letsencrypt now generates certificates that include the chain

[ansible.git] / roles / apache / templates / ssl.conf

diff --git a/roles/apache/templates/ssl.conf b/roles/apache/templates/ssl.conf
index bb807463db16fb510516f38a22d29ba4787b69ed..fd99e1f99e827983e861ae473377b6993cd2f182 100644 (file)
--- a/roles/apache/templates/ssl.conf
+++ b/roles/apache/templates/ssl.conf
@@ -33,8 +33,11 @@
     SSLCipherSuite 'kEECDH+AESGCM:kEDH+AESGCM:kEECDH:kEDH:AESGCM:ALL:!3DES:!EXPORT:!LOW:!MEDIUM:!aNULL:!eNULL'
     SSLHonorCipherOrder     on
 
-    #   Certificate, DH parameters and key
-    SSLCertificateFile    /etc/ssl/mycerts/$cert.crt+dh
+    # DH parameters
+    SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh2048.pem"
+
+    #   Certificate and key
+    SSLCertificateFile    /etc/ssl/mycerts/$cert.crt
     SSLCertificateKeyFile /etc/ssl/private/$cert.key
 
     #   Server Certificate Chain:
@@ -44,7 +47,7 @@
     #   the referenced file can be the same as SSLCertificateFile
     #   when the CA certificates are directly appended to the server
     #   certificate for convinience.
-    SSLCertificateChainFile /etc/ssl/mycerts/$cert.chain
+    SSLCertificateChainFile /etc/ssl/mycerts/$cert.crt
 
     #   Certificate Authority (CA):
     #   Set the CA certificate verification path where to find CA