def test_730_003(self):
# just configuring one file will not work
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -80,
"notAfter": 10
},
serial=730001,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
def test_730_001(self):
# MD with static cert files, will not be driven
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -80,
"notAfter": 10
},
serial=730001,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
# check if the domain uses it, it appears in our stats and renewal is off
cert = TestEnv.get_cert(domain)
assert ('%X' % 730001) == cert.get_serial()
stat = TestEnv.get_md_status(domain)
assert stat
assert 'cert' in stat
assert stat['renew'] == True
assert not 'renewal' in stat
def test_702_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap https:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap https:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_702_041(self):
domain = "test702-041-" + TestAuto.dns_uniq
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_error([domain]) == True
md = self._get_md(domain)
assert False == md["proto"]["acme-tls/1"]
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=901010,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_500_203(self):
# test case: reproduce issue with initially wrong agreement URL
domain = self.test_domain
name = "www." + domain
# setup: prepare md with invalid TOS url
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDCertificateAgreement %s" % (TestEnv.ACME_TOS2))
conf.add_drive_mode("manual")
conf.add_md([name])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# drive it -> fail after account registration
assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 1
# adjust config: replace TOS url with correct one
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf.install()
time.sleep(1)
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# drive it -> runs OK
assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def configure_httpd(cls, domain, add_lines=""):
cls.domain = domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line(add_lines)
conf.add_md([domain])
conf.add_vhost(domain)
conf.install()
return domain
def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_702_051(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_error(domain)
def test_920_003(self):
# test if switching it off works
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_702_052(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
Protocols h2 http/1.1 acme-tls/1
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == [domain]
assert TestEnv.await_completion([domain])
def configure_httpd(cls, domains=[], add_lines="", ssl_stapling=False):
if not isinstance(domains, list):
domains = [domains] if domains else []
conf = HttpdConf()
conf.add_admin("admin@" + cls.domain)
if ssl_stapling:
conf.add_line("""
LogLevel ssl:trace2
SSLUseStapling On
SSLStaplingCache \"shmcb:logs/ssl_stapling(32768)\"
""")
conf.add_line(add_lines)
for domain in domains:
conf.add_md([domain])
conf.add_vhost(domain)
return conf
def test_901_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
stat = TestEnv.await_ocsp_status(domain)
assert os.path.isfile(self.mlog)
nlines = open(self.mlog).readlines()
assert 2 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[1].strip()
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_702_040(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for all domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == domains
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_702_040(self):
domain = "test702-040-" + TestAuto.dns_uniq
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_702_041(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for none of the domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == []
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
dns_list = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_line( "Protocols http/1.1 acme-tls/1" )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ])
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
TestEnv.check_md_complete(domain)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_702_041(self):
domain = self.test_domain
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
md = self._get_md(domain)
assert False == md["proto"]["acme-tls/1"]
assert not TestEnv.is_renewing(domain)
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -85,
"notAfter": 5
},
serial=901011,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_702_042(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("SSLCertificateChainFile %s" %
(self._path_conf_ssl("valid_cert.pem")))
conf.add_drive_mode("auto")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, dns_list)
conf.install()
assert TestEnv.apache_restart() == 0
def test_710_002(self):
domain = "test710-002-" + TestAuto.dns_uniq
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [ domainA, "www." + domainA ]
dnsListB = [ domainB, "www." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
# await drive completion
assert TestEnv.await_completion( [ domainA, domainB ] )
self._check_md_cert(dnsListA)
self._check_md_cert(dnsListB)
self._check_md_cert( dnsListA )
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
dnsListA = [ domainA, "www." + domainA, "another." + domainA ]
dnsListB = [ domainB, "www." + domainB, "another." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domainA, domainB ] )
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
self._check_md_cert( dnsListA )
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
dnsList = [domain, "www." + domain]
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.add_line("MDCertificateAuthority %s" % (ca_url))
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dnsList)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.apache_err_count()
TestEnv.check_md(domain, dnsList, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.end_md()
conf.start_md([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDDriveMode manual")
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.add_vhost(TestEnv.HTTPS_PORT, domainb, aliasList=[])
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.apache_err_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domain, dnsList, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md(domainb, [domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_710_002(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
domainsA = [ domainA, "www." + domainA ]
domainsB = [ domainB, "www." + domainB ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domainsA )
TestEnv.check_md( domainsB )
# await drive completion
assert TestEnv.await_completion( [ domainA, domainB ] )
TestEnv.check_md_complete(domainsA[0])
TestEnv.check_md_complete(domainsB[0])
cert1 = TestEnv.get_cert(domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
domainsA = [ domainA, "www." + domainA, "another." + domainA ]
domainsB = [ domainB, "www." + domainB, "another." + domainB ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domainA, domainB ] )
TestEnv.check_md( domainsA )
TestEnv.check_md( domainsB )
TestEnv.check_md_complete(domainsA[0])
cert2 = TestEnv.get_cert(domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
