From 150f53ecb0d8454ce5fe4ca2c67664a9b004551e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Oct 14 2020 19:38:24 +0000
Subject: Freeze Break Request: Update openshift ssl certs


These certs are used for *.app.os.fedoraproject.org.
ie, things that don't also have/use a fedoraproject.org route.
THis includes the console and some apps that just never bothered to make
a fedoraproject route.

Fixes 9162

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

---

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index ad220bd..166306b 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -254,10 +254,10 @@ wildcard_key_file: wildcard-2020.fedoraproject.org.key
 wildcard_int_file: wildcard-2020.fedoraproject.org.intermediate.cert
 
 # This is the openshift wildcard cert. Until it exists set it equal to wildcard
-os_wildcard_cert_name: wildcard-2017.app.os.fedoraproject.org
-os_wildcard_crt_file: wildcard-2017.app.os.fedoraproject.org.cert
-os_wildcard_key_file: wildcard-2017.app.os.fedoraproject.org.key
-os_wildcard_int_file: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
+os_wildcard_cert_name: wildcard-2020.app.os.fedoraproject.org
+os_wildcard_crt_file: wildcard-2020.app.os.fedoraproject.org.cert
+os_wildcard_key_file: wildcard-2020.app.os.fedoraproject.org.key
+os_wildcard_int_file: wildcard-2020.app.os.fedoraproject.org.intermediate.cert
 
 # Everywhere, always, we should sign messages and validate signatures.
 # However, we allow individual hosts and groups to override this.  Use this very
diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml
index 79a329c..5042b90 100644
--- a/playbooks/include/proxies-certificates.yml
+++ b/playbooks/include/proxies-certificates.yml
@@ -36,8 +36,8 @@
     - app.os.fedoraproject.org
 
   - role: httpd/certificate
-    certname: wildcard-2017.app.os.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
+    certname: wildcard-2020.app.os.fedoraproject.org
+    SSLCertificateChainFile: wildcard-2020.app.os.fedoraproject.org.intermediate.cert
     tags:
     - app.os.fedoraproject.org