fix cerbot spelling mistakes, prevent boulder-integration test from making 0000_chain.pem
This commit is contained in:
parent
f96ba0e604
commit
fd33a1492f
|
@ -16,8 +16,8 @@ file::
|
||||||
|
|
||||||
default_backend nodes
|
default_backend nodes
|
||||||
|
|
||||||
acl is_cerbot path_beg -i /.well-known/acme-challenge
|
acl is_certbot path_beg -i /.well-known/acme-challenge
|
||||||
use_backend certbot if is_cerbot
|
use_backend certbot if is_certbot
|
||||||
|
|
||||||
backend certbot
|
backend certbot
|
||||||
log global
|
log global
|
||||||
|
|
|
@ -56,7 +56,6 @@ agree-tos = True
|
||||||
no-self-upgrade = True
|
no-self-upgrade = True
|
||||||
register-unsafely-without-email = True
|
register-unsafely-without-email = True
|
||||||
text = True
|
text = True
|
||||||
domains testsite.nl
|
|
||||||
debug = True
|
debug = True
|
||||||
verbose = True
|
verbose = True
|
||||||
authenticator certbot-haproxy:haproxy-authenticator
|
authenticator certbot-haproxy:haproxy-authenticator
|
||||||
|
@ -82,7 +81,8 @@ EOF
|
||||||
# TODO: Does this even work with the `chroot` directive?
|
# TODO: Does this even work with the `chroot` directive?
|
||||||
usermod -a -G vagrant haproxy
|
usermod -a -G vagrant haproxy
|
||||||
|
|
||||||
mkdir -p /opt/cerbot/haproxy_fullchains
|
mkdir -p /opt/certbot/haproxy_fullchains
|
||||||
|
chown -R vagrant: /opt/certbot/
|
||||||
|
|
||||||
cat <<EOF > /etc/haproxy/haproxy.cfg
|
cat <<EOF > /etc/haproxy/haproxy.cfg
|
||||||
global
|
global
|
||||||
|
@ -130,7 +130,7 @@ frontend http-in
|
||||||
# needs to be installed *before* HAProxy will be able to start when this
|
# needs to be installed *before* HAProxy will be able to start when this
|
||||||
# directive is not commented.
|
# directive is not commented.
|
||||||
#
|
#
|
||||||
## bind *:443 ssl crt /opt/cerbot/haproxy_fullchains
|
## bind *:443 ssl crt /opt/certbot/haproxy_fullchains
|
||||||
|
|
||||||
# Forward Cerbot verification requests to the certbot-haproxy plugin
|
# Forward Cerbot verification requests to the certbot-haproxy plugin
|
||||||
acl is_certbot path_beg -i /.well-known/acme-challenge
|
acl is_certbot path_beg -i /.well-known/acme-challenge
|
||||||
|
|
|
@ -46,7 +46,8 @@ export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \
|
||||||
./examples/generate-csr.sh le3.wtf
|
./examples/generate-csr.sh le3.wtf
|
||||||
common auth --csr "$CSR_PATH" \
|
common auth --csr "$CSR_PATH" \
|
||||||
--cert-path "${root}/csr/cert.pem" \
|
--cert-path "${root}/csr/cert.pem" \
|
||||||
--chain-path "${root}/csr/chain.pem"
|
--chain-path "${root}/csr/chain.pem" \
|
||||||
|
--fullchain-path "${root}/csr/fullchain.pem"
|
||||||
openssl x509 -in "${root}/csr/cert.pem" -text
|
openssl x509 -in "${root}/csr/cert.pem" -text
|
||||||
openssl x509 -in "${root}/csr/chain.pem" -text
|
openssl x509 -in "${root}/csr/chain.pem" -text
|
||||||
|
|
||||||
|
@ -100,7 +101,8 @@ SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \
|
||||||
-out "${root}/csr-p384.der"
|
-out "${root}/csr-p384.der"
|
||||||
common auth --csr "${root}/csr-p384.der" \
|
common auth --csr "${root}/csr-p384.der" \
|
||||||
--cert-path "${root}/csr/cert-p384.pem" \
|
--cert-path "${root}/csr/cert-p384.pem" \
|
||||||
--chain-path "${root}/csr/chain-p384.pem"
|
--chain-path "${root}/csr/chain-p384.pem" \
|
||||||
|
--fullchain-path "${root}/csr/fullchain-p384.pem"
|
||||||
openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1'
|
openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1'
|
||||||
|
|
||||||
# OCSP Must Staple
|
# OCSP Must Staple
|
||||||
|
@ -109,8 +111,6 @@ openssl x509 -in "${root}/conf/live/must-staple.le.wtf/cert.pem" -text | grep '1
|
||||||
|
|
||||||
# revoke by account key
|
# revoke by account key
|
||||||
common revoke --cert-path "$root/conf/live/le.wtf/cert.pem"
|
common revoke --cert-path "$root/conf/live/le.wtf/cert.pem"
|
||||||
# revoke renewed
|
|
||||||
# common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem"
|
|
||||||
# revoke by cert key
|
# revoke by cert key
|
||||||
common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \
|
common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \
|
||||||
--key-path "$root/conf/live/le2.wtf/privkey.pem"
|
--key-path "$root/conf/live/le2.wtf/privkey.pem"
|
||||||
|
|
Reference in New Issue