evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Let's Encrypt has many subdomains, let's whitelist them all

Browse source
This commit is contained in:
Jérémy Lecour 2017-05-19 21:35:51 +02:00 committed by Jérémy Lecour
parent 6386509d3b
commit 6eb71daead
2 changed files with 2 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
evoacme/tasks/certbot.yml
View file

@ -64,15 +64,7 @@
- name: Let's Encrypt OCSP server is authorized by squid
lineinfile:
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
line: "{{ item }}"
line: "http://.*.letsencrypt.org/.*"
state: present
notify: reload squid3
with-items:
- "http://acme-staging.api.letsencrypt.org/.*"
- "http://ocsp.int-x1.letsencrypt.org/.*"
- "http://ocsp.int-x2.letsencrypt.org/.*"
- "http://ocsp.int-x3.letsencrypt.org/.*"
- "http://ocsp.int-x4.letsencrypt.org/.*"
- "http://ocsp.root-x1.letsencrypt.org/.*"
- "http://ocsp.staging-x1.letsencrypt.org/.*"
when: squid3_whitelist_files.stdout != ""

8
squid/files/whitelist-evolinux.conf
View file

@ -11,13 +11,7 @@ http://.*sa-update.*
http://pear.php.net/.*
# Let's Encrypt
http://acme-staging.api.letsencrypt.org/.*
http://ocsp.int-x1.letsencrypt.org/.*
http://ocsp.int-x2.letsencrypt.org/.*
http://ocsp.int-x3.letsencrypt.org/.*
http://ocsp.int-x4.letsencrypt.org/.*
http://ocsp.root-x1.letsencrypt.org/.*
http://ocsp.staging-x1.letsencrypt.org/.*
http://.*.letsencrypt.org/.*
### CMS / Wordpress / Drupal / ...
# Wordpress