Test using nslookup and on ubuntu16

docker-compose.yml

@@ -129,6 +129,33 @@ services:
           - i.ubuntu.getssl.test
           - j.ubuntu.getssl.test
           - k.ubuntu.getssl.test
+  getssl-ubuntu16:
+    build:
+      context: .
+      dockerfile: test/Dockerfile-ubuntu16
+    container_name: getssl-ubuntu16
+    volumes:
+      - .:/getssl
+    environment:
+      GETSSL_HOST: ubuntu16.getssl.test
+      GETSSL_IP: 10.30.50.14
+      NGINX_CONFIG: /etc/nginx/sites-enabled/default
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.14
+        aliases:
+          - ubuntu16.getssl.test
+          - a.ubuntu16.getssl.test
+          - b.ubuntu16.getssl.test
+          - c.ubuntu16.getssl.test
+          - d.ubuntu16.getssl.test
+          - e.ubuntu16.getssl.test
+          - f.ubuntu16.getssl.test
+          - g.ubuntu16.getssl.test
+          - h.ubuntu16.getssl.test
+          - i.ubuntu16.getssl.test
+          - j.ubuntu16.getssl.test
+          - k.ubuntu16.getssl.test
   getssl-ubuntu18:
     build:
       context: .
@@ -138,11 +165,11 @@ services:
       - .:/getssl
     environment:
       GETSSL_HOST: ubuntu18.getssl.test
-      GETSSL_IP: 10.30.50.14
+      GETSSL_IP: 10.30.50.15
       NGINX_CONFIG: /etc/nginx/sites-enabled/default
     networks:
       acmenet:
-        ipv4_address: 10.30.50.14
+        ipv4_address: 10.30.50.15
         aliases:
           - ubuntu18.getssl.test
           - a.ubuntu18.getssl.test
@@ -165,13 +192,13 @@ services:
       - .:/getssl
     environment:
       GETSSL_HOST: getssl.duckdns.org
-      GETSSL_IP: 10.30.50.15
+      GETSSL_IP: 10.30.50.16
       NGINX_CONFIG: /etc/nginx/sites-enabled/default
       DUCKDNS_TOKEN: $DUCKDNS_TOKEN
       STAGING: "true"
     networks:
       acmenet:
-        ipv4_address: 10.30.50.15
+        ipv4_address: 10.30.50.16
         aliases:
            - getssl.duckdns.org
 

test/2-simple-dns01-nslookup.bats

@@ -0,0 +1,34 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+    mv /usr/bin/dig /usr/bin/dig.getssl.bak
+}
+
+
+teardown() {
+    mv /usr/bin/dig.getssl.bak /usr/bin/dig
+}
+
+
+@test "Create new certificate using DNS-01 verification (nslookup)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+
+    CONFIG_FILE="getssl-dns01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate -d
+    assert_success
+    assert_output --partial "nslookup"
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'  # don't fail for :error:badNonce
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+}

test/8-duckdns-ecdsa.bats

@@ -23,10 +23,10 @@ setup() {
     setup_environment
     init_getssl
     sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
-    run ${CODE_DIR}/getssl "$GETSSL_HOST"
+    run ${CODE_DIR}/getssl -d "$GETSSL_HOST"
     assert_success
     refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
 }
 
@@ -35,10 +35,10 @@ setup() {
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    run ${CODE_DIR}/getssl -d -f $GETSSL_HOST
     assert_success
     refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
     cleanup_environment
 }
@@ -54,10 +54,10 @@ setup() {
     setup_environment
     init_getssl
     sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
-    run ${CODE_DIR}/getssl "$GETSSL_HOST"
+    run ${CODE_DIR}/getssl -d "$GETSSL_HOST"
     assert_success
     refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
 }
 
@@ -66,38 +66,13 @@ setup() {
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    run ${CODE_DIR}/getssl -d -f $GETSSL_HOST
     assert_success
     refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
     cleanup_environment
 }
 
 
-@test "Create new certificate using staging server and secp521r1" {
-    skip "The staging server returns 'ECDSA curve P-521 not allowed'"
-
-    CONFIG_FILE="getssl-duckdns01.cfg"
-    GETSSL_HOST=getssl.duckdns.org
-
-    setup_environment
-    init_getssl
-    sed -e 's/rsa/secp521r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
-    run ${CODE_DIR}/getssl "$GETSSL_HOST"
-    assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
-}
-
-
-@test "Force renewal of certificate using staging server and secp521r1" {
-    skip "The staging server returns 'ECDSA curve P-521 not allowed'"
-    run ${CODE_DIR}/getssl -f $GETSSL_HOST
-    assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
-    cleanup_environment
-}
+# Note letsencrypt doesn't support ECDSA curve P-521 as it's being deprecated

test/Dockerfile-ubuntu16

@@ -0,0 +1,25 @@
+FROM ubuntu:xenial
+# xenial = 16
+
+# Note this image uses mawk
+
+# Update and install required software
+RUN apt-get update --fix-missing
+RUN apt-get install -y git curl dnsutils wget nginx-light
+
+WORKDIR /root
+RUN mkdir /etc/nginx/pki
+RUN mkdir /etc/nginx/pki/private
+COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
+
+# Prevent "Can't load /root/.rnd into RNG" error from openssl
+# RUN touch /root/.rnd
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
+
+# Run eternal loop - for testing
+CMD tail -f /dev/null

test/debug-test.sh

@@ -9,14 +9,14 @@ if [ $# -eq 2 ]; then
     shift
 fi
 
+#shellcheck disable=SC1091
+source /getssl/test/test_helper.bash
+
 CONFIG_FILE=$1
 if [ ! -e "$CONFIG_FILE" ]; then
     CONFIG_FILE=${CODE_DIR}/test/test-config/${CONFIG_FILE}
 fi
 
-#shellcheck disable=SC1091
-source /getssl/test/test_helper.bash
-
 setup_environment 3>&1
 
 # Only add the pebble CA to the cert bundle if using pebble

test/run-all-tests.cmd

@@ -1,6 +1,15 @@
+echo %time%
 docker exec -it getssl-alpine bats /getssl/test
+echo %time%
 docker exec -it getssl-centos6 bats /getssl/test
+echo %time%
 docker exec -it getssl-debian bats /getssl/test
+echo %time%
 docker exec -it getssl-ubuntu bats /getssl/test
+echo %time%
 docker exec -it getssl-ubuntu18 bats /getssl/test
+echo %time%
+docker exec -it getssl-ubuntu16 bats /getssl/test
+echo %time%
 docker exec -it getssl-duckdns bats /getssl/test
+echo %time%

test/test-config/getssl-duckdns01.cfg

@@ -7,7 +7,7 @@ DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
 AUTH_DNS_SERVER=1.1.1.1
 CHECK_ALL_AUTH_DNS=false
-DNS_EXTRA_WAIT=20
+DNS_EXTRA_WAIT=30
 
 ACCOUNT_KEY_TYPE="rsa"
 PRIVATE_KEY_ALG="rsa"

test/test_helper.bash

@@ -39,5 +39,6 @@ init_getssl() {
 create_certificate() {
     # Create certificate
     cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
-    run ${CODE_DIR}/getssl "$GETSSL_HOST"
+    # shellcheck disable=SC2086
+    run ${CODE_DIR}/getssl $1 "$GETSSL_HOST"
 }