Add README file to each live directory explaining its contents. (#3696)

* Add README file to each live directory explaining its contents. * add tests * Update README copy * add fragment * update copy * lint errors
2026-06-07 15:52:08 -04:00 · 2016-11-09 12:55:18 -08:00 · 2016-11-09 12:55:18 -08:00 · 04bec308fb
commit 04bec308fb
parent 469b5fd441
2 changed files with 19 additions and 0 deletions
--- a/certbot/storage.py
+++ b/certbot/storage.py
@ -841,6 +841,21 @@ class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
            logger.debug("Writing full chain to %s.", target["fullchain"])
            f.write(cert + chain)

+        # Write a README file to the live directory
+        readme_path = os.path.join(live_dir, "README")
+        with open(readme_path, "w") as f:
+            logger.debug("Writing README to %s.", readme_path)
+            f.write("This directory contains your keys and certificates.\n\n"
+                    "`privkey.pem`  : the private key for your certificate.\n"
+                    "`fullchain.pem`: the certificate file used in most server software.\n"
+                    "`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.\n"
+                    "`cert.pem`     : will break many server configurations, and "
+                                        "should not be used\n"
+                    "                 without reading further documentation (see link below).\n\n"
+                    "We recommend not moving these files. For more information, see the Certbot\n"
+                    "User Guide at https://certbot.eff.org/docs/using.html#where-are-my-"
+                                        "certificates.\n")
+
        # Document what we've done in a new renewal config file
        config_file.close()

--- a/certbot/tests/storage_test.py
+++ b/certbot/tests/storage_test.py
@ -580,6 +580,8 @@ class RenewableCertTests(BaseRenewableCertTest):
        self.assertTrue(result._consistent())
        self.assertTrue(os.path.exists(os.path.join(
            self.cli_config.renewal_configs_dir, "the-lineage.com.conf")))
+        self.assertTrue(os.path.exists(os.path.join(
+            self.cli_config.live_dir, "the-lineage.com", "README")))
        with open(result.fullchain, "rb") as f:
            self.assertEqual(f.read(), b"cert" + b"chain")
        # Let's do it again and make sure it makes a different lineage
@ -587,6 +589,8 @@ class RenewableCertTests(BaseRenewableCertTest):
            "the-lineage.com", b"cert2", b"privkey2", b"chain2", self.cli_config)
        self.assertTrue(os.path.exists(os.path.join(
            self.cli_config.renewal_configs_dir, "the-lineage.com-0001.conf")))
+        self.assertTrue(os.path.exists(os.path.join(
+            self.cli_config.live_dir, "the-lineage.com-0001", "README")))
        # Now trigger the detection of already existing files
        os.mkdir(os.path.join(
            self.cli_config.live_dir, "the-lineage.com-0002"))