Update certificate issuance to group together related certificates

We now can use CSV values to group different (but related) SANs into one issued certificate. As an example, when it was migrated in #402, certificates were configured in such a way that certbot attempted to issue one certificate for pydis.wtf and another for *.pydis.wtf, which is obviously not desirable. This restores previous behaviour to group together certificates served from the same NGINX vhost, using some Ansible filters to ensure the `creates` option of the task matches the certbot generated directory.
author: Joe Banks <[email protected]> 2024-07-23 00:08:00 +0100
committer: Joe Banks <[email protected]> 2024-07-23 00:08:00 +0100
commit: 1b0894b584e53870b507554a16b051d16cc4b470 (patch)
tree: 3e99128a7e843c18c7916d78231296e81b7054d1 /ansible/host_vars/lovelace
parent: Remove deployments on turing (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ansible/host_vars/lovelace/nginx.yml b/ansible/host_vars/lovelace/nginx.yml
index 8d1080a..3c76955 100644
--- a/ansible/host_vars/lovelace/nginx.yml
+++ b/ansible/host_vars/lovelace/nginx.yml
@@ -31,6 +31,9 @@ nginx_configs:
       server_name files.pydis.wtf cloud.native.is.fun.and.easy.pydis.wtf;
       root        /var/www/files.pydis.wtf;
 
+      ssl_certificate         /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
+      ssl_certificate_key     /etc/letsencrypt/live/pydis.wtf/privkey.pem;
+
       location / {
         try_files $uri $uri/ =404;
       }
author	Joe Banks <[email protected]>	2024-07-23 00:08:00 +0100
committer	Joe Banks <[email protected]>	2024-07-23 00:08:00 +0100
commit	1b0894b584e53870b507554a16b051d16cc4b470 (patch)
tree	3e99128a7e843c18c7916d78231296e81b7054d1 /ansible/host_vars/lovelace
parent	Remove deployments on turing (diff)