def test_702_031(self):
domain = self.test_domain
nameX = "test-x." + domain
nameA = "test-a." + domain
nameB = "test-b." + domain
nameC = "test-c." + domain
domains = [nameX, nameA, nameB]
#
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([nameX])
TestEnv.check_md_complete(nameX)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
# change MD by removing 1st name and adding another
new_list = [nameA, nameB, nameC]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
# restart, check that host still works and have new cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md(new_list, md=nameX)
assert TestEnv.await_completion([nameA])
#
certA2 = TestEnv.get_cert(nameA)
assert nameA in certA2.get_san_list()
assert certA.get_serial() != certA2.get_serial()
def test_700_009(self):
domain = "test700-009-" + TestAuto.dns_uniq
dns_list = [domain]
# prepare md
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
# fetch cert from server
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert1.get_serial() == cert2.get_serial()
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 2
},
serial=7009)
cert3 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert3.get_serial() == 7009
time.sleep(1)
assert TestEnv.a2md(["list",
domain])['jout']['output'][0]['renew'] == True
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
time.sleep(5)
# restart -> new ACME cert becomes active
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert5.get_serial() != cert3.get_serial()
def setup_class(cls):
print("setup_class:%s" % cls.__name__)
TestEnv.init()
TestEnv.clear_store()
TestEnv.check_acme()
cls.domain = TestEnv.get_class_domain(cls)
cls.configure_httpd(cls.domain)
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([cls.domain])
def test_700_032(self):
domain = self.test_domain
name1 = "server1." + domain
name2 = "server2.b" + domain # need a separate TLD to avoid rate limites
# generate 2 MDs and 2 vhosts
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf._add_line( "MDMembers auto" )
conf.add_md( [ name1 ] )
conf.add_md( [ name2 ] )
conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[], docRoot="htdocs/a")
conf.add_vhost( TestEnv.HTTPS_PORT, name2, aliasList=[], docRoot="htdocs/b")
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md( name1, [ name1 ] )
TestEnv.check_md( name2, [ name2 ] )
assert TestEnv.await_completion( [ name1, name2 ] )
TestEnv.check_md_complete(name2)
# check: SSL is running OK
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1)
assert name1 in cert1.get_san_list()
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name2)
assert name2 in cert2.get_san_list()
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf._add_line( "MDMembers auto" )
conf.add_md( [ name1 ] )
conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[ name2 ], docRoot="htdocs/a")
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md( name1, [ name1, name2 ] )
assert TestEnv.await_completion( [ name1 ] )
cert1b = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_702_032(self):
domain = self.test_domain
name1 = "server1." + domain
name2 = "server2.b" + domain # need a separate TLD to avoid rate limites
#
# generate 2 MDs and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_md([name2])
conf.add_vhost(name1)
conf.add_vhost(name2)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1])
TestEnv.check_md([name2])
assert TestEnv.await_completion([name1, name2])
TestEnv.check_md_complete(name2)
#
# check: SSL is running OK
cert1 = TestEnv.get_cert(name1)
assert name1 in cert1.get_san_list()
cert2 = TestEnv.get_cert(name2)
assert name2 in cert2.get_san_list()
#
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_vhost([name1, name2])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1, name2])
assert TestEnv.await_completion([name1])
#
cert1b = TestEnv.get_cert(name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_702_030(self):
domain = self.test_domain
nameX = "test-x." + domain
nameA = "test-a." + domain
nameB = "test-b." + domain
dns_list = [nameX, nameA, nameB]
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a")
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b")
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(nameX, dns_list)
assert TestEnv.await_completion([nameX])
TestEnv.check_md_complete(nameX)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
# change MD by removing 1st name
new_list = [nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a")
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b")
conf.install()
# restart, check that host still works and kept the cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md(nameX, new_list)
status = TestEnv.get_certificate_status(nameA)
assert status['serial'] == certA.get_serial()
def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
dnsList = [domain, "www." + domain]
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.add_line("MDCertificateAuthority %s" % (ca_url))
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dnsList)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.apache_err_count()
TestEnv.check_md(domain, dnsList, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf()
conf.clear()
conf.add_admin("*****@*****.**")
conf.add_line("MDCertificateAgreement accepted")
conf.add_line("MDMembers auto")
conf.start_md([domain])
conf.end_md()
conf.start_md([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDDriveMode manual")
conf.end_md()
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:])
conf.add_vhost(TestEnv.HTTPS_PORT, domainb, aliasList=[])
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.apache_err_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domain, dnsList, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md(domainb, [domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_900_002(self):
domain = TestNotify.domain
command = "%s/notifail.py" % (TestEnv.TESTROOT)
args = ""
TestNotify.configure_httpd(
domain, """
MDNotifyCmd %s %s
""" % (command, args))
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
assert stat["renewal"]["last"][
"problem"] == "urn:org:apache:httpd:log:AH10108:"
def setup_class(cls):
print("setup_class:%s" % cls.__name__)
TestEnv.init()
TestEnv.clear_store()
TestEnv.check_acme()
cls.domain = TestEnv.get_class_domain(cls)
cls.mdA = "a-" + cls.domain
cls.mdB = "b-" + cls.domain
cls.configure_httpd([cls.mdA, cls.mdB]).install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([cls.mdA, cls.mdB])
TestEnv.check_md_complete(cls.mdA)
TestEnv.check_md_complete(cls.mdB)
def test_702_009(self):
domain = self.test_domain
domains = [domain]
#
# prepare md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
#
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
# compare with what md reports as status
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert1.get_serial()
#
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 2
},
serial=7029)
cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert cert3.get_serial() == '1B75'
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert3.get_serial()
#
# cert should renew and be different afterwards
assert TestEnv.await_completion([domain], must_renew=True)
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] != cert3.get_serial()
def test_920_003(self):
# test if switching it off works
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_700_003(self):
domain = "test700-003-" + TestAuto.dns_uniq
nameA = "test-a." + domain
nameB = "test-b." + domain
dns_list = [domain, nameA, nameB]
# generate 1 MD and 2 vhosts
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_008a(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("always")
conf.add_http_proxy("http://localhost:%s" % TestEnv.HTTP_PROXY_PORT)
conf.add_md(domains)
conf.install()
#
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
def test_700_008a(self):
domain = "test700-008a-" + TestAuto.dns_uniq
dns_list = [ domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "always" )
conf.add_http_proxy( "http://localhost:%s" % TestEnv.HTTP_PROXY_PORT)
conf.add_md( dns_list )
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ] )
assert TestEnv.apache_restart() == 0
self._check_md_cert( dns_list )
def test_900_011(self):
domain = TestNotify.domain
command = TestNotify.notify_cmd
args = TestNotify.notify_log
extra_arg = "test_900_011_extra"
TestNotify.configure_httpd(
domain, """
MDNotifyCmd %s %s %s
""" % (command, args, extra_arg))
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
assert stat["renewal"]["last"]["status"] == 0
nlines = open(TestNotify.notify_log).readlines()
assert ("['%s', '%s', '%s', '%s']" %
(command, args, extra_arg, domain)) == nlines[0].strip()
def test_702_052(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
Protocols h2 http/1.1 acme-tls/1
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == [domain]
assert TestEnv.await_completion([domain])
def test_901_001(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("blablabla")
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"][
"problem"] == "urn:org:apache:httpd:log:AH10109:"
def test_8001(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert not cert1.get_must_staple()
def test_8001(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[])
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert not cert1.get_must_staple()
def test_7007(self):
domain = self.test_domain
dns_list = [ domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "always" )
conf.add_must_staple( "on" )
conf.add_md( dns_list )
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], 30 )
assert TestEnv.apache_restart() == 0
self._check_md_cert( dns_list )
cert1 = CertUtil( TestEnv.path_domain_pubcert(domain) )
assert cert1.get_must_staple()
def test_9001(self):
domain = ("%s-" % self.test_n) + TestAuto.dns_uniq
# generate config with two MDs
dnsList = [ domain, "www." + domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_notify_cmd( "blablabla" )
conf.add_drive_mode( "auto" )
conf.add_md( dnsList )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dnsList[1] ], withSSL=True )
conf.install()
# restart, and retrieve cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ] )
# this command should have failed and logged an error
assert (1, 0) == TestEnv.apache_err_total()
def test_700_002(self):
domain = "test700-002-" + TestAuto.dns_uniq
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [domainA, "www." + domainA]
dnsListB = [domainB, "www." + domainB]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(dnsListA)
conf.add_md(dnsListB)
conf.add_vhost(TestEnv.HTTPS_PORT,
domainA,
aliasList=[dnsListA[1]],
withSSL=True)
conf.add_vhost(TestEnv.HTTPS_PORT,
domainB,
aliasList=[dnsListB[1]],
withSSL=True)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domainA, dnsListA)
self._check_md_names(domainB, dnsListB)
# await drive completion
assert TestEnv.await_completion([domainA, domainB])
self._check_md_cert(dnsListA)
self._check_md_cert(dnsListB)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainA)
assert dnsListA == certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainB)
assert dnsListB == certB.get_san_list()
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
def test_700_001(self):
domain = "test700-001-" + TestAuto.dns_uniq
# generate config with one MD
dns_list = [domain, "www." + domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_md(dns_list)
conf.install()
# restart, check that MD is synched to store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
time.sleep(2)
# assert drive did not start
md = TestEnv.a2md(["-j", "list", domain])['jout']['output'][0]
assert md['state'] == TestEnv.MD_S_INCOMPLETE
assert 'account' not in md['ca']
assert TestEnv.apache_err_scan(
re.compile('.*\[md:debug\].*no mds to auto drive'))
# add vhost for MD, restart should drive it
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
# challenges should have been removed
TestEnv.check_dir_empty(TestEnv.path_challenges())
# file system needs to have correct permissions
TestEnv.check_file_permissions(domain)
def test_700_030(self):
domain = self.test_domain
nameX = "x." + domain
nameA = "a." + domain
nameB = "b." + domain
domains = [nameX, nameA, nameB]
#
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([nameX])
TestEnv.check_md_complete(nameX)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
# change MD by removing 1st name
new_list = [nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md(new_list, md=nameX)
status = TestEnv.get_certificate_status(nameA)
assert status['serial'] == certA.get_serial()
def test_7020(self):
domain = ("%s-" % self.test_n) + TestAuto.dns_uniq
# generate config with two MDs
dnsList = [ domain, "www." + domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf._add_line( "MDNotifyCmd blablabla" )
conf.add_drive_mode( "auto" )
conf.add_md( dnsList )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dnsList[1] ], withSSL=True )
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names( domain, dnsList )
# await drive completion
assert TestEnv.await_completion( [ domain ], 30 )
self._check_md_cert(dnsList)
# this command should have failed and logged an error
assert (1, 0) == TestEnv.apache_err_total()
def test_901_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
stat = TestEnv.await_ocsp_status(domain)
assert os.path.isfile(self.mlog)
nlines = open(self.mlog).readlines()
assert 2 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[1].strip()
def test_700_004(self, challengeType):
domain = "test700-004-" + TestAuto.dns_uniq
dns_list = [ domain, "www." + domain ]
# generate 1 MD and 1 vhost
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True )
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
self._check_md_cert(dns_list)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
dns_list = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_line( "Protocols http/1.1 acme-tls/1" )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ])
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
TestEnv.check_md_complete(domain)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
