update readme for uib certificate

README.md

@@ -16,10 +16,12 @@ A local rewrite of geerlingguy/ansible-role-apache with some local modifications
 
 * apache certbot (letsencrypt)
 
+* uib ssl
+
 ## Requirements
 
-Local modifications requires a centos-7 host.
-If cronjob for ssl renewal is set, chronic (more-utils) is required.
+Local modifications requires a centos-7/centos8 host.
+If cronjob for ssl renewal is set, chronic (more-utils) is required. If on centos8 more-utils requires powertools to be enabled.
 
 ## Local changes
 
@@ -55,11 +57,27 @@ vhost.ssl (undef, true if ssl to be used)
           http_only_extra_parameters: |
             ProxyPass /example.dtd http://localhost:8080/service/example.dtd
           ssl: true
+          ssl_type: "uib|letsencrypt" # default letsencrypt if empty
     become: true
     tags:
       - httpd
 ```
 
+If uib is set, an email is sent to serveradmin containing a template for creating a ssl-request in hjelp.uib.no.
+You get another email from the certificate provider containing various urls.
+
+Continue by adding to the vhost section after ssl_type:
+
+```
+...
+ssl_type: "uib"
+certificate_interm_only_url: "# url from link to intermediate certificate only"
+certificate_only_url: "# url from email to certificate only"
+```
+The role will fail (var not set) until these are set. When rerunning the playbook, a certificate should be set.
+
+@todo Renewing a certificate.
+
 * End of local changes * 
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):