fix cerbot spelling mistakes, prevent boulder-integration test from making 0000_chain.pem
This commit is contained in:
parent
f96ba0e604
commit
fd33a1492f
|
@ -16,8 +16,8 @@ file::
|
|||
|
||||
default_backend nodes
|
||||
|
||||
acl is_cerbot path_beg -i /.well-known/acme-challenge
|
||||
use_backend certbot if is_cerbot
|
||||
acl is_certbot path_beg -i /.well-known/acme-challenge
|
||||
use_backend certbot if is_certbot
|
||||
|
||||
backend certbot
|
||||
log global
|
||||
|
|
|
@ -56,7 +56,6 @@ agree-tos = True
|
|||
no-self-upgrade = True
|
||||
register-unsafely-without-email = True
|
||||
text = True
|
||||
domains testsite.nl
|
||||
debug = True
|
||||
verbose = True
|
||||
authenticator certbot-haproxy:haproxy-authenticator
|
||||
|
@ -82,7 +81,8 @@ EOF
|
|||
# TODO: Does this even work with the `chroot` directive?
|
||||
usermod -a -G vagrant haproxy
|
||||
|
||||
mkdir -p /opt/cerbot/haproxy_fullchains
|
||||
mkdir -p /opt/certbot/haproxy_fullchains
|
||||
chown -R vagrant: /opt/certbot/
|
||||
|
||||
cat <<EOF > /etc/haproxy/haproxy.cfg
|
||||
global
|
||||
|
@ -130,7 +130,7 @@ frontend http-in
|
|||
# needs to be installed *before* HAProxy will be able to start when this
|
||||
# directive is not commented.
|
||||
#
|
||||
## bind *:443 ssl crt /opt/cerbot/haproxy_fullchains
|
||||
## bind *:443 ssl crt /opt/certbot/haproxy_fullchains
|
||||
|
||||
# Forward Cerbot verification requests to the certbot-haproxy plugin
|
||||
acl is_certbot path_beg -i /.well-known/acme-challenge
|
||||
|
|
|
@ -46,7 +46,8 @@ export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \
|
|||
./examples/generate-csr.sh le3.wtf
|
||||
common auth --csr "$CSR_PATH" \
|
||||
--cert-path "${root}/csr/cert.pem" \
|
||||
--chain-path "${root}/csr/chain.pem"
|
||||
--chain-path "${root}/csr/chain.pem" \
|
||||
--fullchain-path "${root}/csr/fullchain.pem"
|
||||
openssl x509 -in "${root}/csr/cert.pem" -text
|
||||
openssl x509 -in "${root}/csr/chain.pem" -text
|
||||
|
||||
|
@ -100,7 +101,8 @@ SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \
|
|||
-out "${root}/csr-p384.der"
|
||||
common auth --csr "${root}/csr-p384.der" \
|
||||
--cert-path "${root}/csr/cert-p384.pem" \
|
||||
--chain-path "${root}/csr/chain-p384.pem"
|
||||
--chain-path "${root}/csr/chain-p384.pem" \
|
||||
--fullchain-path "${root}/csr/fullchain-p384.pem"
|
||||
openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1'
|
||||
|
||||
# OCSP Must Staple
|
||||
|
@ -109,8 +111,6 @@ openssl x509 -in "${root}/conf/live/must-staple.le.wtf/cert.pem" -text | grep '1
|
|||
|
||||
# revoke by account key
|
||||
common revoke --cert-path "$root/conf/live/le.wtf/cert.pem"
|
||||
# revoke renewed
|
||||
# common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem"
|
||||
# revoke by cert key
|
||||
common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \
|
||||
--key-path "$root/conf/live/le2.wtf/privkey.pem"
|
||||
|
|
Reference in New Issue