History

Luke Granger-Brown f92e137cfb Some checks failed / combine-systems (push) Blocked by required conditions Details / build (x86_64-linux) (push) Failing after 11m44s Details / build (aarch64-linux) (push) Failing after 11m50s Details / build (push) Failing after 16m42s Details Merge commit '1e2ed035f4bebc9adad02b365508ad96f7df87c1' into HEAD		2025-03-02 02:23:32 +00:00
..
acme.test.cert.pem	Merge commit '57725ef3ec0b51fea97137fca7cb8f14c98b4525' as 'third_party/nixpkgs'	2024-11-10 23:59:47 +00:00
acme.test.key.pem	Merge commit '57725ef3ec0b51fea97137fca7cb8f14c98b4525' as 'third_party/nixpkgs'	2024-11-10 23:59:47 +00:00
ca.cert.pem	Merge commit '57725ef3ec0b51fea97137fca7cb8f14c98b4525' as 'third_party/nixpkgs'	2024-11-10 23:59:47 +00:00
ca.key.pem	Merge commit '57725ef3ec0b51fea97137fca7cb8f14c98b4525' as 'third_party/nixpkgs'	2024-11-10 23:59:47 +00:00
default.nix	Merge commit '1e2ed035f4bebc9adad02b365508ad96f7df87c1' into HEAD	2025-03-02 02:23:32 +00:00
generate-certs.nix	Merge commit 'fece082f6c165d89daf650c3b80a074079b8af50' into HEAD	2024-12-13 20:54:23 +00:00
README.md	Merge commit '57725ef3ec0b51fea97137fca7cb8f14c98b4525' as 'third_party/nixpkgs'	2024-11-10 23:59:47 +00:00
snakeoil-certs.nix	Merge commit 'fece082f6c165d89daf650c3b80a074079b8af50' into HEAD	2024-12-13 20:54:23 +00:00

README.md

Fake Certificate Authority for ACME testing

This will set up a test node running pebble to serve ACME certificate requests.

"Snake oil" certs

The snake oil certs are hard coded into the repo for reasons explained here. The root of the issue is that Nix will hash the derivation based on the arguments to mkDerivation, not the output. Minica will always generate a random certificate even if the arguments are unchanged. As a result, it's possible to end up in a situation where the cached and local generated certs mismatch and cause issues with testing.

To generate new certificates, run the following commands:

nix-build generate-certs.nix
cp result/* .
rm result