Merge pull request #575 from srvrco/support-space-delim-sans

Support space delimited SANS

.github/workflows/run-all-tests.yml

@@ -1,82 +1,90 @@
-name: Run all tests
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - master
-jobs:
-  test-alpine:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Alpine
-        run: test/run-test.sh alpine
-  test-centos6:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on CentOS6
-        run: test/run-test.sh centos6
-  test-centos7:
-      runs-on: ubuntu-latest
-      steps:
-        - uses: actions/checkout@v1
-        - name: Build the docker-compose stack
-          run: docker-compose up -d --build
-        - name: Run test suite on CentOS7
-          run: test/run-test.sh centos7
-  test-centos7-staging:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on CentOS7 against Staging using DuckDNS
-        run: test/run-test.sh centos7-staging
-  test-debian:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Debian
-        run: test/run-test.sh debian
-  test-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Ubuntu
-        run: test/run-test.sh ubuntu
-  test-ubuntu16:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Ubuntu16
-        run: test/run-test.sh ubuntu16
-  test-ubuntu18:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Ubuntu18
-        run: test/run-test.sh ubuntu18
-  test-ubuntu-staging:
-    needs: test-centos7-staging
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Build the docker-compose stack
-        run: docker-compose up -d --build
-      - name: Run test suite on Ubuntu against Staging using DuckDNS
-        run: test/run-test.sh ubuntu-staging
+name: Run all tests
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  test-alpine:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Alpine
+        run: test/run-test.sh alpine
+  test-centos6:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on CentOS6
+        run: test/run-test.sh centos6
+  test-centos7:
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v1
+        - name: Build the docker-compose stack
+          run: docker-compose up -d --build
+        - name: Run test suite on CentOS7
+          run: test/run-test.sh centos7
+  test-centos7-staging:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on CentOS7 against Staging using DuckDNS
+        run: test/run-test.sh centos7-staging
+  test-centos8:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on CentOS8
+        run: test/run-test.sh centos8
+  test-debian:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Debian
+        run: test/run-test.sh debian
+  test-ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu
+        run: test/run-test.sh ubuntu
+  test-ubuntu16:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu16
+        run: test/run-test.sh ubuntu16
+  test-ubuntu18:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu18
+        run: test/run-test.sh ubuntu18
+  test-ubuntu-staging:
+    needs: test-centos7-staging
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu against Staging using DuckDNS
+        run: test/run-test.sh ubuntu-staging

getssl

@@ -231,11 +231,14 @@
 # 2020-05-06 Fix missing fullchain.ec.crt when creating dual certificates (2.27)
 # 2020-05-14 Add --notify-valid option (exit 2 if certificate is valid)
 # 2020-05-23 Fix --revoke (didn't work with ACMEv02) (2.28)
+# 2020-06-06 Fix missing URL_revoke definition when no CA directory suffix (#566)
+# 2020-06-18 Fix CHECK_REMOTE for DUAL_RSA_ECDSA (#570)
+# 2020-07-14 Support space separated SANS (#574) (2.29)
 # ----------------------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
 PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
-VERSION="2.28"
+VERSION="2.29"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -497,7 +500,7 @@ check_config() { # check the config files for all obvious errors
 
   # get all domains
   if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
-    alldomains=${SANS//,/ }
+    alldomains=${SANS//[, ]/ }
   else
     alldomains=$(echo "$DOMAIN,$SANS" | sed "s/,/ /g")
   fi
@@ -784,7 +787,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist)
     if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
       alldomains=$(echo "$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)
     else
-      alldomains=$(echo "$DOMAIN,$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)
+      alldomains=$(echo "$DOMAIN,$SANS" | sed -e 's/,/ /g; s/ $//; y/ /\n/' | sort -u)
     fi
     domains_in_csr=$(openssl req -text -noout -in "$csr_file" \
         | sed -n -e 's/^ *Subject: .* CN=\([A-Za-z0-9.-]*\).*$/\1/p; /^ *DNS:.../ { s/ *DNS://g; y/,/\n/; p; }' \
@@ -2695,9 +2698,9 @@ fi
 if [[ -z "$SANS" ]]; then
   SANLIST="subjectAltName=DNS:${DOMAIN}"
 elif [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
-  SANLIST="subjectAltName=DNS:${SANS//,/,DNS:}"
+  SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}"
 else
-  SANLIST="subjectAltName=DNS:${DOMAIN},DNS:${SANS//,/,DNS:}"
+  SANLIST="subjectAltName=DNS:${DOMAIN},DNS:${SANS//[, ]/,DNS:}"
 fi
 debug "created SAN list = $SANLIST"
 
@@ -2757,7 +2760,7 @@ info "Verify each domain"
 
 # loop through domains for cert ( from SANS list)
 if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
-  alldomains=${SANS//,/ }
+  alldomains=${SANS//[, ]/ }
 else
   alldomains=$(echo "$DOMAIN,$SANS" | sed "s/,/ /g")
 fi

test/15-test-revoke-no-suffix.bats

@@ -11,7 +11,7 @@ setup() {
 }
 
 
-@test "Create certificate to check revoke" {
+@test "Create certificate to check revoke (no suffix)" {
     if [ -n "$STAGING" ]; then
         CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg"
     else
@@ -26,7 +26,7 @@ setup() {
 }
 
 
-@test "Check we can revoke a certificate" {
+@test "Check we can revoke a certificate (no suffix)" {
     if [ -n "$STAGING" ]; then
         CONFIG_FILE="getssl-staging-dns01.cfg"
     else

test/16-test-bad-acl.bats

@@ -0,0 +1,23 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Test behaviour if ACL= line has a space" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-http01-bad-acl.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+    assert_failure
+}

test/17-test-spaces-in-sans-dns01.bats

@@ -0,0 +1,75 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Test behaviour if SANS line is space separated instead of comma separated (dns01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-dns01-spaces-sans.cfg"
+    setup_environment
+
+    # Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Test renewal if SANS line is space separated instead of comma separated (dns01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    assert_success
+    check_output_for_errors
+    cleanup_environment
+}
+
+
+@test "Test behaviour if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (dns01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-dns01-spaces-sans-and-ignore-dir-domain.cfg"
+    setup_environment
+
+    # Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Test renewal if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (dns01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    assert_success
+    check_output_for_errors
+    cleanup_environment
+
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
+    done
+}

test/17-test-spaces-in-sans-http01.bats

@@ -0,0 +1,75 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Test behaviour if SANS line is space separated instead of comma separated (http01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-http01-spaces-sans.cfg"
+    setup_environment
+
+    # Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Test renewal if SANS line is space separated instead of comma separated (http01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    assert_success
+    check_output_for_errors
+    cleanup_environment
+}
+
+
+@test "Test behaviour if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (http01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-http01-spaces-sans-and-ignore-dir-domain.cfg"
+    setup_environment
+
+    # Add hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Test renewal if SANS line is space separated and IGNORE_DIRECTORY_DOMAIN (http01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    run ${CODE_DIR}/getssl -f $GETSSL_HOST
+    assert_success
+    check_output_for_errors
+    cleanup_environment
+
+    for prefix in a b c; do
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
+    done
+}

test/9-multiple-domains-dns01.bats

@@ -16,7 +16,7 @@ setup() {
     if [ -n "$STAGING" ]; then
         skip "Using staging server, skipping internal test"
     fi
-    CONFIG_FILE="getssl-multiple-domains-dns01.cfg"
+    CONFIG_FILE="getssl-dns01-multiple-domains.cfg"
     setup_environment
 
     # Add top level domain from SANS to DNS
@@ -47,7 +47,7 @@ setup() {
     if [ -n "$STAGING" ]; then
         skip "Using staging server, skipping internal test"
     fi
-    CONFIG_FILE="getssl-ignore-directory-domain.cfg"
+    CONFIG_FILE="getssl-dns01-ignore-directory-domain.cfg"
     setup_environment
 
     # Add top level domain from SANS to DNS

test/Dockerfile-centos8

@@ -0,0 +1,20 @@
+FROM centos:centos8
+
+# Note this image uses drill, does not have dig or nslookup installed
+
+# Update and install required software
+RUN yum -y update
+RUN yum -y install epel-release
+RUN yum -y install git curl bind-utils wget which nginx
+
+WORKDIR /root
+RUN mkdir /etc/nginx/pki
+RUN mkdir /etc/nginx/pki/private
+COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
+COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/bats-core/bats-support /bats-support
+RUN git clone https://github.com/bats-core/bats-assert /bats-assert
+RUN /bats-core/install.sh /usr/local

test/restart-nginx

@@ -3,7 +3,7 @@
 if [ "$GETSSL_OS" = "alpine" ]; then
     killall -HUP nginx >&3-
     sleep 5
-elif [ "$GETSSL_OS" == "centos7" ]; then
+elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
     pgrep nginx | head -1 | xargs kill -HUP
     sleep 5
 else

test/test-config/getssl-dns01-spaces-sans-and-ignore-dir-domain.cfg

@@ -0,0 +1,35 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+
+CA="https://pebble:14000/dir"
+
+VALIDATE_VIA_DNS=true
+DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
+DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
+PUBLIC_DNS_SERVER=10.30.50.3
+DNS_EXTRA_WAIT=""
+
+# Ignore directory domain (i.e. the domain passed on the command line), and just use the domains in the SANS list
+IGNORE_DIRECTORY_DOMAIN="true"
+SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+# Use a single ACL for all checks
+USE_SINGLE_ACL="true"
+
+# Location for all your certs, these can either be on the server (full path name)
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/getssl-dns01-spaces-sans.cfg

@@ -0,0 +1,34 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+
+CA="https://pebble:14000/dir"
+
+VALIDATE_VIA_DNS=true
+DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
+DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
+PUBLIC_DNS_SERVER=10.30.50.3
+DNS_EXTRA_WAIT=""
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+# Use a single ACL for all checks
+USE_SINGLE_ACL="true"
+
+# Location for all your certs, these can either be on the server (full path name)
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/getssl-http01-bad-acl.cfg

@@ -0,0 +1,29 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+#
+CA="https://pebble:14000/dir"
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS=""
+
+# Acme Challenge Location.
+ACL= ('/var/www/html/.well-known/acme-challenge')
+
+#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
+USE_SINGLE_ACL="false"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/getssl-http01-spaces-sans-and-ignore-dir-domain.cfg

@@ -0,0 +1,29 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+
+CA="https://pebble:14000/dir"
+
+# Ignore directory domain (i.e. the domain passed on the command line), and just use the domains in the SANS list
+IGNORE_DIRECTORY_DOMAIN="true"
+SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+# Use a single ACL for all checks
+USE_SINGLE_ACL="true"
+
+# Location for all your certs, these can either be on the server (full path name)
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/getssl-http01-spaces-sans.cfg

@@ -0,0 +1,28 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+
+CA="https://pebble:14000/dir"
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS="a.${GETSSL_HOST} b.${GETSSL_HOST} c.${GETSSL_HOST}"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')
+
+# Use a single ACL for all checks
+USE_SINGLE_ACL="true"
+
+# Location for all your certs, these can either be on the server (full path name)
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test_helper.bash

@@ -72,7 +72,7 @@ if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
     if [[ ! $(pgrep supervisord) ]]; then
         /usr/bin/supervisord -c /etc/supervisord.conf >&3-
     fi
-elif [ "$GETSSL_OS" == "centos7" ]; then
+elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
     if [ -z "$(pgrep nginx)" ]; then
         nginx >&3-
     fi