You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With OCSP_FETCH="yes", the code responsible for fetching the OCSP response is run after the deploy_cert & unchanged_cert hooks are called. This makes it impossible to update the stapling files for haproxy & other webservers that require the file to be named in a specific way.
Perhaps one way of solving it could be calling a new hook ocsp_update whenever the response is updated: [[ -n "${HOOK}" ]] && "${HOOK}" "ocsp_update" "${domain}" "${certdir}/ocsp.der"
The text was updated successfully, but these errors were encountered:
I merged your pull-request but extended it in 8ba56a8. Basically renamed the hook to deploy_ocsp (to be similar to deploy_cert) and exported altnames for use inside the hook. Thanks for the suggestion and the initial pull-request!
If I understand correctly, deploy_ocsp hook should be responsible for triggering cert/key/ocsp reload, and deploy_cert hook should not be used. Just in case a certificate was issued successfully, while fetching ocsp failed. A new cert should not be used in conjunction with old ocsp.der.
With
OCSP_FETCH="yes"
, the code responsible for fetching the OCSP response is run after the deploy_cert & unchanged_cert hooks are called. This makes it impossible to update the stapling files for haproxy & other webservers that require the file to be named in a specific way.Perhaps one way of solving it could be calling a new hook
ocsp_update
whenever the response is updated:[[ -n "${HOOK}" ]] && "${HOOK}" "ocsp_update" "${domain}" "${certdir}/ocsp.der"
The text was updated successfully, but these errors were encountered: