From 74b26bbba5ee9fd0a409622b8f77e28a953bc711 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 9 Jul 2023 18:23:17 -0400
Subject: [PATCH] use new OCSP cache path

---
 certbot-replicate | 2 +-
 nginx/nginx.conf  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/certbot-replicate b/certbot-replicate
index 44e37398..d58189cb 100755
--- a/certbot-replicate
+++ b/certbot-replicate
@@ -10,6 +10,6 @@ for replica in ${replicas[@]}; do
     echo
 
     rsync -rptvl --fsync --delete /etc/letsencrypt/ $replica:/etc/letsencrypt
-    rsync -rptvl --fsync --delete /etc/nginx/ocsp-cache/ $replica:/etc/nginx/ocsp-cache
+    rsync -rptvl --fsync --delete /var/cache/certbot-ocsp-fetcher/ $replica:/var/cache/certbot-ocsp-fetcher
     ssh root@$replica nginx -s reload
 done
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 72fc3b78..22a7d960 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -70,7 +70,7 @@ http {
     ssl_stapling on;
     ssl_stapling_verify on;
     # maintained by certbot-ocsp-fetcher
-    ssl_stapling_file ocsp-cache/grapheneos.org.der;
+    ssl_stapling_file /var/cache/certbot-ocsp-fetcher/grapheneos.org.der;
 
     log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_protocol $server_protocol '
         '$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '