def test_720_003(self): dns01cmd = ("%s/dns01.py fail" % TestEnv.TESTROOT) domain = self.test_domain domains = [ domain, "*." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_ca_challenges( [ "dns-01" ] ) conf.add_dns01_cmd( dns01cmd ) conf.add_md( domains ) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md( domains ) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
def test_702_041(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for none of the domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == []
def test_602_001(self): # test case: same as test_600_000, but with two parallel managed domains domain_a = "a-" + self.test_domain domain_b = "b-" + self.test_domain # - generate config with one md domains_a = [domain_a, "www." + domain_a] domains_b = [domain_b, "www." + domain_b] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("manual") conf.add_md(domains_a) conf.add_md(domains_b) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains_a) TestEnv.check_md(domains_b) # - drive assert TestEnv.a2md(["drive", domain_a])['rv'] == 0 assert TestEnv.a2md(["drive", domain_b])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain_a) TestEnv.check_md_complete(domain_b) # - append vhost to config conf.add_vhost(domains_a) conf.add_vhost(domains_b) conf.install() # check: SSL is running OK assert TestEnv.apache_restart() == 0 cert_a = TestEnv.get_cert(domain_a) assert domains_a == cert_a.get_san_list() cert_b = TestEnv.get_cert(domain_b) assert domains_b == cert_b.get_san_list()
def test_702_009(self): domain = self.test_domain domains = [domain] # # prepare md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(domains) conf.add_vhost(domain) conf.install() # # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert1.get_serial() # # create self-signed cert, with critical remaining valid duration -> drive again TestEnv.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 2 }, serial=7029) cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert cert3.get_serial() == '1B75' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert3.get_serial() # # cert should renew and be different afterwards assert TestEnv.await_completion([domain], must_renew=True) stat = TestEnv.get_certificate_status(domain) assert stat['serial'] != cert3.get_serial()
def test_901_011(self): # MD with static cert files, lifetime in warn window, check message domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 }, serial=901011, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() # check that we do not get it resend right away again assert TestEnv.apache_restart() == 0 time.sleep(1) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_900_012(self): md1 = "a-" + TestNotify.domain domains1 = [md1, "www." + md1] md2 = "b-" + TestNotify.domain domains2 = [md2, "www." + md2] command = TestNotify.notify_cmd args = TestNotify.notify_log conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_notify_cmd("%s %s" % (command, args)) conf.add_md(domains1) conf.add_md(domains2) conf.add_vhost(domains1) conf.add_vhost(domains2) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([md1, md2], restart=False) stat = TestEnv.get_md_status(md1) assert stat["renewal"]["last"]["status"] == 0 stat = TestEnv.get_md_status(md2) assert stat["renewal"]["last"]["status"] == 0 nlines = open(args).readlines() assert 2 == len(nlines)
def test_901_020(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_line("MDStapling on") conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.await_ocsp_status(domain) assert TestEnv.await_file(self.mlog) time.sleep(1) nlines = open(self.mlog).readlines() assert 4 == len(nlines) assert nlines[0].strip() == ("['%s', '%s', 'challenge-setup:http-01:%s', '%s']" % (self.mcmd, self.mlog, domain, domain)) assert nlines[1].strip() == ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) assert nlines[2].strip() == ("['%s', '%s', 'installed', '%s']" % (self.mcmd, self.mlog, domain)) assert nlines[3].strip() == ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain))
def test_901_010(self): # MD with static cert files, lifetime in renewal window, no message about renewal domain = self.test_domain domains = [ domain, 'www.%s' % domain ] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -70, "notAfter": 20 }, serial=901010, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert not os.path.isfile(self.mlog)
def test_702_004(self, challengeType): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges([challengeType]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_702_002(self): domain = self.test_domain domainA = "a-" + domain domainB = "b-" + domain # # generate config with two MDs domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(domainsA) conf.add_md(domainsB) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # # await drive completion, do not restart assert TestEnv.await_completion([domainA, domainB], restart=False) # staged certificates are now visible on the status resources status = TestEnv.get_md_status(domainA) assert 'renewal' in status assert 'cert' in status['renewal'] assert 'rsa' in status['renewal']['cert'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa'] # restart and activate assert TestEnv.apache_restart() == 0 # check: SSL is running OK certA = TestEnv.get_cert(domainA) assert domainsA == certA.get_san_list() certB = TestEnv.get_cert(domainB) assert domainsB == certB.get_san_list()
def test_720_002b(self): dns01cmd = ("%s/dns01-not-found.py" % TestEnv.TESTROOT) domain = self.test_domain domains = [domain, "xxx." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # check: SSL is running OK cert_a = TestEnv.get_cert(domain) altnames = cert_a.get_san_list() for domain in domains: assert domain in altnames
def test_901_020(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_line("MDStapling on") conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) stat = TestEnv.await_ocsp_status(domain) assert os.path.isfile(self.mlog) nlines = open(self.mlog).readlines() # since v2.1.10, the 'installed' message is second in log assert 3 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() assert ("['%s', '%s', 'installed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1].strip() assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[2].strip()
def test_500_202(self, keyType, keyParams, expKeyLength): # test case: specify RSA key length and verify resulting cert key # setup: prepare md domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_private_key(keyType, keyParams) conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # setup: drive it assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0, \ "Expected drive to succeed for MDPrivateKeys {} {}".format(keyType, keyParams) assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # check cert key length cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert cert.get_key_length() == expKeyLength
def test_901_003(self): domain = self.test_domain domains = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.add_drive_mode( "auto" ) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" # shut down server to make sure that md has completed assert TestEnv.apache_stop() == 0 nlines = open(self.mlog).readlines() assert 1+self.menv_lines == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() assert (re.match(r'MD_VERSION=(\d+\.\d+\.\d+)(-.+)?', nlines[1].strip())) assert ("MD_STORE=%s" % (TestEnv.STORE_DIR)) == nlines[2].strip()
def test_910_01(self): # generate a simple MD domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("manual") conf.add_md(domains) conf.add_vhost(domain) conf.install() # create valid/invalid challenges subdirs challenges_dir = TestEnv.store_challenges() dirs_before = ["aaa", "bbb", domain, "zzz"] for name in dirs_before: os.makedirs(os.path.join(challenges_dir, name)) assert TestEnv.apache_restart() == 0 # the one we use is still there assert os.path.isdir(os.path.join(challenges_dir, domain)) # and the others are gone missing_after = ["aaa", "bbb", "zzz"] for name in missing_after: assert not os.path.exists(os.path.join(challenges_dir, name))
def test_600_001(self): # test case: same as test_600_000, but with two parallel managed domains domainA = "a-" + self.test_domain domainB = "b-" + self.test_domain domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("manual") conf.add_md(domainsA) conf.add_md(domainsB) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # - drive assert TestEnv.a2md(["drive", domainA])['rv'] == 0 assert TestEnv.a2md(["drive", domainB])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domainA) TestEnv.check_md_complete(domainB) # - append vhost to config conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = TestEnv.get_cert(domainA) assert domainsA == certA.get_san_list() certB = TestEnv.get_cert(domainB) assert domainsB == certB.get_san_list()
def test_740_000(self): domain = self.test_domain domains = [domain, "invalid!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 if TestEnv.ACME_SERVER == 'pebble': assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:malformed' assert md['renewal']['last'][ 'detail'] == "Order included DNS identifier with a value containing an illegal character: '!'" else: assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' assert md['renewal']['last']['detail'] == ( "Error creating new order :: Cannot issue for " "\"%s\": Domain name contains an invalid character" % domains[1])
def test_901_030(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # set the warn window that triggers right away and a failing message command conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmdfail, self.mlog)) conf.add_md(domains) conf.add_line(""" MDWarnWindow 100d """) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.get_md_status(domain) # this command should have failed and logged an error # shut down server to make sure that md has completed assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json')) while True: with open(TestEnv.store_staged_file(domain, 'job.json')) as f: job = json.load(f) if job["errors"] > 0: assert job["errors"] > 0, "unexpected job result: {0}".format(job) assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:" break time.sleep(0.1) # reconfigure to a working notification command and restart conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_md(domains) conf.add_line(""" MDWarnWindow 100d """) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_file(self.mlog) # we see the notification logged by the command nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() # the error needs to be gone assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json')) with open(TestEnv.store_staged_file(domain, 'job.json')) as f: job = json.load(f) assert job["errors"] == 0
def test_710_001(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = TestEnv.get_cert(domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, gets cert, should still be the same cert as it remains valid assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert status['serial'] == cert1.get_serial() # change the MD so that we need a new cert domains = [domain, "www." + domain, "another." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # should no longer the same cert status = TestEnv.get_certificate_status(domain) assert status['serial'] != cert1.get_serial() TestEnv.check_md_complete(domain) # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_500_110(self): # test case: SSL-only domain, override headers generated by mod_md # setup: prepare config domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_require_ssl("permanent") conf.add_md([name]) conf.add_vhost(name, port=TestEnv.HTTP_PORT) conf.add_vhost(name) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # test override HSTS header conf._add_line( ' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"' ) conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers'][ 'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload' # test override Location header conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: default redirect by mod_md still works expLocation = "https://%s/name.txt" % name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 assert r['http_headers']['Location'] == expLocation # check: redirect as given by mod_alias expLocation = "https://%s/a" % name r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r[ 'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md assert r['http_headers']['Location'] == expLocation
def test_500_109(self): # test case: redirect on SSL-only domain # setup: prepare config domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf.add_vhost(name, port=TestEnv.HTTP_PORT, docRoot="htdocs/test") conf.add_vhost(name, docRoot="htdocs/test") conf.install() # setup: create resource files self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"), "name.txt", name) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR), "name.txt", "not-forbidden.org") assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # test HTTP access - no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert int(r['http_headers']['Content-Length']) == len(name) assert "Location" not in r['http_headers'] # test HTTPS access assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name # test HTTP access again -> redirect to default HTTPS port conf.add_require_ssl("temporary") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 302 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation # should not see this assert not 'Strict-Transport-Security' in r['http_headers'] # test default HTTP vhost -> still no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) # also not for this assert not 'Strict-Transport-Security' in r['http_headers'] # test HTTP access again -> redirect permanent conf.add_require_ssl("permanent") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation assert not 'Strict-Transport-Security' in r['http_headers'] # should see this r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers'][ 'Strict-Transport-Security'] == 'max-age=15768000'
def test_710_002(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_line("MDMembers auto") conf.add_md([domainA]) conf.add_md([domainB]) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # await drive completion assert TestEnv.await_completion([domainA, domainB]) TestEnv.check_md_complete(domainsA[0]) TestEnv.check_md_complete(domainsB[0]) cert1 = TestEnv.get_cert(domainA) # should have a single account now assert 1 == len(TestEnv.list_accounts()) # use ACMEv2 now for everything TestEnv.set_acme('acmev2') # change the MDs so that we need a new cert domainsA = [domainA, "www." + domainA, "another." + domainA] domainsB = [domainB, "www." + domainB, "another." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_line("MDMembers auto") conf.add_md([domainA]) conf.add_md([domainB]) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # restart, gets cert assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domainA, domainB]) TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) TestEnv.check_md_complete(domainsA[0]) cert2 = TestEnv.get_cert(domainA) # should no longer the same cert assert cert1.get_serial() != cert2.get_serial() # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())