def test_7009(self): domain = self.test_domain dns_list = [ domain ] # prepare md conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_renew_window( "10d" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True ) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], 30 ) self._check_md_cert( dns_list ) cert1 = CertUtil( TestEnv.path_domain_pubcert(domain) ) # fetch cert from server cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert1.get_serial() == cert2.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 9 }) cert3 = CertUtil( TestEnv.path_domain_pubcert(domain) ) assert cert3.get_serial() == 1000 time.sleep(1) assert TestEnv.a2md([ "list", domain])['jout']['output'][0]['renew'] == True assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], 30 ) # fetch cert from server -> self-signed still active, activation of new ACME is delayed cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert4.get_serial() == cert3.get_serial() time.sleep( 1 ) # restart -> new ACME cert becomes active assert TestEnv.apache_stop() == 0 assert TestEnv.apache_start() == 0 time.sleep( 1 ) cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert5.get_serial() != cert3.get_serial()
def test_700_030(self): domain = self.test_domain nameX = "x." + domain nameA = "a." + domain nameB = "b." + domain dns_list = [ nameX, nameA, nameB ] # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md( nameX, dns_list ) assert TestEnv.await_completion( [ nameX ] ) TestEnv.check_md_complete(nameX) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # change MD by removing 1st name new_list = [ nameA, nameB ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_md( new_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 TestEnv.check_md( nameX, new_list ) status = TestEnv.get_certificate_status( nameA ) assert status['serial'] == certA.get_serial()
def test_602_002(self): # test case: one md, that covers two vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain dnsList = [ domain, nameA, nameB ] # - generate config with one md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dnsList) # - drive assert TestEnv.a2md( [ "drive", domain ] )['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_702_002(self): domain = "test702-002-" + TestAuto.dns_uniq domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs dnsListA = [domainA, "www." + domainA] dnsListB = [domainB, "www." + domainB] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(dnsListA) conf.add_md(dnsListB) conf.add_vhost(TestEnv.HTTPS_PORT, domainA, aliasList=[dnsListA[1]], withSSL=True) conf.add_vhost(TestEnv.HTTPS_PORT, domainB, aliasList=[dnsListB[1]], withSSL=True) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domainA, dnsListA) self._check_md_names(domainB, dnsListB) # await drive completion assert TestEnv.await_completion([domainA, domainB]) self._check_md_cert(dnsListA) self._check_md_cert(dnsListB) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) assert dnsListA == certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainB) assert dnsListB == certB.get_san_list()
def test_600_001(self): # test case: same as test_600_000, but with two parallel managed domains domainA = "a-" + self.test_domain domainB = "b-" + self.test_domain dnsListA = [domainA, "www." + domainA] dnsListB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("manual") conf.add_md(dnsListA) conf.add_md(dnsListB) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainA, dnsListA) TestEnv.check_md(domainB, dnsListB) # - drive assert TestEnv.a2md(["drive", domainA])['rv'] == 0 assert TestEnv.a2md(["drive", domainB])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domainA) TestEnv.check_md_complete(domainB) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, domainA, aliasList=[dnsListA[1]]) conf.add_vhost(TestEnv.HTTPS_PORT, domainB, aliasList=[dnsListB[1]]) conf.install() # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) assert dnsListA == certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainB) assert dnsListB == certB.get_san_list()
def test_702_002(self): domain = self.test_domain domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs dnsListA = [domainA, "www." + domainA] dnsListB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(dnsListA) conf.add_md(dnsListB) conf.add_vhost(TestEnv.HTTPS_PORT, domainA, aliasList=[dnsListA[1]]) conf.add_vhost(TestEnv.HTTPS_PORT, domainB, aliasList=[dnsListB[1]]) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainA, dnsListA) TestEnv.check_md(domainB, dnsListB) # await drive completion, do not restart assert TestEnv.await_completion([domainA, domainB], restart=False) # staged certificates are now visible on the status resources status = TestEnv.get_md_status(domainA) assert 'renewal' in status assert 'cert' in status['renewal'] assert 'sha256-fingerprint' in status['renewal']['cert'] # restart and activate assert TestEnv.apache_restart() == 0 # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) assert dnsListA == certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainB) assert dnsListB == certB.get_san_list()
def test_700_003(self): domain = "test700-003-" + TestAuto.dns_uniq nameA = "test-a." + domain nameB = "test-b." + domain dns_list = [ domain, nameA, nameB ] # generate 1 MD and 2 vhosts conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA ) self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB ) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names( domain, dns_list ) assert TestEnv.await_completion( [ domain ] ) self._check_md_cert( dns_list ) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content( nameA, "/name.txt" ) == nameA assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_710_001(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert dns_list = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() # restart, gets cert, should still be the same cert as it remains valid assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert status['serial'] == cert1.get_serial() # change the MD so that we need a new cert dns_list = [domain, "www." + domain, "another." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # should no longer the same cert status = TestEnv.get_certificate_status(domain) assert status['serial'] != cert1.get_serial() TestEnv.check_md_complete(domain) # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_700_001(self): domain = "test700-001-" + TestAuto.dns_uniq # generate config with one MD dns_list = [domain, "www." + domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_md(dns_list) conf.install() # restart, check that MD is synched to store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) time.sleep(2) # assert drive did not start md = TestEnv.a2md(["-j", "list", domain])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert 'account' not in md['ca'] assert TestEnv.apache_err_scan( re.compile('.*\[md:debug\].*no mds to auto drive')) # add vhost for MD, restart should drive it conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list() # challenges should have been removed TestEnv.check_dir_empty(TestEnv.path_challenges()) # file system needs to have correct permissions TestEnv.check_file_permissions(domain)
def test_700_006(self): domain = "test700-006-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [domain, nameA] # generate 1 MD, 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_ca_challenges(["invalid-01", "invalid-02"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) time.sleep(2) # assert drive did not start md = TestEnv.a2md(["-j", "list", domain])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert 'account' not in md['ca'] assert TestEnv.apache_err_scan( re.compile( '.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD' )) # check: that request to domains give 503 Service Unavailable cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_004(self, challengeType): domain = "test700-004-" + TestAuto.dns_uniq dns_list = [ domain, "www." + domain ] # generate 1 MD and 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ challengeType ] ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True ) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion( [ domain ] ) self._check_md_cert(dns_list) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_700_004(self, challengeType): # generate 1 MD and 1 vhost domain = self.test_domain dns_list = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_line( "Protocols http/1.1 acme-tls/1" ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ challengeType ] ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ]) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert TestEnv.await_completion( [ domain ] ) TestEnv.check_md_complete(domain) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_700_005(self): domain = "test700-005-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [domain, nameA] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_renew_state([domain]) # check: that request to domains give 503 Service Unavailable cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # check temporary cert from server cert2 = CertUtil(TestEnv.path_fallback_cert(domain)) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_710_002(self): domain = "test710-002-" + TestAuto.dns_uniq # use ACMEv1 initially TestEnv.set_acme('acmev1') domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs dnsListA = [ domainA, "www." + domainA ] dnsListB = [ domainB, "www." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True ) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) # await drive completion assert TestEnv.await_completion( [ domainA, domainB ] ) self._check_md_cert(dnsListA) self._check_md_cert(dnsListB) self._check_md_cert( dnsListA ) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) # should have a single account now assert 1 == len(TestEnv.list_accounts()) # use ACMEv2 now for everything TestEnv.set_acme('acmev2') # change the MDs so that we need a new cert dnsListA = [ domainA, "www." + domainA, "another." + domainA ] dnsListB = [ domainB, "www." + domainB, "another." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_line( "MDMembers auto" ) conf.add_md( [ domainA ] ) conf.add_md( [ domainB ] ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True ) conf.install() # restart, gets cert assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([ domainA, domainB ] ) self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) self._check_md_cert( dnsListA ) cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) # should no longer the same cert assert cert1.get_serial() != cert2.get_serial() # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_700_032(self): domain = "test700-032-" + TestAuto.dns_uniq name1 = "server1." + domain name2 = "server2." + TestAuto.dns_uniq # need a separate TLD to avoid rate limites # generate 2 MDs and 2 vhosts conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_md([name2]) conf.add_vhost(TestEnv.HTTPS_PORT, name1, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, name2, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(name1, [name1]) self._check_md_names(name2, [name2]) assert TestEnv.await_completion([name1]) self._check_md_cert([name2]) # check: SSL is running OK cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1) assert name1 in cert1.get_san_list() cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name2) assert name2 in cert2.get_san_list() # remove second md and vhost, add name2 to vhost1 conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_vhost(TestEnv.HTTPS_PORT, name1, aliasList=[name2], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 self._check_md_names(name1, [name1, name2]) assert TestEnv.await_completion([name1]) cert1b = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1) assert name1 in cert1b.get_san_list() assert name2 in cert1b.get_san_list() assert cert1.get_serial() != cert1b.get_serial()
def test_700_031(self): domain = "test700-031-" + TestAuto.dns_uniq nameX = "test-x." + domain nameA = "test-a." + domain nameB = "test-b." + domain nameC = "test-c." + domain dns_list = [nameX, nameA, nameB] # generate 1 MD and 2 vhosts conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(nameX, dns_list) assert TestEnv.await_completion([nameX]) self._check_md_cert(dns_list) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # change MD by removing 1st name new_list = [nameA, nameB, nameC] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 self._check_md_names(nameX, new_list) assert TestEnv.await_completion([nameX]) certA2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA2.get_san_list() assert certA.get_serial() != certA2.get_serial()