use new OCSP cache path

2023-07-09 18:23:17 -04:00 · 2023-07-09 18:23:17 -04:00 · 74b26bbba5
commit 74b26bbba5
parent cf26b8423d
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@ -10,6 +10,6 @@ for replica in ${replicas[@]}; do
    echo

    rsync -rptvl --fsync --delete /etc/letsencrypt/ $replica:/etc/letsencrypt
-    rsync -rptvl --fsync --delete /etc/nginx/ocsp-cache/ $replica:/etc/nginx/ocsp-cache
+    rsync -rptvl --fsync --delete /var/cache/certbot-ocsp-fetcher/ $replica:/var/cache/certbot-ocsp-fetcher
    ssh root@$replica nginx -s reload
 done
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -70,7 +70,7 @@ http {
    ssl_stapling on;
    ssl_stapling_verify on;
    # maintained by certbot-ocsp-fetcher
-    ssl_stapling_file ocsp-cache/grapheneos.org.der;
+    ssl_stapling_file /var/cache/certbot-ocsp-fetcher/grapheneos.org.der;

    log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_protocol $server_protocol '
        '$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '