Enable https on consul

ansible/roles/consul_server/tasks/Debian.yml

@@ -38,7 +38,7 @@
   register: exp
 
 - name: get cert
-  shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
+  shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
   args:
     executable: /bin/bash
   environment:

ansible/roles/consul_server/tasks/FreeBSD.yml

@@ -38,7 +38,7 @@
   register: exp
 
 - name: get cert
-  shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
+  shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
   args:
     executable: /usr/local/bin/bash
   environment:

ansible/roles/consul_server/templates/consul.hcl.j2

@@ -8,9 +8,10 @@ ui                  = true
 
 encrypt             = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
 
-verify_incoming         = true
 verify_outgoing         = true
 verify_server_hostname  = true
+verify_incoming_https   = false
+verify_incoming_rpc     = true
 ca_file                 = "/etc/pki/certs/{{ vault_ca_cert_name }}"
 cert_file               = "{{ consul_config_path }}/certs/consul-server.pem"
 key_file                = "{{ consul_config_path }}/certs/consul-server.key"
@@ -29,8 +30,12 @@ raft_protocol       = 3
 enable_local_script_checks = true
 
 addresses {
- http = "0.0.0.0"
+  https = "0.0.0.0"
- dns  = "0.0.0.0"
+  dns   = "0.0.0.0"
+}
+
+ports {
+  https = 8501
 }
 
 performance {