RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Merge pull request #575 from srvrco/support-space-delim-sans 

Support space delimited SANS
pull/581/head 2.29
Tim Kimber 5 years ago
committed by GitHub
parent
0f039c0dcf 5c66f2956d
commit
53acf8360c
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 453 additions and 94 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +90
    -82
      .github/workflows/run-all-tests.yml
  2. +9
    -6
      getssl
  3. +2
    -2
      test/15-test-revoke-no-suffix.bats
  4. +23
    -0
      test/16-test-bad-acl.bats
  5. +75
    -0
      test/17-test-spaces-in-sans-dns01.bats
  6. +75
    -0
      test/17-test-spaces-in-sans-http01.bats
  7. +2
    -2
      test/9-multiple-domains-dns01.bats
  8. +20
    -0
      test/Dockerfile-centos8
  9. +1
    -1
      test/restart-nginx
  10. +0
    -0
      test/test-config/getssl-dns01-ignore-directory-domain.cfg
  11. +0
    -0
      test/test-config/getssl-dns01-multiple-domains.cfg
  12. +35
    -0
      test/test-config/getssl-dns01-spaces-sans-and-ignore-dir-domain.cfg
  13. +34
    -0
      test/test-config/getssl-dns01-spaces-sans.cfg
  14. +29
    -0
      test/test-config/getssl-http01-bad-acl.cfg
  15. +29
    -0
      test/test-config/getssl-http01-spaces-sans-and-ignore-dir-domain.cfg
  16. +28
    -0
      test/test-config/getssl-http01-spaces-sans.cfg
  17. +1
    -1
      test/test_helper.bash

+ 90
- 82
.github/workflows/run-all-tests.yml View File

@ -1,82 +1,90 @@
name: Run all tests
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
test-alpine:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Alpine
run: test/run-test.sh alpine
test-centos6:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS6
run: test/run-test.sh centos6
test-centos7:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7
run: test/run-test.sh centos7
test-centos7-staging:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7 against Staging using DuckDNS
run: test/run-test.sh centos7-staging
test-debian:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Debian
run: test/run-test.sh debian
test-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu
run: test/run-test.sh ubuntu
test-ubuntu16:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu16
run: test/run-test.sh ubuntu16
test-ubuntu18:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu18
run: test/run-test.sh ubuntu18
test-ubuntu-staging:
needs: test-centos7-staging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu against Staging using DuckDNS
run: test/run-test.sh ubuntu-staging
name: Run all tests
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
test-alpine:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Alpine
run: test/run-test.sh alpine
test-centos6:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS6
run: test/run-test.sh centos6
test-centos7:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7
run: test/run-test.sh centos7
test-centos7-staging:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7 against Staging using DuckDNS
run: test/run-test.sh centos7-staging
test-centos8:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS8
run: test/run-test.sh centos8
test-debian:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Debian
run: test/run-test.sh debian
test-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu
run: test/run-test.sh ubuntu
test-ubuntu16:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu16
run: test/run-test.sh ubuntu16
test-ubuntu18:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu18
run: test/run-test.sh ubuntu18
test-ubuntu-staging:
needs: test-centos7-staging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu against Staging using DuckDNS
run: test/run-test.sh ubuntu-staging

+ 9
- 6
getssl View File

@ -231,11 +231,14 @@
# 2020-05-06 Fix missing fullchain.ec.crt when creating dual certificates (2.27)
# 2020-05-14 Add --notify-valid option (exit 2 if certificate is valid)
# 2020-05-23 Fix --revoke (didn't work with ACMEv02) (2.28)
# 2020-06-06 Fix missing URL_revoke definition when no CA directory suffix (#566)
# 2020-06-18 Fix CHECK_REMOTE for DUAL_RSA_ECDSA (#570)
# 2020-07-14 Support space separated SANS (#574) (2.29)
# ----------------------------------------------------------------------------------------
PROGNAME=${0##*/}
PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
VERSION="2.28"
VERSION="2.29"
# defaults
ACCOUNT_KEY_LENGTH=4096
@ -497,7 +500,7 @@ check_config() { # check the config files for all obvious errors
# get all domains
if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
alldomains=${SANS//,/ }
alldomains=${SANS//[, ]/ }
else
alldomains=$(echo "$DOMAIN,$SANS" | sed "s/,/ /g")
fi
@ -784,7 +787,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist)
if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
alldomains=$(echo "$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)
else
alldomains=$(echo "$DOMAIN,$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)
alldomains=$(echo "$DOMAIN,$SANS" | sed -e 's/,/ /g; s/ $//; y/ /\n/' | sort -u)
fi
domains_in_csr=$(openssl req -text -noout -in "$csr_file" \
| sed -n -e 's/^ *Subject: .* CN=\([A-Za-z0-9.-]*\).*$/\1/p; /^ *DNS:.../ { s/ *DNS://g; y/,/\n/; p; }' \
@ -2695,9 +2698,9 @@ fi
if [[ -z "$SANS" ]]; then
SANLIST="subjectAltName=DNS:${DOMAIN}"
elif [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
SANLIST="subjectAltName=DNS:${SANS//,/,DNS:}"
SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}"
else
SANLIST="subjectAltName=DNS:${DOMAIN},DNS:${SANS//,/,DNS:}"
SANLIST="subjectAltName=DNS:${DOMAIN},DNS:${SANS//[, ]/,DNS:}"
fi
debug "created SAN list = $SANLIST"
@ -2757,7 +2760,7 @@ info "Verify each domain"
# loop through domains for cert ( from SANS list)
if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
alldomains=${SANS//,/ }
alldomains=${SANS//[, ]/ }
else
alldomains=$(echo "$DOMAIN,$SANS" | sed "s/,/ /g")
fi


+ 2
- 2
test/15-test-revoke-no-suffix.bats View File

@ -11,7 +11,7 @@ setup() {
}
@test "Create certificate to check revoke" {
@test "Create certificate to check revoke (no suffix)" {
if [ -n "$STAGING" ]; then
CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg"
else
@ -26,7 +26,7 @@ setup() {
}
@test "Check we can revoke a certificate" {
@test "Check we can revoke a certificate (no suffix)" {
if [ -n "$STAGING" ]; then
CONFIG_FILE="getssl-staging-dns01.cfg"
else


+ 23
- 0
test/16-test-bad-acl.bats View File

@ -0,0 +1,23 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
@test "Test behaviour if ACL= line has a space" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-bad-acl.cfg"
setup_environment
init_getssl
create_certificate
assert_failure
}

+ 75
- 0
test/17-test-spaces-in-sans-dns01.bats View File

@ -0,0 +1,75 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
@test "Test behaviour if SANS line is space separated instead of comma separated (dns01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-dns01-spaces-sans.cfg"
setup_environment
# Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
done
init_getssl
create_certificate
assert_success
check_output_for_errors
}
@test "Test renewal if SANS line is space separated instead of comma separated (dns01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
check_output_for_errors
cleanup_environment
}
@test "Test behaviour if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (dns01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-dns01-spaces-sans-and-ignore-dir-domain.cfg"
setup_environment
# Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
done
init_getssl
create_certificate
assert_success
check_output_for_errors
}
@test "Test renewal if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (dns01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
check_output_for_errors
cleanup_environment
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
done
}

+ 75
- 0
test/17-test-spaces-in-sans-http01.bats View File

@ -0,0 +1,75 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
@test "Test behaviour if SANS line is space separated instead of comma separated (http01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-spaces-sans.cfg"
setup_environment
# Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
done
init_getssl
create_certificate
assert_success
check_output_for_errors
}
@test "Test renewal if SANS line is space separated instead of comma separated (http01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
check_output_for_errors
cleanup_environment
}
@test "Test behaviour if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (http01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-spaces-sans-and-ignore-dir-domain.cfg"
setup_environment
# Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
done
init_getssl
create_certificate
assert_success
check_output_for_errors
}
@test "Test renewal if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (http01)" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
check_output_for_errors
cleanup_environment
for prefix in a b c; do
curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
done
}

+ 2
- 2
test/9-multiple-domains-dns01.bats View File

@ -16,7 +16,7 @@ setup() {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-multiple-domains-dns01.cfg"
CONFIG_FILE="getssl-dns01-multiple-domains.cfg"
setup_environment
# Add top level domain from SANS to DNS
@ -47,7 +47,7 @@ setup() {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-ignore-directory-domain.cfg"
CONFIG_FILE="getssl-dns01-ignore-directory-domain.cfg"
setup_environment
# Add top level domain from SANS to DNS


+ 20
- 0
test/Dockerfile-centos8 View File

@ -0,0 +1,20 @@
FROM centos:centos8
# Note this image uses drill, does not have dig or nslookup installed
# Update and install required software
RUN yum -y update
RUN yum -y install epel-release
RUN yum -y install git curl bind-utils wget which nginx
WORKDIR /root
RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
# BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core
RUN git clone https://github.com/bats-core/bats-support /bats-support
RUN git clone https://github.com/bats-core/bats-assert /bats-assert
RUN /bats-core/install.sh /usr/local

+ 1
- 1
test/restart-nginx View File

@ -3,7 +3,7 @@
if [ "$GETSSL_OS" = "alpine" ]; then
killall -HUP nginx >&3-
sleep 5
elif [ "$GETSSL_OS" == "centos7" ]; then
elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
pgrep nginx | head -1 | xargs kill -HUP
sleep 5
else


test/test-config/getssl-ignore-directory-domain.cfg → test/test-config/getssl-dns01-ignore-directory-domain.cfg View File


test/test-config/getssl-multiple-domains-dns01.cfg → test/test-config/getssl-dns01-multiple-domains.cfg View File


+ 35
- 0
test/test-config/getssl-dns01-spaces-sans-and-ignore-dir-domain.cfg View File

@ -0,0 +1,35 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
CA="https://pebble:14000/dir"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
PUBLIC_DNS_SERVER=10.30.50.3
DNS_EXTRA_WAIT=""
# Ignore directory domain (i.e. the domain passed on the command line), and just use the domains in the SANS list
IGNORE_DIRECTORY_DOMAIN="true"
SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
# Use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 34
- 0
test/test-config/getssl-dns01-spaces-sans.cfg View File

@ -0,0 +1,34 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
CA="https://pebble:14000/dir"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
PUBLIC_DNS_SERVER=10.30.50.3
DNS_EXTRA_WAIT=""
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
# Use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 29
- 0
test/test-config/getssl-http01-bad-acl.cfg View File

@ -0,0 +1,29 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
CA="https://pebble:14000/dir"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=""
# Acme Challenge Location.
ACL= ('/var/www/html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="false"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 29
- 0
test/test-config/getssl-http01-spaces-sans-and-ignore-dir-domain.cfg View File

@ -0,0 +1,29 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
CA="https://pebble:14000/dir"
# Ignore directory domain (i.e. the domain passed on the command line), and just use the domains in the SANS list
IGNORE_DIRECTORY_DOMAIN="true"
SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
# Use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 28
- 0
test/test-config/getssl-http01-spaces-sans.cfg View File

@ -0,0 +1,28 @@
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
CA="https://pebble:14000/dir"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
# Use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 1
- 1
test/test_helper.bash View File

@ -72,7 +72,7 @@ if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
if [[ ! $(pgrep supervisord) ]]; then
/usr/bin/supervisord -c /etc/supervisord.conf >&3-
fi
elif [ "$GETSSL_OS" == "centos7" ]; then
elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
if [ -z "$(pgrep nginx)" ]; then
nginx >&3-
fi


Write Preview
Loading…
Cancel
Save