Revert "wildcard-2022.fedoraproject.org cert"

This reverts commit 57f0d4fdb6. For an anoying reason, armv7 image builds come up with the time as 10 days ago, which makes this cert invalid. So, move back to the old cert for a week or so and then switch to the new one again. ;(
2026-03-20 03:57:02 +08:00 · 2022-01-31 12:39:49 -08:00
parent 99479542bd
commit 4430178b29
7 changed files with 13 additions and 17 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -254,10 +254,10 @@ virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --
 vpn: False
 # This is the wildcard certname for our proxies.  It has a different name for
 # the staging group and is used in the proxies.yml playbook.
-wildcard_cert_name: wildcard-2022.fedoraproject.org
-wildcard_crt_file: wildcard-2022.fedoraproject.org.cert
-wildcard_int_file: wildcard-2022.fedoraproject.org.intermediate.cert
-wildcard_key_file: wildcard-2022.fedoraproject.org.key
+wildcard_cert_name: wildcard-2020.fedoraproject.org
+wildcard_crt_file: wildcard-2020.fedoraproject.org.cert
+wildcard_int_file: wildcard-2020.fedoraproject.org.intermediate.cert
+wildcard_key_file: wildcard-2020.fedoraproject.org.key
 #
 # say if we want the apache role dependency for mod_wsgi or not
 # In some cases we want mod_wsgi and no apache (for python3 httpaio stuff)
--- a/playbooks/include/proxies-certificates.yml
+++ b/playbooks/include/proxies-certificates.yml
@@ -19,10 +19,6 @@
    certname: wildcard-2020.fedoraproject.org
    SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert

-  - role: httpd/certificate
-    certname: wildcard-2022.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2022.fedoraproject.org.intermediate.cert
-
  - role: httpd/certificate
    certname: wildcard-2020.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2020.id.fedoraproject.org.intermediate.cert
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -918,7 +918,7 @@
  - role: httpd/website
    site_name: nagios.fedoraproject.org
    server_aliases: [nagios.stg.fedoraproject.org]
-    SSLCertificateChainFile: wildcard-2022.fedoraproject.org.intermediate.cert
+    SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"

--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -56,13 +56,13 @@
  - selinux

 - name: Copy wildcard cert from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2022.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2022.fedoraproject.org.cert owner=root group=root mode=0644
+  copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.cert owner=root group=root mode=0644

 - name: Copy wildcard key from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2022.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2022.fedoraproject.org.key owner=root group=root mode=0600
+  copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2020.fedoraproject.org.key owner=root group=root mode=0600

 - name: Copy intermediate wildcard cert from puppet private
-  copy: src="{{private}}/files/httpd/wildcard-2022.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2022.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
+  copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.intermediate.cert owner=root group=root mode=0644

 - name: Configure httpd dl main conf
  template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
--- a/roles/fedmsg/gateway/slave/tasks/main.yml
+++ b/roles/fedmsg/gateway/slave/tasks/main.yml
@@ -98,8 +98,8 @@

 - name: put our combined cert in place
  copy: >
-    src={{private}}/files/httpd/wildcard-2022.fedoraproject.org.combined.cert
-    dest=/etc/pki/tls/certs/wildcard-2022.fedoraproject.org.combined.cert
+    src={{private}}/files/httpd/wildcard-2020.fedoraproject.org.combined.cert
+    dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert
    owner=root group=root mode=0644
  notify: restart stunnel
  tags:
--- a/roles/fedmsg/gateway/slave/templates/stunnel-conf.j2
+++ b/roles/fedmsg/gateway/slave/templates/stunnel-conf.j2
@@ -1,5 +1,5 @@
-cert = /etc/pki/tls/certs/wildcard-2022.fedoraproject.org.combined.cert
-key = /etc/pki/tls/private/wildcard-2022.fedoraproject.org.key
+cert = /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert
+key = /etc/pki/tls/private/wildcard-2020.fedoraproject.org.key
 pid = /var/run/stunnel.pid

 [{{ stunnel_service }}]
--- a/roles/httpd/website/defaults/main.yml
+++ b/roles/httpd/website/defaults/main.yml
@@ -8,7 +8,7 @@ server_admin: webmaster@fedoraproject.org
 certbot: false
 ssl: true
 sslonly: false
-SSLCertificateChainFile: wildcard-2022.fedoraproject.org.intermediate.cert
+SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert
 gzip: false
 stssubdomains: true
 # set to true to enable the proxy to redirect the http01 challenge