost _default_:443>
    ServerName pyrocufflink.net
    Include conf.d/ssl.include
-    SSLCertificateFile /etc/pki/tls/certs/pyrocufflink.net.cer
-    SSLCertificateKeyFile /etc/pki/tls/private/pyrocufflink.net.key

    ProxyRequests Off
    RewriteEngine On