blob: 9de2b2c710292ea594ce4f63cb2af94cf818a1e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# Fake Certificate Authority for ACME testing
This will set up a test node running [pebble](https://github.com/letsencrypt/pebble)
to serve ACME certificate requests.
## "Snake oil" certs
The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235).
The root of the issue is that Nix will hash the derivation based on the arguments
to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will
always generate a random certificate even if the arguments are unchanged. As a
result, it's possible to end up in a situation where the cached and local
generated certs mismatch and cause issues with testing.
To generate new certificates, run the following commands:
```bash
nix-build generate-certs.nix
cp result/* .
rm result
```
|