diff --git a/certbot-nginx/tests/boulder-integration.sh b/certbot-nginx/tests/boulder-integration.sh
index bd35aee21..996cc2201 100755
--- a/certbot-nginx/tests/boulder-integration.sh
+++ b/certbot-nginx/tests/boulder-integration.sh
@@ -6,14 +6,18 @@
 export PATH="/usr/sbin:$PATH"  # /usr/sbin/nginx
 nginx_root="$root/nginx"
 mkdir $nginx_root
-root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh > $nginx_root/nginx.conf
+original=$(root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh)
+nginx_conf="$nginx_root/nginx.conf"
+echo "$original" > $nginx_conf
+
 
 killall nginx || true
 nginx -c $nginx_root/nginx.conf
 
 certbot_test_nginx () {
     certbot_test \
-        --configurator nginx \
+        --authenticator nginx \
+        --installer nginx \
         --nginx-server-root $nginx_root \
         "$@"
 }
@@ -23,6 +27,9 @@ echo | openssl s_client -connect localhost:5001 \
     | openssl x509 -out $root/nginx.pem
 diff -q $root/nginx.pem $root/conf/live/nginx.wtf/cert.pem
 
+certbot_test_nginx rollback --checkpoints 9001
+diff -q <(echo "$original") $nginx_conf
+
 # note: not reached if anything above fails, hence "killall" at the
 # top
 nginx -c $nginx_root/nginx.conf -s stop
diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh
index ddbaa43ed..42a8cf499 100755
--- a/tests/boulder-integration.sh
+++ b/tests/boulder-integration.sh
@@ -88,6 +88,11 @@ if [ $(get_num_tmp_files) -ne $num_tmp_files ]; then
     exit 1
 fi
 
+common register
+common register --update-registration --email example@example.org
+
+common plugins --init --prepare | grep webroot
+
 # We start a server listening on the port for the
 # unrequested challenge to prevent regressions in #3601.
 python ./tests/run_http_server.py $http_01_port &
@@ -211,6 +216,28 @@ common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \
 
 common unregister
 
+out=$(common certificates)
+subdomains="le le2 dns.le newname.le must-staple.le"
+for subdomain in $subdomains; do
+    domain="$subdomain.wtf"
+    if ! echo $out | grep "$domain"; then
+        echo "$domain not in certificates output!"
+        exit 1;
+    fi
+done
+
+cert_name="must-staple.le.wtf"
+common delete --cert-name $cert_name
+archive="$root/conf/archive/$cert_name"
+conf="$root/conf/renewal/$cert_name.conf"
+live="$root/conf/live/$cert_name"
+for path in $archive $conf $live; do
+    if [ -e $path ]; then
+        echo "Lineage not properly deleted!"
+        exit 1
+    fi
+done
+
 # Most CI systems set this variable to true.
 # If the tests are running as part of CI, Nginx should be available.
 if ${CI:-false} || type nginx;