From 02d4a5892bb3019d448c453ad279788fcd3f1531 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 15 Jun 2016 18:08:48 +0200
Subject: certs/public: fetch each cert's pubkey (SPKI), not the cert itself.

To avoid new commits upon cert renewal.
---
 roles/lists/tasks/nginx.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/lists/tasks/nginx.yml')

diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
index caa1abf..fa52781 100644
--- a/roles/lists/tasks/nginx.yml
+++ b/roles/lists/tasks/nginx.yml
@@ -28,7 +28,7 @@
 - name: Fetch Nginx's X.509 certificate
   # Ensure we don't fetch private data
   become: False
-  fetch_cmd: cmd="openssl x509"
+  fetch_cmd: cmd="openssl x509 -noout -pubkey"
              stdin=/etc/nginx/ssl/lists.fripost.org.pem
              dest=certs/public/lists.fripost.org.pem
   tags:
-- 
cgit v1.2.3