def test_710_003(self): domain = "a-" + self.test_domain domainb = "b-" + self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') ca_url = TestEnv.ACME_URL dnsList = [domain, "www." + domain] conf = HttpdConf() conf.clear() conf.add_admin("*****@*****.**") conf.add_line("MDCertificateAgreement accepted") conf.add_line("MDMembers auto") conf.start_md([domain]) conf.add_line("MDCertificateAuthority %s" % (ca_url)) conf.end_md() conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:]) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dnsList) assert TestEnv.await_completion([domain]) assert (0, 0) == TestEnv.apache_err_count() TestEnv.check_md(domain, dnsList, ca=ca_url) # use ACMEv2 now, same MD, no CA url TestEnv.set_acme('acmev2') # this changes the default CA url assert TestEnv.ACME_URL_DEFAULT != ca_url conf = HttpdConf() conf.clear() conf.add_admin("*****@*****.**") conf.add_line("MDCertificateAgreement accepted") conf.add_line("MDMembers auto") conf.start_md([domain]) conf.end_md() conf.start_md([domainb]) # this willg get the reald Let's Encrypt URL assigned, turn off # auto renewal, so we will not talk to them conf.add_line("MDDriveMode manual") conf.end_md() conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=dnsList[1:]) conf.add_vhost(TestEnv.HTTPS_PORT, domainb, aliasList=[]) conf.install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.apache_err_count() # the existing MD was migrated to new CA url TestEnv.check_md(domain, dnsList, ca=TestEnv.ACME_URL_DEFAULT) # the new MD got the new default anyway TestEnv.check_md(domainb, [domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_710_001(self): domain = "test710-001-" + TestAuto.dns_uniq # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert dns_list = [ domain, "www." + domain ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domain ] ) self._check_md_cert( dns_list ) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True) conf.install() # restart, gets cert assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domain ] ) self._check_md_cert( dns_list ) cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) # should still be the same cert as it remains valid assert cert1.get_serial() == cert2.get_serial() # change the MD so that we need a new cert dns_list = [ domain, "www." + domain, "another." + domain ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domain ] ) self._check_md_cert( dns_list ) cert3 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) # should no longer the same cert assert cert1.get_serial() != cert3.get_serial() # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_710_001(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert dns_list = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() # restart, gets cert, should still be the same cert as it remains valid assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert status['serial'] == cert1.get_serial() # change the MD so that we need a new cert dns_list = [domain, "www." + domain, "another." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # should no longer the same cert status = TestEnv.get_certificate_status(domain) assert status['serial'] != cert1.get_serial() TestEnv.check_md_complete(domain) # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_710_002(self): domain = "test710-002-" + TestAuto.dns_uniq # use ACMEv1 initially TestEnv.set_acme('acmev1') domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs dnsListA = [ domainA, "www." + domainA ] dnsListB = [ domainB, "www." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True ) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) # await drive completion assert TestEnv.await_completion( [ domainA, domainB ] ) self._check_md_cert(dnsListA) self._check_md_cert(dnsListB) self._check_md_cert( dnsListA ) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) # should have a single account now assert 1 == len(TestEnv.list_accounts()) # use ACMEv2 now for everything TestEnv.set_acme('acmev2') # change the MDs so that we need a new cert dnsListA = [ domainA, "www." + domainA, "another." + domainA ] dnsListB = [ domainB, "www." + domainB, "another." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True ) conf.install() # restart, gets cert assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domainA, domainB ] ) self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) self._check_md_cert( dnsListA ) cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) # should no longer the same cert assert cert1.get_serial() != cert2.get_serial() # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_710_002(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs domainsA = [ domainA, "www." + domainA ] domainsB = [ domainB, "www." + domainB ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md( domainsA ) TestEnv.check_md( domainsB ) # await drive completion assert TestEnv.await_completion( [ domainA, domainB ] ) TestEnv.check_md_complete(domainsA[0]) TestEnv.check_md_complete(domainsB[0]) cert1 = TestEnv.get_cert(domainA) # should have a single account now assert 1 == len(TestEnv.list_accounts()) # use ACMEv2 now for everything TestEnv.set_acme('acmev2') # change the MDs so that we need a new cert domainsA = [ domainA, "www." + domainA, "another." + domainA ] domainsB = [ domainB, "www." + domainB, "another." + domainB ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # restart, gets cert assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domainA, domainB ] ) TestEnv.check_md( domainsA ) TestEnv.check_md( domainsB ) TestEnv.check_md_complete(domainsA[0]) cert2 = TestEnv.get_cert(domainA) # should no longer the same cert assert cert1.get_serial() != cert2.get_serial() # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())