RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Update templates, clean up test code

pull/472/head
Tim Kimber 6 years ago
parent
a5313f4f31
commit
2dbaf3e14d
5 changed files with 37 additions and 19 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -5
      getssl
  2. +0
    -5
      test/Dockerfile-rhel6
  3. +0
    -5
      test/Dockerfile-ubuntu
  4. +20
    -0
      test/README.md
  5. +10
    -4
      test/run-test.sh

+ 7
- 5
getssl View File

@ -193,7 +193,9 @@
# 2019-11-22 #456 Fix shellcheck issues
# 2019-11-23 #459 Fix missing chain.crt
# 2019-12-18 #462 Use POST-as-GET for ACMEv2 endpoints
# 2020-01-07 #464 and #486 "json was blank" (change all curl request to use POST-as-GET) (2.15)
# 2020-01-07 #464 and #486 "json was blank" (change all curl request to use POST-as-GET)
# 2020-01-08 Error and exit if rate limited, exit if curl returns nothing
# 2020-01-10 Change domain and getssl templates to v2 (2.15)
# ----------------------------------------------------------------------------------------
PROGNAME=${0##*/}
@ -212,7 +214,7 @@ CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
CSR_SUBJECT="/"
CURL_USERAGENT="${PROGNAME}/${VERSION}"
DEACTIVATE_AUTH="false"
DEFAULT_REVOKE_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_REVOKE_CA="https://acme-v02.api.letsencrypt.org"
DNS_EXTRA_WAIT=""
DNS_WAIT=10
DOMAIN_KEY_LENGTH=4096
@ -1566,7 +1568,7 @@ write_domain_template() { # write out a template file for a domain.
# The staging server is best for testing
#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#CA="https://acme-v02.api.letsencrypt.org"
#PRIVATE_KEY_ALG="rsa"
@ -1619,7 +1621,7 @@ write_getssl_template() { # write out the main template file
# The staging server is best for testing (hence set as default)
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#CA="https://acme-v02.api.letsencrypt.org"
#AGREEMENT="$AGREEMENT"
@ -2021,7 +2023,7 @@ if [[ -s "$CERT_FILE" ]]; then
enddate_s=$(date_epoc "$enddate")
if [[ $(date_renew) -lt "$enddate_s" ]] && [[ $_FORCE_RENEW -ne 1 ]]; then
issuer=$(openssl x509 -in "$CERT_FILE" -noout -issuer 2>/dev/null)
if [[ "$issuer" == *"Fake LE Intermediate"* ]] && [[ "$CA" == "https://acme-v01.api.letsencrypt.org" ]]; then
if [[ "$issuer" == *"Fake LE Intermediate"* ]] && [[ "$CA" == "https://acme-v02.api.letsencrypt.org" ]]; then
debug "upgrading from fake cert to real"
else
info "${DOMAIN}: certificate is valid for more than $RENEW_ALLOW days (until $enddate)"


+ 0
- 5
test/Dockerfile-rhel6 View File

@ -20,8 +20,3 @@ EXPOSE 80 443
# Run eternal loop - for testing
CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]
# with Pebble
# docker-compose -f "docker-compose.yml" up -d --build
# docker exec -it getssl /bin/bash
# /getssl/test/run-test.sh

+ 0
- 5
test/Dockerfile-ubuntu View File

@ -21,8 +21,3 @@ EXPOSE 80 443
# Run eternal loop - for testing
CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]
# with Pebble
# docker-compose -f "docker-compose.yml" up -d --build
# docker exec -it getssl /bin/bash
# /getssl/test/run-test.sh

+ 20
- 0
test/README.md View File

@ -0,0 +1,20 @@
# Testing
This directory contains a simple test script which tests creating certificates with Pebble (testing version of the LetsEncrypt server)
Start up pebble, the challdnstest server for DNS challenges
`docker-compose -f "docker-compose.yml" up -d --build`
Run the tests
`docker exec -it getssl /getssl/test/run-test.sh`
Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise you get a "unknown API version" error)
`docker exec -it getssl /bin/bash`
`export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt`
`/getssl/getssl -d getssl`
# TODO
1. Move to BATS (bash automated testing) instead of run-test.sh
2. Test RHEL6, Debian as well
3. Test SSH, SFTP
4. Test wildcards

+ 10
- 4
test/run-test.sh View File

@ -3,7 +3,9 @@
set -e
# Test setup
rm -r /root/.getssl
if [[ -d /root/.getssl ]]; then
rm -r /root/.getssl
fi
wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
# cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
@ -24,11 +26,12 @@ cp /getssl/test/test-config/getssl-http01.cfg /root/.getssl/getssl/getssl.cfg
# Test #2 - http-01 forced renewal
echo Test \#2 - http-01 forced renewal
sleep 5 # There's a race condition if renew too soon (authlink returns "valid" instead of "pending")
# There's a race condition if renew too soon (authlink returns "valid" instead of "pending")
echo Sleeping 20s to allow previous validation to expire
sleep 20
/getssl/getssl getssl -f
# Test cleanup
rm -r /root/.getssl
# Test #3 - dns-01 verification
@ -43,5 +46,8 @@ cp /getssl/test/test-config/getssl-dns01.cfg /root/.getssl/getssl/getssl.cfg
# Test #4 - dns-01 forced renewal
echo Test \#4 - dns-01 forced renewal
sleep 5 # There's a race condition if renew too soon (authlink returns "valid" instead of "pending")
# There's a race condition if renew too soon (authlink returns "valid" instead of "pending")
echo Sleeping 30s to allow previous validation to expire
sleep 30
/getssl/getssl getssl -f

Write Preview
Loading…
Cancel
Save