From 33a47eb4a908163cb5aa98d3876b8da5bad1607e Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Jan 13 2018 10:42:11 +0000
Subject: Fix Hubs SSL config for letsencrypt


---

diff --git a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
index 59a94a9..6c2215e 100644
--- a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
@@ -76,11 +76,3 @@
     - hubs-triage@4
     - hubs-worker@3
     - hubs-worker@4
-
-  - name: install python2-certbot-nginx
-    dnf: name=python2-certbot-nginx state=present
-
-  - name: get the letencrypt cert
-    command: certbot certonly -n --nginx -d {{ ansible_fqdn }}
-    args:
-      creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
diff --git a/roles/hubs/tasks/webserver.yml b/roles/hubs/tasks/webserver.yml
index 3359739..2ef0483 100644
--- a/roles/hubs/tasks/webserver.yml
+++ b/roles/hubs/tasks/webserver.yml
@@ -8,17 +8,6 @@
     - libsemanage-python
 
 
-- name: Generate SSL certificate and key
-  shell:
-    echo -e "--\nSomeState\nSomeCity\nSomeOrganization\nSomeOrganizationalUnit\nlocalhost.localdomain\nroot@localhost.localdomain"
-    | openssl req -utf8 -newkey rsa:2048
-    -keyout /etc/pki/tls/private/localhost.key
-    -nodes -x509 -days 365
-    -out /etc/pki/tls/certs/localhost.crt
-  args:
-    creates: /etc/pki/tls/certs/localhost.crt
-
-
 - name: Gunicorn logging configuration
   copy:
     src: logging.ini
@@ -48,6 +37,17 @@
     - restart nginx
 
 
+- name: install python2-certbot-nginx
+  dnf: name=python2-certbot-nginx state=present
+
+- name: get the letencrypt cert
+  command: certbot certonly -n --nginx -d {{ ansible_fqdn }}
+  args:
+    creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
+  notify:
+    - restart nginx
+
+
 - name: Nginx proxy configuration
   copy:
     src: "{{ item }}"