hack hack

puppet/modules/redmine/manifests/init.pp

@@ -223,13 +223,6 @@
   }
 
   if $https {
-    letsencrypt::certonly { $servername:
-      plugin        => 'webroot',
-      domains       => [$servername],
-      webroot_paths => [$docroot],
-      require       => Vcsrepo[$app_root],
-    }
-
     apache::vhost { "${servername}-https":
       add_default_charset => 'UTF-8',
       docroot             => $docroot,
@@ -239,13 +232,10 @@
       priority            => $priority,
       servername          => $servername,
       ssl                 => true,
-      ssl_cert            => "/etc/letsencrypt/live/${servername}/fullchain.pem",
-      ssl_chain           => "/etc/letsencrypt/live/${servername}/chain.pem",
-      ssl_key             => "/etc/letsencrypt/live/${servername}/privkey.pem",
       headers             => [
         'set Strict-Transport-Security: max-age=15778800;',
       ],
-      require             => [Letsencrypt::Certonly[$servername], Exec['install redmine']],
+      require             => [Exec['install redmine']],
       *                   => $apache_backend_config,
     }
   }

vagrant/manifests/default.pp

@@ -20,4 +20,26 @@
 
 node /^redmine.*/ {
   include profiles::redmine
+
+  # Not /etc/foreman because purging removes that
+  $certificate = "/etc/pki/tls/certs/localhost.crt"
+  $key = "/etc/pki/tls/private/localhost.key"
+
+  exec { 'Generate certificate':
+    command => "openssl req -nodes -x509 -newkey rsa:2048 -subj '/CN=${facts['networking']['fqdn']}' -keyout '${key}' -out '${certificate}' -days 365",
+    path    => ['/bin', '/usr/bin'],
+    creates => $certificate,
+    umask   => '0022',
+  }
+  -> file { [$key, $certificate]:
+    owner => 'root',
+    group => 'apache',
+    mode  => '0640',
+  }
+
+  class {'redmine':
+    repo_branch => 'new-redmine',
+    deployment  => 'puma',
+    https       => true,
+  }
 }