From 6386509d3b800cdaf35c80d94dff9c17598a0dec Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 19 May 2017 19:54:12 +0200
Subject: [PATCH] Add Let's Encrypt domains in the squid's whitelist

---
 evoacme/tasks/certbot.yml           | 10 +++++++++-
 squid/files/whitelist-evolinux.conf |  6 ++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index dbb40f1b..c7f3ab1b 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -64,7 +64,15 @@
 - name: Let's Encrypt OCSP server is authorized by squid
   lineinfile:
     dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
-    line: "http://ocsp.int-x3.letsencrypt.org/.*"
+    line: "{{ item }}"
     state: present
   notify: reload squid3
+  with-items:
+  - "http://acme-staging.api.letsencrypt.org/.*"
+  - "http://ocsp.int-x1.letsencrypt.org/.*"
+  - "http://ocsp.int-x2.letsencrypt.org/.*"
+  - "http://ocsp.int-x3.letsencrypt.org/.*"
+  - "http://ocsp.int-x4.letsencrypt.org/.*"
+  - "http://ocsp.root-x1.letsencrypt.org/.*"
+  - "http://ocsp.staging-x1.letsencrypt.org/.*"
   when: squid3_whitelist_files.stdout != ""
diff --git a/squid/files/whitelist-evolinux.conf b/squid/files/whitelist-evolinux.conf
index eb0dfd27..3dac82c7 100644
--- a/squid/files/whitelist-evolinux.conf
+++ b/squid/files/whitelist-evolinux.conf
@@ -11,7 +11,13 @@ http://.*sa-update.*
 http://pear.php.net/.*
 
 # Let's Encrypt
+http://acme-staging.api.letsencrypt.org/.*
+http://ocsp.int-x1.letsencrypt.org/.*
+http://ocsp.int-x2.letsencrypt.org/.*
 http://ocsp.int-x3.letsencrypt.org/.*
+http://ocsp.int-x4.letsencrypt.org/.*
+http://ocsp.root-x1.letsencrypt.org/.*
+http://ocsp.staging-x1.letsencrypt.org/.*
 
 ### CMS / Wordpress / Drupal / ...
 # Wordpress