From d0d785ac28bca063552d2d2a4363b1b03f0e1b59 Mon Sep 17 00:00:00 2001
From: Alexander Chumakov <i@delfer.ru>
Date: Fri, 10 Jun 2022 10:12:15 +0300
Subject: [PATCH] Fix stop_services; fix ssl_protocols

certbot_create_standalone_stop_services is ok for this test case, but for use as a complete example should stop nginx service.
Also TLSv1.1 is not safety, better to use TLSv1.2 and TLSv1.3.
---
 molecule/default/playbook-standalone-nginx-aws.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/molecule/default/playbook-standalone-nginx-aws.yml b/molecule/default/playbook-standalone-nginx-aws.yml
index 4d9fdd3..6966b27 100644
--- a/molecule/default/playbook-standalone-nginx-aws.yml
+++ b/molecule/default/playbook-standalone-nginx-aws.yml
@@ -89,7 +89,8 @@
   vars:
     certbot_admin_email: https@servercheck.in
     certbot_create_if_missing: true
-    certbot_create_standalone_stop_services: []
+    certbot_create_standalone_stop_services:
+      - nginx
     certbot_certs:
       - domains:
           - certbot-test.servercheck.in
@@ -104,7 +105,7 @@
         extra_parameters: |
           ssl_certificate     /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem;
           ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem;
-          ssl_protocols       TLSv1.1 TLSv1.2;
+          ssl_protocols       TLSv1.2 TLSv1.3;
           ssl_ciphers         HIGH:!aNULL:!MD5;
 
   pre_tasks: