From 04bec308fb126860a28689579cc449d7646bb42a Mon Sep 17 00:00:00 2001
From: Erica Portnoy <ebportnoy@gmail.com>
Date: Wed, 9 Nov 2016 12:55:18 -0800
Subject: [PATCH] Add README file to each live directory explaining its
 contents. (#3696)

* Add README file to each live directory explaining its contents.

* add tests

* Update README copy

* add fragment

* update copy

* lint errors
---
 certbot/storage.py            | 15 +++++++++++++++
 certbot/tests/storage_test.py |  4 ++++
 2 files changed, 19 insertions(+)

diff --git a/certbot/storage.py b/certbot/storage.py
index 7b2f575b7..1fc13a5df 100644
--- a/certbot/storage.py
+++ b/certbot/storage.py
@@ -841,6 +841,21 @@ class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
             logger.debug("Writing full chain to %s.", target["fullchain"])
             f.write(cert + chain)
 
+        # Write a README file to the live directory
+        readme_path = os.path.join(live_dir, "README")
+        with open(readme_path, "w") as f:
+            logger.debug("Writing README to %s.", readme_path)
+            f.write("This directory contains your keys and certificates.\n\n"
+                    "`privkey.pem`  : the private key for your certificate.\n"
+                    "`fullchain.pem`: the certificate file used in most server software.\n"
+                    "`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.\n"
+                    "`cert.pem`     : will break many server configurations, and "
+                                        "should not be used\n"
+                    "                 without reading further documentation (see link below).\n\n"
+                    "We recommend not moving these files. For more information, see the Certbot\n"
+                    "User Guide at https://certbot.eff.org/docs/using.html#where-are-my-"
+                                        "certificates.\n")
+
         # Document what we've done in a new renewal config file
         config_file.close()
 
diff --git a/certbot/tests/storage_test.py b/certbot/tests/storage_test.py
index 4d7323e66..46e2aff0d 100644
--- a/certbot/tests/storage_test.py
+++ b/certbot/tests/storage_test.py
@@ -580,6 +580,8 @@ class RenewableCertTests(BaseRenewableCertTest):
         self.assertTrue(result._consistent())
         self.assertTrue(os.path.exists(os.path.join(
             self.cli_config.renewal_configs_dir, "the-lineage.com.conf")))
+        self.assertTrue(os.path.exists(os.path.join(
+            self.cli_config.live_dir, "the-lineage.com", "README")))
         with open(result.fullchain, "rb") as f:
             self.assertEqual(f.read(), b"cert" + b"chain")
         # Let's do it again and make sure it makes a different lineage
@@ -587,6 +589,8 @@ class RenewableCertTests(BaseRenewableCertTest):
             "the-lineage.com", b"cert2", b"privkey2", b"chain2", self.cli_config)
         self.assertTrue(os.path.exists(os.path.join(
             self.cli_config.renewal_configs_dir, "the-lineage.com-0001.conf")))
+        self.assertTrue(os.path.exists(os.path.join(
+            self.cli_config.live_dir, "the-lineage.com-0001", "README")))
         # Now trigger the detection of already existing files
         os.mkdir(os.path.join(
             self.cli_config.live_dir, "the-lineage.com-0002"))