I just did this to stop Ansible from overwriting my changes. Revert my commit whenever the certificate is renewed/replaced.
diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index d6f296fe54..0b620115f8 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -21,11 +21,11 @@
- packages
- people
-- name: install main httpd config
- template: src="" dest=/etc/httpd/conf.d/people.conf
- tags:
- - people
- - sslciphers
+#- name: install main httpd config
+# template: src="" dest=/etc/httpd/conf.d/people.conf
+# tags:
+# - people
+# - sslciphers
- name: install httpd config
copy: src="" dest=/etc/httpd/conf.d/{{item}}
index d6f296fe54..0b620115f8 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -21,11 +21,11 @@
- packages
- people
-- name: install main httpd config
- template: src="" dest=/etc/httpd/conf.d/people.conf
- tags:
- - people
- - sslciphers
+#- name: install main httpd config
+# template: src="" dest=/etc/httpd/conf.d/people.conf
+# tags:
+# - people
+# - sslciphers
- name: install httpd config
copy: src="" dest=/etc/httpd/conf.d/{{item}}
On Fri, Oct 7, 2022 at 1:38 PM Nick Bebout <nick@xxxxxxxxxx> wrote:
I don't think we can (easily) make it keep renewing the Let's Encrypt cert, as LE requires DNS validation for wildcard certs. I did the validation manually. I could probably patch Ansible to not overwrite my config changes, if we want to go that route.On Fri, Oct 7, 2022 at 10:39 AM Stephen Smoogen <ssmoogen@xxxxxxxxxx> wrote:_______________________________________________On Fri, 7 Oct 2022 at 11:28, Nick Bebout <nick@xxxxxxxxxx> wrote:fedorapeople.org's wildcard SSL cert expired. I generated a Let's Encrypt wildcard cert using a DNS challenge and copied that to fedorapeople and edited the /etc/httpd/conf.d/people.conf file to point to the LE cert. I did this as an emergency fix to get the web server accessible again. I did not change anything in Ansible for this emergency fix.Hopefully no one will run the people playbook before the regular cert gets renewed, or my changes will be overwritten.OK. Thanks for doing this. What would it take to make this permanent on the server?+1_______________________________________________I think I need to ask for 2 (after the fact) +1's.nb
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--Stephen Smoogen, Red Hat AutomotiveLet us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
