Run certbot using the binary provided by the Ubuntu PPA

2019-03-14 10:52:44 +01:00 · 2019-03-14 10:52:44 +01:00 · 36e046ea73
commit 36e046ea73
parent fa27187f11
9 changed files with 9 additions and 25 deletions
--- a/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
+++ b/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
@ -143,8 +143,7 @@ end
 unless node.chef_environment == "development"
  execute "letsencrypt cert for #{express_domain}" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
  end
--- a/site-cookbooks/5apps-xmpp_server/recipes/letsencrypt.rb
+++ b/site-cookbooks/5apps-xmpp_server/recipes/letsencrypt.rb
@ -12,8 +12,7 @@ end
 # Generate a Let's Encrypt cert (only if no cert has been generated before).
 # The renew cron will take care of renewing
 execute "letsencrypt cert for 5apps xmpp" do
-  command "./certbot-auto certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/letsencrypt_hook.sh auth\" --manual-cleanup-hook \"/root/letsencrypt_hook.sh cleanup\" --deploy-hook letsencrypt_renew_hook --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
+  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/letsencrypt_hook.sh auth\" --manual-cleanup-hook \"/root/letsencrypt_hook.sh cleanup\" --deploy-hook letsencrypt_renew_hook --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
  cwd "/usr/local/certbot"
  not_if do
    File.exist?("/etc/prosody/certs/5apps.com.crt")
  end
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@ -122,8 +122,7 @@ unless node.chef_environment == "development"
  # reloaded after adding the vhost or sth, because it does work on the second
  # run.
  execute "letsencrypt cert for #{express_domain}" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
  end
--- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
@ -52,8 +52,7 @@ unless node.chef_environment == "development"
  # Generate a Let's Encrypt cert (only if the nginx vhost exists and no cert
  # has been generated before. The renew cron will take care of renewing
  execute "letsencrypt cert for ipfs.kosmos.org" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d ipfs.kosmos.org -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d ipfs.kosmos.org -n"
    cwd "/usr/local/certbot"
    only_if do
      File.exist?("#{node['nginx']['dir']}/sites-enabled/ipfs.kosmos.org") &&
        !File.exist?("/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem")
--- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
@ -39,8 +39,7 @@ end
 unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  execute "letsencrypt cert for #{server_name}" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/mastodon -d #{server_name} -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/mastodon -d #{server_name} -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/#{server_name}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/mastodon]", :immediately
  end
--- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb
+++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
@ -63,15 +63,7 @@ unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  execute "letsencrypt cert for wiki.kosmos.org" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['mediawiki']['docroot_dir']} -d wiki.kosmos.org -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['mediawiki']['docroot_dir']} -d wiki.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/wiki.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end
  execute "letsencrypt cert for wiki.kosmos.org" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node["mediawiki"]["docroot_dir"]} -d wiki.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/wiki.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end
--- a/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
@ -33,8 +33,7 @@ nginx_site "#{hostname}" do
 end
 execute "letsencrypt cert for #{hostname}" do
-  command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
+  command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
  cwd "/usr/local/certbot"
  not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
  notifies :reload, "service[nginx]", :delayed
 end
--- a/site-cookbooks/kosmos-wordpress/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-wordpress/recipes/nginx.rb
@ -38,8 +38,7 @@ unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  execute "letsencrypt cert for blog.kosmos.org" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['wordpress']['dir']} -d blog.kosmos.org -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['wordpress']['dir']} -d blog.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end
--- a/site-cookbooks/sockethub/recipes/proxy.rb
+++ b/site-cookbooks/sockethub/recipes/proxy.rb
@ -43,8 +43,7 @@ unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  execute "letsencrypt cert for sockethub.kosmos.org" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/sockethub -d sockethub.kosmos.org -n"
+    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/sockethub -d sockethub.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/sockethub.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end