From fd33a1492faa02fbef343033024be007116142c8 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Mon, 22 Aug 2016 17:41:12 +0200 Subject: [PATCH] fix cerbot spelling mistakes, prevent boulder-integration test from making 0000_chain.pem --- certbot_haproxy/authenticator.py | 4 ++-- provisioning_client.sh | 6 +++--- tests/boulder-integration.sh | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/certbot_haproxy/authenticator.py b/certbot_haproxy/authenticator.py index 8fa5e68..68e2288 100644 --- a/certbot_haproxy/authenticator.py +++ b/certbot_haproxy/authenticator.py @@ -16,8 +16,8 @@ file:: default_backend nodes - acl is_cerbot path_beg -i /.well-known/acme-challenge - use_backend certbot if is_cerbot + acl is_certbot path_beg -i /.well-known/acme-challenge + use_backend certbot if is_certbot backend certbot log global diff --git a/provisioning_client.sh b/provisioning_client.sh index 82e7beb..67a84f9 100644 --- a/provisioning_client.sh +++ b/provisioning_client.sh @@ -56,7 +56,6 @@ agree-tos = True no-self-upgrade = True register-unsafely-without-email = True text = True -domains testsite.nl debug = True verbose = True authenticator certbot-haproxy:haproxy-authenticator @@ -82,7 +81,8 @@ EOF # TODO: Does this even work with the `chroot` directive? usermod -a -G vagrant haproxy -mkdir -p /opt/cerbot/haproxy_fullchains +mkdir -p /opt/certbot/haproxy_fullchains +chown -R vagrant: /opt/certbot/ cat < /etc/haproxy/haproxy.cfg global @@ -130,7 +130,7 @@ frontend http-in # needs to be installed *before* HAProxy will be able to start when this # directive is not commented. # - ## bind *:443 ssl crt /opt/cerbot/haproxy_fullchains + ## bind *:443 ssl crt /opt/certbot/haproxy_fullchains # Forward Cerbot verification requests to the certbot-haproxy plugin acl is_certbot path_beg -i /.well-known/acme-challenge diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh index 758a7d3..7c00c4e 100755 --- a/tests/boulder-integration.sh +++ b/tests/boulder-integration.sh @@ -46,7 +46,8 @@ export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \ ./examples/generate-csr.sh le3.wtf common auth --csr "$CSR_PATH" \ --cert-path "${root}/csr/cert.pem" \ - --chain-path "${root}/csr/chain.pem" + --chain-path "${root}/csr/chain.pem" \ + --fullchain-path "${root}/csr/fullchain.pem" openssl x509 -in "${root}/csr/cert.pem" -text openssl x509 -in "${root}/csr/chain.pem" -text @@ -100,7 +101,8 @@ SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \ -out "${root}/csr-p384.der" common auth --csr "${root}/csr-p384.der" \ --cert-path "${root}/csr/cert-p384.pem" \ - --chain-path "${root}/csr/chain-p384.pem" + --chain-path "${root}/csr/chain-p384.pem" \ + --fullchain-path "${root}/csr/fullchain-p384.pem" openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1' # OCSP Must Staple @@ -109,8 +111,6 @@ openssl x509 -in "${root}/conf/live/must-staple.le.wtf/cert.pem" -text | grep '1 # revoke by account key common revoke --cert-path "$root/conf/live/le.wtf/cert.pem" -# revoke renewed -# common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem" # revoke by cert key common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \ --key-path "$root/conf/live/le2.wtf/privkey.pem"