pyrox.dev
1# Fake Certificate Authority for ACME testing
2
3This will set up a test node running [pebble](https://github.com/letsencrypt/pebble)
4to serve ACME certificate requests.
5
6## "Snake oil" certs
7
8The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235).
9The root of the issue is that Nix will hash the derivation based on the arguments
10to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will
11always generate a random certificate even if the arguments are unchanged. As a
12result, it's possible to end up in a situation where the cached and local
13generated certs mismatch and cause issues with testing.
14
15To generate new certificates, run the following commands:
16
17```bash
18nix-build generate-certs.nix
19cp result/* .
20rm result
21```