From 4ca03aec8db9d83550c8b61c1b7e4dc41c8d7766 Mon Sep 17 00:00:00 2001
From: Giles Thomas <giles@giles.net>
Date: Tue, 5 Feb 2019 18:37:09 +0000
Subject: [PATCH 1/3] Don't verify existing certificate in
 HTTP01Response.simple_verify (certbot#6614)

---
 acme/acme/challenges.py      | 2 +-
 acme/acme/challenges_test.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py
index 501f74881..29b9bbb50 100644
--- a/acme/acme/challenges.py
+++ b/acme/acme/challenges.py
@@ -308,7 +308,7 @@ class HTTP01Response(KeyAuthorizationChallengeResponse):
         uri = chall.uri(domain)
         logger.debug("Verifying %s at %s...", chall.typ, uri)
         try:
-            http_response = requests.get(uri)
+            http_response = requests.get(uri, verify=False)
         except requests.exceptions.RequestException as error:
             logger.error("Unable to reach %s: %s", uri, error)
             return False
diff --git a/acme/acme/challenges_test.py b/acme/acme/challenges_test.py
index 81d39058e..be15e5b1a 100644
--- a/acme/acme/challenges_test.py
+++ b/acme/acme/challenges_test.py
@@ -186,7 +186,7 @@ class HTTP01ResponseTest(unittest.TestCase):
         mock_get.return_value = mock.MagicMock(text=validation)
         self.assertTrue(self.response.simple_verify(
             self.chall, "local", KEY.public_key()))
-        mock_get.assert_called_once_with(self.chall.uri("local"))
+        mock_get.assert_called_once_with(self.chall.uri("local"), verify=False)
 
     @mock.patch("acme.challenges.requests.get")
     def test_simple_verify_bad_validation(self, mock_get):
@@ -202,7 +202,7 @@ class HTTP01ResponseTest(unittest.TestCase):
                   HTTP01Response.WHITESPACE_CUTSET))
         self.assertTrue(self.response.simple_verify(
             self.chall, "local", KEY.public_key()))
-        mock_get.assert_called_once_with(self.chall.uri("local"))
+        mock_get.assert_called_once_with(self.chall.uri("local"), verify=False)
 
     @mock.patch("acme.challenges.requests.get")
     def test_simple_verify_connection_error(self, mock_get):

From b27e5804b9671e28f37a6da7e2f1f7fa9455d24a Mon Sep 17 00:00:00 2001
From: Giles Thomas <giles@giles.net>
Date: Tue, 5 Feb 2019 18:43:03 +0000
Subject: [PATCH 2/3] Added change description to CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cae93c5b7..ef91f1a8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
   when a certificate is issued.
 * Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges
   with the `acme` module.
+* Don't verify the existing certificate in HTTP01Response.simple_verify, for 
+  compatibility with the real-world ACME challenge checks.
 
 ### Changed
 

From c98183c9986c47984695d467fa5a9ccf5b937c37 Mon Sep 17 00:00:00 2001
From: Filip Lajszczak <filip.lajszczak@gmail.com>
Date: Thu, 6 Feb 2020 15:27:20 +0000
Subject: [PATCH 3/3] restore CHANGELOG in root directory

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 120000
index 000000000..ba7396f24
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1 @@
+certbot/CHANGELOG.md
\ No newline at end of file