Retire DigiCert certificates for previously pinned domains

While working on a solution for #41672 (closed), we decided to temporarily deploy DigiCert TLS certificates for five domains that used to be pinned in Firefox and Chrome/Chromium:

The temporary certificates have a validity of 1 year, but we should switch back to Let's Encrypt certificates way before that, say 3 months from now, once we're confident that older browser versions no longer rely on their own certificate pinning configurations.

Note that all of these websites are static web components, while check.torproject.org is hosted on its own machine, check-01.

It should be sufficient to simply remove the provider => 'digicert' parameter altogether from the corresponding ssl::service Puppet resource managing each of these certificates.

Edited Nov 14, 2024 by Jérôme Charaoui