def test_702_040(self):
domain = "test702-040-" + TestAuto.dns_uniq
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_720_005(self):
dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT)
domain = self.test_domain
domain2 = "www.x" + domain
dnsList = [domain, "*." + domain, domain2]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(dnsList)
conf.add_vhost(TestEnv.HTTPS_PORT, domain2, aliasList=[])
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]])
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dnsList)
# await drive completion
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
altnames = certA.get_san_list()
for domain in dnsList:
assert domain in altnames
def test_702_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap https:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap https:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_702_040(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for all domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == domains
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_700_011(self):
domain = "test700-011-" + TestAuto.dns_uniq
dns_list = [ domain, "www." + domain ]
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ "tls-sni-01" ] )
conf._add_line("MDPortMap 443:99")
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True )
conf.install()
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_error( [ domain ] )
# now the same with a 80 mapped to a supported port
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ "tls-sni-01" ] )
conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT)
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True )
conf.install()
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
def test_702_006(self):
domain = self.test_domain
nameA = "test-a." + domain
domains = [domain, nameA]
#
# generate 1 MD, 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_ca_challenges(["invalid-01", "invalid-02"])
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-mismatch'
assert 'account' not in md['ca']
#
# check: that request to domains give 503 Service Unavailable
cert = TestEnv.get_cert(nameA)
assert nameA in cert.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_004(self, challengeType):
domain = "test700-004-" + TestAuto.dns_uniq
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_700_006(self):
domain = "test700-006-" + TestAuto.dns_uniq
nameA = "test-a." + domain
dns_list = [ domain, nameA ]
# generate 1 MD, 1 vhost
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_ca_challenges([ "invalid-01", "invalid-02" ])
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA)
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
time.sleep( 2 )
# assert drive did not start
md = TestEnv.a2md([ "-j", "list", domain ])['jout']['output'][0]
assert md['state'] == TestEnv.MD_S_INCOMPLETE
assert 'account' not in md['ca']
assert TestEnv.apache_err_scan( re.compile('.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD') )
# check: that request to domains give 503 Service Unavailable
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in cert.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_720_006(self):
dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT)
domain = self.test_domain
dwild = "*." + domain
domain2 = "www." + domain
domains = [domain, dwild, domain2]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(domains)
conf.add_vhost(domain2)
conf.add_vhost([domain, dwild])
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
# check: SSL is running OK
certA = TestEnv.get_cert(domain)
altnames = certA.get_san_list()
for domain in [domain, dwild]:
assert domain in altnames
def test_702_041(self):
domain = "test702-041-" + TestAuto.dns_uniq
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_error([domain]) == True
md = self._get_md(domain)
assert False == md["proto"]["acme-tls/1"]
def test_702_010(self):
domain = self.test_domain
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:99")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert not TestEnv.is_renewing(domain)
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert TestEnv.await_completion([domain])
def test_720_006(self):
dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT)
domain = "test720-006-" + TestAuto.dns_uniq
dwild = "*." + domain
domain2 = "www." + domain
dnsList = [domain, dwild, domain2]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(dnsList)
conf.add_vhost(TestEnv.HTTPS_PORT, domain2, aliasList=[], withSSL=True)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dwild],
withSSL=True)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dnsList)
# await drive completion
assert TestEnv.await_completion([domain])
self._check_md_cert(dnsList)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
altnames = certA.get_san_list()
for domain in [domain, dwild]:
assert domain in altnames
def test_702_041(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for none of the domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == []
def test_702_041(self):
domain = self.test_domain
dns_list = [domain, "www." + domain]
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
md = self._get_md(domain)
assert False == md["proto"]["acme-tls/1"]
assert not TestEnv.is_renewing(domain)
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_720_003(self):
dns01cmd = ("%s/dns01.py fail" % TestEnv.TESTROOT)
domain = "test720-003-" + TestAuto.dns_uniq
dnsList = [domain, "*." + domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(dnsList)
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dnsList[1]],
withSSL=True)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dnsList)
# await drive completion
assert TestEnv.await_error([domain])
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
dns_list = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_line( "Protocols http/1.1 acme-tls/1" )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ])
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
TestEnv.check_md_complete(domain)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_720_002(self):
dns01cmd = ("%s/dns01-not-found.py" % TestEnv.TESTROOT)
domain = self.test_domain
domains = [domain, "*." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
