def test_702_040(self): domain = "test702-040-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_720_005(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = self.test_domain domain2 = "www.x" + domain dnsList = [domain, "*." + domain, domain2] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(dnsList) conf.add_vhost(TestEnv.HTTPS_PORT, domain2, aliasList=[]) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]]) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dnsList) # await drive completion assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) altnames = certA.get_san_list() for domain in dnsList: assert domain in altnames
def test_702_011(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap https:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap https:%s" % TestEnv.HTTPS_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_702_040(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for all domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == domains assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_700_011(self): domain = "test700-011-" + TestAuto.dns_uniq dns_list = [ domain, "www." + domain ] # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ "tls-sni-01" ] ) conf._add_line("MDPortMap 443:99") conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True ) conf.install() assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_error( [ domain ] ) # now the same with a 80 mapped to a supported port conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ "tls-sni-01" ] ) conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True ) conf.install() assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion( [ domain ] )
def test_702_006(self): domain = self.test_domain nameA = "test-a." + domain domains = [domain, nameA] # # generate 1 MD, 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_ca_challenges(["invalid-01", "invalid-02"]) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-mismatch' assert 'account' not in md['ca'] # # check: that request to domains give 503 Service Unavailable cert = TestEnv.get_cert(nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_004(self, challengeType): domain = "test700-004-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges([challengeType]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_700_006(self): domain = "test700-006-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD, 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_ca_challenges([ "invalid-01", "invalid-02" ]) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) time.sleep( 2 ) # assert drive did not start md = TestEnv.a2md([ "-j", "list", domain ])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert 'account' not in md['ca'] assert TestEnv.apache_err_scan( re.compile('.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD') ) # check: that request to domains give 503 Service Unavailable cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_720_006(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = self.test_domain dwild = "*." + domain domain2 = "www." + domain domains = [domain, dwild, domain2] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(domain2) conf.add_vhost([domain, dwild]) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = TestEnv.get_cert(domain) altnames = certA.get_san_list() for domain in [domain, dwild]: assert domain in altnames
def test_702_041(self): domain = "test702-041-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_error([domain]) == True md = self._get_md(domain) assert False == md["proto"]["acme-tls/1"]
def test_702_010(self): domain = self.test_domain dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:99") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert not TestEnv.is_renewing(domain) # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert TestEnv.await_completion([domain])
def test_720_006(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = "test720-006-" + TestAuto.dns_uniq dwild = "*." + domain domain2 = "www." + domain dnsList = [domain, dwild, domain2] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(dnsList) conf.add_vhost(TestEnv.HTTPS_PORT, domain2, aliasList=[], withSSL=True) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dwild], withSSL=True) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # await drive completion assert TestEnv.await_completion([domain]) self._check_md_cert(dnsList) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) altnames = certA.get_san_list() for domain in [domain, dwild]: assert domain in altnames
def test_702_041(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for none of the domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == []
def test_702_041(self): domain = self.test_domain dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) md = self._get_md(domain) assert False == md["proto"]["acme-tls/1"] assert not TestEnv.is_renewing(domain)
def test_700_004(self, challengeType): # generate 1 MD and 1 vhost domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges([challengeType]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_720_003(self): dns01cmd = ("%s/dns01.py fail" % TestEnv.TESTROOT) domain = "test720-003-" + TestAuto.dns_uniq dnsList = [domain, "*." + domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(dnsList) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]], withSSL=True) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # await drive completion assert TestEnv.await_error([domain])
def test_700_004(self, challengeType): # generate 1 MD and 1 vhost domain = self.test_domain dns_list = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_line( "Protocols http/1.1 acme-tls/1" ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ challengeType ] ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ]) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert TestEnv.await_completion( [ domain ] ) TestEnv.check_md_complete(domain) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_720_002(self): dns01cmd = ("%s/dns01-not-found.py" % TestEnv.TESTROOT) domain = self.test_domain domains = [domain, "*." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-setup-failure'