def test_901_003(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
# this command did not fail and logged itself the correct information
assert stat["renewal"]["last"]["status"] == 0
assert stat["renewal"]["log"]["entries"]
assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed"
# shut down server to make sure that md has completed
assert TestEnv.apache_stop() == 0
nlines = open(self.mlog).readlines()
assert 3 == len(nlines)
nlines = [s.strip() for s in nlines]
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines
assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_730_002(self):
# MD with static cert files, force driving
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDRenewMode always")
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
# check if the domain uses it, it appears in our stats and renewal is off
cert = TestEnv.get_cert(domain)
assert ('%X' % 730001) == cert.get_serial()
stat = TestEnv.get_md_status(domain)
assert stat
assert 'cert' in stat
assert stat['renew'] == True
assert TestEnv.await_renewal(domains)
def test_700_006(self):
# generate 1 MD, 1 vhost
domain = self.test_domain
nameA = "a." + domain
domains = [domain, nameA]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_ca_challenges(["invalid-01", "invalid-02"])
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
# await drive completion
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-mismatch'
assert 'account' not in md['ca']
#
# check: that request to domains give 503 Service Unavailable
cert = TestEnv.get_cert(nameA)
assert nameA in cert.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_720_007(self):
dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT)
domain = self.test_domain
dwild = "*." + domain
wwwdomain = "www." + domain
domains = [dwild]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(domains)
conf.add_vhost(wwwdomain)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
assert TestEnv.await_completion([wwwdomain])
TestEnv.check_md_complete(dwild)
# check: SSL is running OK
cert_a = TestEnv.get_cert(wwwdomain)
altnames = cert_a.get_san_list()
assert domains == altnames
def test_700_001(self):
# generate config with one MD
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.install()
#
# restart, check that MD is synched to store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
stat = TestEnv.get_md_status(domain)
assert stat["watched"] == 0
#
# add vhost for MD, restart should drive it
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
stat = TestEnv.get_md_status(domain)
assert stat["watched"] == 1
#
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
#
# challenges should have been removed
# file system needs to have correct permissions
TestEnv.check_dir_empty(TestEnv.store_challenges())
TestEnv.check_file_permissions(domain)
def test_740_001(self):
domain = self.test_domain
domains = [domain, "invalid1!." + domain, "invalid2!." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
if TestEnv.ACME_SERVER == 'pebble':
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:malformed'
assert md['renewal']['last']['detail'].startswith(
"Order included DNS identifier with a value containing an illegal character"
)
else:
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier'
assert md['renewal']['last']['detail'].startswith(
"Error creating new order :: Cannot issue for")
assert md['renewal']['last']['subproblems']
assert len(md['renewal']['last']['subproblems']) == 2
def test_901_004(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# force renew
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_line("MDRenewWindow 120d")
conf.add_line("MDActivationDelay -7d")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
time.sleep(3)
stat = TestEnv.get_md_status(domain)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=901010,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid'][
'until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid'][
'from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'serial']
assert 'sha256-fingerprint' in status['renewal']
if 0 == 1:
assert len(status['renewal']['scts']) == 2
assert status['renewal']['scts'][0][
'logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56'
assert status['renewal']['scts'][0][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
assert status['renewal']['scts'][1][
'logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478'
assert status['renewal']['scts'][1][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_602_000(self):
# test case: generate config with md -> restart -> drive -> generate config
# with vhost and ssl -> restart -> check HTTPS access
domain = self.test_domain
domains = [domain, "www." + domain]
# - generate config with one md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# - drive
assert TestEnv.a2md(["-v", "drive", domain])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
# - append vhost to config
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
# check: SSL is running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
# check file system permissions:
TestEnv.check_file_permissions(domain)
def test_730_003(self):
# just configuring one file will not work
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
def test_700_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
# generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 443 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_700_003(self):
# generate 1 MD and 2 vhosts
domain = self.test_domain
nameA = "a." + domain
nameB = "b." + domain
domains = [domain, nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.add_vhost(nameB, docRoot="htdocs/b")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain, nameA, nameB])
TestEnv.check_md_complete(domain)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_920_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDStapling on")
conf.add_line("MDPrivateKeys secp256r1 RSA")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# In the stats JSON, we excpect 2 certificates under 'renewal'
stat = TestEnv.get_md_status(domain)
assert 'renewal' in stat
assert 'cert' in stat['renewal']
assert 'rsa' in stat['renewal']['cert']
assert 'secp256r1' in stat['renewal']['cert']
# In /.httpd/certificate-status 'renewal' we excpect 2 certificates
status = TestEnv.get_certificate_status(domain)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'secp256r1' in status['renewal']['cert']
assert 'rsa' in status['renewal']['cert']
# restart and activate
# once activated, certs are listed in status
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert 'cert' in stat
assert 'valid' in stat['cert']
for ktype in ['rsa', 'secp256r1']:
assert ktype in stat['cert']
assert 'ocsp' in stat['cert'][ktype]
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 },
serial=901011, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_920_001(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# we started without a valid certificate, so we expect /.httpd/certificate-status
# to not give information about one and - since we waited for the ACME signup
# to complete - to give information in 'renewal' about the new cert.
status = TestEnv.get_certificate_status(domain)
assert not 'sha256-fingerprint' in status
assert not 'valid' in status
assert 'renewal' in status
assert 'valid' in status['renewal']['cert']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
# restart and activate
# once activated, the staging must be gone and attributes exist for the active cert
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert not 'renewal' in status
assert 'sha256-fingerprint' in status['rsa']
assert 'valid' in status['rsa']
assert 'from' in status['rsa']['valid']
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'cert']['rsa']['serial']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_702_040(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for all domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == domains
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_702_010(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % cert_file)
conf.add_line("MDCertificateKeyFile %s" % pkey_file)
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_700_005(self):
# generate 1 MD and 1 vhost
domain = self.test_domain
nameA = "a." + domain
domains = [domain, nameA]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
#
# check: that request to domains give 503 Service Unavailable
cert1 = TestEnv.get_cert(nameA)
assert nameA in cert1.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
#
# check temporary cert from server
cert2 = CertUtil(TestEnv.path_fallback_cert(domain))
assert cert1.get_serial() == cert2.get_serial(), \
"Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_700_002(self):
# generate config with two MDs
domain = self.test_domain
domainA = "a-" + domain
domainB = "b-" + domain
domainsA = [domainA, "www." + domainA]
domainsB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(domainsA)
conf.add_md(domainsB)
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
# await drive completion
assert TestEnv.await_completion([domainA, domainB])
TestEnv.check_md_complete(domainA)
TestEnv.check_md_complete(domainB)
#
# check: SSL is running OK
certA = TestEnv.get_cert(domainA)
assert domainsA == certA.get_san_list()
certB = TestEnv.get_cert(domainB)
assert domainsB == certB.get_san_list()
#
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
def configure_httpd(cls, domain, add_lines=""):
cls.domain = domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line(add_lines)
conf.add_md([domain])
conf.add_vhost(domain)
conf.install()
return domain
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
domains = [domain, "www." + domain]
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAuthority %s
MDCertificateAgreement accepted
MDMembers auto
""" % (ca_url))
conf.add_md([domain])
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.httpd_error_log_count()
TestEnv.check_md(domains, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAgreement accepted
MDMembers auto
""")
conf.start_md([domain])
conf.end_md()
conf.start_md2([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDRenewMode manual")
conf.end_md2()
conf.add_vhost(domains)
conf.add_vhost(domainb)
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md([domainb], ca=TestEnv.ACME_URL_DEFAULT)
def set_get_pkeys(self, domain, pkeys, conf=None):
domains = [domain]
if conf is None:
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDPrivateKeys {0}".format(" ".join(
[p['spec'] for p in pkeys])))
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_920_003(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_702_042(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("SSLCertificateChainFile %s" %
(self._path_conf_ssl("valid_cert.pem")))
conf.add_drive_mode("auto")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, dns_list)
conf.install()
assert TestEnv.apache_restart() == 0
def test_310_310(self, window):
# non-default renewal setting
domain = self.test_domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.start_md([domain])
conf.add_drive_mode("manual")
conf.add_renew_window(window)
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["renew-window"] == window
def test_901_001(self):
domain = self.test_domain
domains = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "blablabla" )
conf.add_drive_mode( "auto" )
conf.add_md( domains )
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], restart=False )
stat = TestEnv.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
def test_920_004(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
status = TestEnv.get_md_status("")
assert "version" in status
assert "managed-domains" in status
assert 1 == len(status["managed-domains"])
