Change webmail cert path to client path and add symlink on server.

So webmail can be moved between servers if necessary.
2023-03-09 16:58:46 +00:00 · 2023-03-09 16:58:46 +00:00 · f7639c230a
parent 8efa0b29d6
commit f7639c230a
2 changed files with 7 additions and 2 deletions
--- a/states/certificates/init.sls
+++ b/states/certificates/init.sls
@ -51,3 +51,8 @@ server_key:
  ssh_auth.present:
    - user: root
    - source: salt://certificates/certificates_id_ed25519.pub
+
+server_client_certificate_location:
+  file.symlink:
+    - name: /var/local/certificates
+    - target: /var/lib/dehydrated/certs
--- a/states/webmail/webmail.lunch.org.uk.conf
+++ b/states/webmail/webmail.lunch.org.uk.conf
@ -54,8 +54,8 @@
        </Directory>

 	SSLEngine on
-	SSLCertificateFile /var/lib/dehydrated/certs/mail.lunch.org.uk/fullchain.pem
-	SSLCertificateKeyFile /var/lib/dehydrated/certs/mail.lunch.org.uk/privkey.pem
+	SSLCertificateFile /var/local/certificates/mail.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/mail.lunch.org.uk/privkey.pem
 </VirtualHost>

 </IfModule>