Commit fd33a149 authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

fix cerbot spelling mistakes, prevent boulder-integration test from making 0000_chain.pem

parent f96ba0e6
......@@ -16,8 +16,8 @@ file::
default_backend nodes
acl is_cerbot path_beg -i /.well-known/acme-challenge
use_backend certbot if is_cerbot
acl is_certbot path_beg -i /.well-known/acme-challenge
use_backend certbot if is_certbot
backend certbot
log global
......
......@@ -56,7 +56,6 @@ agree-tos = True
no-self-upgrade = True
register-unsafely-without-email = True
text = True
domains testsite.nl
debug = True
verbose = True
authenticator certbot-haproxy:haproxy-authenticator
......@@ -82,7 +81,8 @@ EOF
# TODO: Does this even work with the `chroot` directive?
usermod -a -G vagrant haproxy
mkdir -p /opt/cerbot/haproxy_fullchains
mkdir -p /opt/certbot/haproxy_fullchains
chown -R vagrant: /opt/certbot/
cat <<EOF > /etc/haproxy/haproxy.cfg
global
......@@ -130,7 +130,7 @@ frontend http-in
# needs to be installed *before* HAProxy will be able to start when this
# directive is not commented.
#
## bind *:443 ssl crt /opt/cerbot/haproxy_fullchains
## bind *:443 ssl crt /opt/certbot/haproxy_fullchains
# Forward Cerbot verification requests to the certbot-haproxy plugin
acl is_certbot path_beg -i /.well-known/acme-challenge
......
......@@ -46,7 +46,8 @@ export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \
./examples/generate-csr.sh le3.wtf
common auth --csr "$CSR_PATH" \
--cert-path "${root}/csr/cert.pem" \
--chain-path "${root}/csr/chain.pem"
--chain-path "${root}/csr/chain.pem" \
--fullchain-path "${root}/csr/fullchain.pem"
openssl x509 -in "${root}/csr/cert.pem" -text
openssl x509 -in "${root}/csr/chain.pem" -text
......@@ -100,7 +101,8 @@ SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \
-out "${root}/csr-p384.der"
common auth --csr "${root}/csr-p384.der" \
--cert-path "${root}/csr/cert-p384.pem" \
--chain-path "${root}/csr/chain-p384.pem"
--chain-path "${root}/csr/chain-p384.pem" \
--fullchain-path "${root}/csr/fullchain-p384.pem"
openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1'
# OCSP Must Staple
......@@ -109,8 +111,6 @@ openssl x509 -in "${root}/conf/live/must-staple.le.wtf/cert.pem" -text | grep '1
# revoke by account key
common revoke --cert-path "$root/conf/live/le.wtf/cert.pem"
# revoke renewed
# common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem"
# revoke by cert key
common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \
--key-path "$root/conf/live/le2.wtf/privkey.pem"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment