def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
dnsList = [domain, "www." + domain]
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.add_line("MDCertificateAuthority %s" % (ca_url))
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dnsList)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.apache_err_count()
TestEnv.check_md(domain, dnsList, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.end_md()
conf.start_md([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDDriveMode manual")
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.add_vhost(TestEnv.HTTPS_PORT, domainb, aliasList=[])
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.apache_err_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domain, dnsList, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md(domainb, [domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_710_001(self):
domain = "test710-001-" + TestAuto.dns_uniq
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
dns_list = [ domain, "www." + domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domain ] )
self._check_md_cert( dns_list )
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True)
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domain ] )
self._check_md_cert( dns_list )
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
# should still be the same cert as it remains valid
assert cert1.get_serial() == cert2.get_serial()
# change the MD so that we need a new cert
dns_list = [ domain, "www." + domain, "another." + domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domain ] )
self._check_md_cert( dns_list )
cert3 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
# should no longer the same cert
assert cert1.get_serial() != cert3.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_710_001(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
dns_list = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
# restart, gets cert, should still be the same cert as it remains valid
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert status['serial'] == cert1.get_serial()
# change the MD so that we need a new cert
dns_list = [domain, "www." + domain, "another." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# should no longer the same cert
status = TestEnv.get_certificate_status(domain)
assert status['serial'] != cert1.get_serial()
TestEnv.check_md_complete(domain)
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_710_002(self):
domain = "test710-002-" + TestAuto.dns_uniq
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [ domainA, "www." + domainA ]
dnsListB = [ domainB, "www." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
# await drive completion
assert TestEnv.await_completion( [ domainA, domainB ] )
self._check_md_cert(dnsListA)
self._check_md_cert(dnsListB)
self._check_md_cert( dnsListA )
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
dnsListA = [ domainA, "www." + domainA, "another." + domainA ]
dnsListB = [ domainB, "www." + domainB, "another." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domainA, domainB ] )
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
self._check_md_cert( dnsListA )
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_710_002(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
domainsA = [ domainA, "www." + domainA ]
domainsB = [ domainB, "www." + domainB ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domainsA )
TestEnv.check_md( domainsB )
# await drive completion
assert TestEnv.await_completion( [ domainA, domainB ] )
TestEnv.check_md_complete(domainsA[0])
TestEnv.check_md_complete(domainsB[0])
cert1 = TestEnv.get_cert(domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
domainsA = [ domainA, "www." + domainA, "another." + domainA ]
domainsB = [ domainB, "www." + domainB, "another." + domainB ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domainA, domainB ] )
TestEnv.check_md( domainsA )
TestEnv.check_md( domainsB )
TestEnv.check_md_complete(domainsA[0])
cert2 = TestEnv.get_cert(domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
