diff options
| -rw-r--r-- | nixos/tests/acme.nix | 9 | ||||
| -rw-r--r-- | nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch | 25 | ||||
| -rw-r--r-- | nixos/tests/common/letsencrypt/default.nix | 12 |
3 files changed, 8 insertions, 38 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 85d32d109442..206d97849f02 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -12,8 +12,11 @@ in import ./make-test.nix { networking.extraHosts = '' ${config.networking.primaryIPAddress} standalone.com ''; - security.acme.certs."standalone.com" = { - webroot = "/var/lib/acme/acme-challenges"; + security.acme = { + server = "https://acme-v02.api.letsencrypt.org/dir"; + certs."standalone.com" = { + webroot = "/var/lib/acme/acme-challenges"; + }; }; systemd.targets."acme-finished-standalone.com" = {}; systemd.services."acme-standalone.com" = { @@ -54,6 +57,8 @@ in import ./make-test.nix { ''; }; + security.acme.server = "https://acme-v02.api.letsencrypt.org/dir"; + nesting.clone = [ ({pkgs, ...}: { diff --git a/nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch b/nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch deleted file mode 100644 index 9d4a483dd889..000000000000 --- a/nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c3b4004386074342d22cab5e129c1f7e623f4272 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?F=C3=A9lix=20Baylac-Jacqu=C3=A9?= <felix@alternativebit.fr> -Date: Mon, 21 Oct 2019 10:56:13 +0200 -Subject: [PATCH] Change ACME directory endpoint to /directory - ---- - wfe/wfe.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/wfe/wfe.go b/wfe/wfe.go -index e24797f..10d29fb 100644 ---- a/wfe/wfe.go -+++ b/wfe/wfe.go -@@ -39,7 +39,7 @@ const ( - // Note: We deliberately pick endpoint paths that differ from Boulder to - // exercise clients processing of the /directory response - // We export the DirectoryPath so that the pebble binary can reference it -- DirectoryPath = "/dir" -+ DirectoryPath = "/directory" - noncePath = "/nonce-plz" - newAccountPath = "/sign-me-up" - acctPath = "/my-account/" --- -2.23.0 - diff --git a/nixos/tests/common/letsencrypt/default.nix b/nixos/tests/common/letsencrypt/default.nix index aaf2896f21cb..110a2520971d 100644 --- a/nixos/tests/common/letsencrypt/default.nix +++ b/nixos/tests/common/letsencrypt/default.nix @@ -62,17 +62,7 @@ let siteDomain = "letsencrypt.org"; siteCertFile = snakeOilCerts.${siteDomain}.cert; siteKeyFile = snakeOilCerts.${siteDomain}.key; - pebble = pkgs.pebble.overrideAttrs (attrs: { - # The pebble directory endpoint is /dir when the bouder (official - # ACME server) is /directory. Sadly, this endpoint is hardcoded, - # we have to patch it. - # - # Tried to upstream, that said upstream maintainers rather keep - # this custom endpoint to test ACME clients robustness. See - # https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242 - patches = [ ./0001-Change-ACME-directory-endpoint-to-directory.patch ]; - }); - + pebble = pkgs.pebble; resolver = let message = "You need to define a resolver for the letsencrypt test module."; firstNS = lib.head config.networking.nameservers; |