mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00

History

Lucas Savva 229640ed3a nixos/tests/acme: Refactor test suite Split tests up based on certain use cases: - http01-builtin: Tests most functionality of the core module, such as the systemd and hashing components, whilst utilising lego's built in http01 resolution mechanis. - dns01: Tests only that DNS01 renewal works as expected. - nginx: Tests nginx compatability - httpd: Tests httpd compatability - caddy: Tests caddy compatability		2025-02-22 23:58:29 +00:00
..
acme.test.cert.pem
acme.test.key.pem
ca.cert.pem
ca.key.pem
default.nix	nixos/tests/acme: Refactor test suite	2025-02-22 23:58:29 +00:00
generate-certs.nix	treewide: format all inactive Nix files	2024-12-10 20:26:33 +01:00
README.md
snakeoil-certs.nix	treewide: format all inactive Nix files	2024-12-10 20:26:33 +01:00

README.md

Fake Certificate Authority for ACME testing

This will set up a test node running pebble to serve ACME certificate requests.

"Snake oil" certs

The snake oil certs are hard coded into the repo for reasons explained here. The root of the issue is that Nix will hash the derivation based on the arguments to mkDerivation, not the output. Minica will always generate a random certificate even if the arguments are unchanged. As a result, it's possible to end up in a situation where the cached and local generated certs mismatch and cause issues with testing.

To generate new certificates, run the following commands:

nix-build generate-certs.nix
cp result/* .
rm result