From 02d4a5892bb3019d448c453ad279788fcd3f1531 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 15 Jun 2016 18:08:48 +0200 Subject: certs/public: fetch each cert's pubkey (SPKI), not the cert itself. To avoid new commits upon cert renewal. --- roles/lists/tasks/nginx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/lists') diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml index caa1abf..fa52781 100644 --- a/roles/lists/tasks/nginx.yml +++ b/roles/lists/tasks/nginx.yml @@ -28,7 +28,7 @@ - name: Fetch Nginx's X.509 certificate # Ensure we don't fetch private data become: False - fetch_cmd: cmd="openssl x509" + fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/nginx/ssl/lists.fripost.org.pem dest=certs/public/lists.fripost.org.pem tags: -- cgit v1.2.3