Use proper ssl cert config for prosody.
--- a/prosody/defaults/main.yaml Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/defaults/main.yaml Sat Sep 05 21:31:59 2020 -0500
@@ -1,6 +1,4 @@
---
-prosody_ssl_dir: "/etc/prosody/certs/{{prosody_vhost}}"
-
prosody_db: "prosody_{{prosody_instance}}"
prosody_db_port: "5432"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/prosody/files/prosody.sh Sat Sep 05 21:31:59 2020 -0500
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+prosodyctl --root cert import /etc/letsencrypt/live
--- a/prosody/tasks/main.yaml Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/tasks/main.yaml Sat Sep 05 21:31:59 2020 -0500
@@ -20,19 +20,17 @@
template: src="prosody.cfg.lua.j2" dest="/etc/prosody/conf.avail/{{prosody_vhost}}.cfg.lua"
notify: restart prosody
-- name: copy ssl keys
+- name: install letsencrypt ssl deploy hook
become: yes
copy:
- src: "{{item}}"
- dest: "{{prosody_ssl_dir}}/"
- remote_src: yes
- mode: "0640"
- owner: "root"
- group: "prosody"
+ src: "prosody.sh"
+ dest: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
+ mode: "0755"
+
+- name: run letsencrypt ssl deploy hook
+ become: yes
+ command: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
notify: restart prosody
- loop:
- - "{{prosody_ssl_privkey_src}}"
- - "{{prosody_ssl_cert_src}}"
- name: install db schema file
become: yes
--- a/prosody/templates/prosody.cfg.lua.j2 Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/templates/prosody.cfg.lua.j2 Sat Sep 05 21:31:59 2020 -0500
@@ -1,10 +1,5 @@
VirtualHost "{{prosody_vhost}}"
-ssl = {
- key = "{{prosody_ssl_privkey}}";
- certificate = "{{prosody_ssl_cert}}";
-}
-
storage = "sql"
sql = {
driver = "PostgreSQL";