diff --git a/dns_scripts/dns_add_dynu b/dns_scripts/dns_add_dynu index 7a08ce8..e20470d 100644 --- a/dns_scripts/dns_add_dynu +++ b/dns_scripts/dns_add_dynu @@ -28,10 +28,11 @@ fi curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' ) # Get domain id -resp=$(curl --silent "${curl_params[@]}" -X GET "$API") +# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org +resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}") # Match domain id -re="\"id\":([^,]*),\"name\":\"getssl-testing.freeddns.org\"" +re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\"" if [[ "$resp" =~ $re ]]; then domain_id="${BASH_REMATCH[1]}" fi @@ -42,6 +43,7 @@ if [[ -z "$domain_id" ]]; then fi # Check for existing _acme-challenge TXT record +# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT" resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT") re="\"id\":([^,]*)" if [[ "$resp" =~ $re ]]; then @@ -53,16 +55,18 @@ if [[ -z "$record_id" ]]; then resp=$(curl --silent \ "${curl_params[@]}" \ -X POST "${API}/${domain_id}/record" \ - --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"textData\":\"$token\"}") + --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}") else + # Update existing record + # curl -X POST https://api.dynu.com/v2/dns/9329328/record/7082063 -d "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"Test2\"}" resp=$(curl --silent \ "${curl_params[@]}" \ -X POST "${API}/${domain_id}/record/${record_id}" \ - --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"textData\":\"$token\"}") + --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}") fi # If adding record failed (exception:) then print error message -if [[ "${resp// }" == *'"exception"'* ]]; then +if [[ "$resp" != *"\"statusCode\":200"* ]]; then echo "Error: DNS challenge not added: unknown error - ${resp}" exit 3 fi diff --git a/dns_scripts/dns_del_dynu b/dns_scripts/dns_del_dynu index 310bb61..1d8d588 100644 --- a/dns_scripts/dns_del_dynu +++ b/dns_scripts/dns_del_dynu @@ -10,6 +10,12 @@ apikey=${DYNU_API_KEY:-''} # 2 - error within internal processing # 3 - error in result ( domain not found in dynu.com etc) +# After deleting the TXT record from Dynu.com it takes over 30 minutes to add a new TXT record! +# This doesn't happen when updating the TXT record, just for delete then add +# As this is used for testing, changed the delete to a no-op. + +exit 0 + fulldomain="${1}" API='https://api.dynu.com/v2/dns' @@ -20,17 +26,18 @@ if [[ -z "$fulldomain" ]]; then exit 1 fi if [[ -z "$apikey" ]]; then - echo "DNS script requires an apikey to be set" + echo "DNS script requires apikey environment variable to be set" exit 1 fi curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' ) # Get domain id -resp=$(curl --silent "${curl_params[@]}" -X GET "$API") +# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org +resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}") # Match domain id -re="\"id\":([^,]*),\"name\":\"getssl-testing.freeddns.org\"" +re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\"" if [[ "$resp" =~ $re ]]; then domain_id="${BASH_REMATCH[1]}" fi @@ -40,7 +47,8 @@ if [[ -z "$domain_id" ]]; then exit 3 fi -# Find existing _acme-challenge TXT record +# Check for existing _acme-challenge TXT record +# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT" resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT") re="\"id\":([^,]*)" if [[ "$resp" =~ $re ]]; then @@ -48,8 +56,8 @@ if [[ "$resp" =~ $re ]]; then fi if [[ -z "$record_id" ]]; then - echo "No _acme-challenge TXT record found for $fulldomain" - exit 3 + echo "No _acme-challenge.${fulldomain} TXT record found" + exit 0 fi resp=$(curl --silent \ @@ -57,7 +65,7 @@ resp=$(curl --silent \ -X DELETE "${API}/${domain_id}/record/${record_id}") # If adding record failed (exception:) then print error message -if [[ "${resp// }" == *'"exception"'* ]]; then +if [[ "$resp" != *"\"statusCode\":200"* ]]; then echo "Error: DNS challenge not added: unknown error - ${resp}" exit 3 fi diff --git a/test/15-test-revoke-no-suffix.bats b/test/15-test-revoke-no-suffix.bats index 5e8d797..96e174b 100644 --- a/test/15-test-revoke-no-suffix.bats +++ b/test/15-test-revoke-no-suffix.bats @@ -15,10 +15,12 @@ setup() { @test "Create certificate to check revoke (no suffix)" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg" + CONFIG_FILE="getssl-staging-dns01.cfg" else CONFIG_FILE="getssl-http01-no-suffix.cfg" fi + echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg + . "${CODE_DIR}/test/test-config/${CONFIG_FILE}" setup_environment init_getssl @@ -34,6 +36,8 @@ setup() { else CONFIG_FILE="getssl-http01.cfg" fi + echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg + . "${CODE_DIR}/test/test-config/${CONFIG_FILE}" CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key diff --git a/test/18-staging-retry-dns-add.bats b/test/18-staging-retry-dns-add.bats index 8b636d6..bca7c05 100644 --- a/test/18-staging-retry-dns-add.bats +++ b/test/18-staging-retry-dns-add.bats @@ -6,14 +6,26 @@ load '/getssl/test/test_helper.bash' -@test "Check retry add dns command if dns isn't updated (DuckDNS)" { +@test "Check retry add dns command if dns isn't updated" { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - CONFIG_FILE="getssl-staging-dns01-fail-dns-add.cfg" + + CONFIG_FILE="getssl-staging-dns01.cfg" setup_environment init_getssl + + cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg +DNS_ADD_COMMAND="/getssl/test/dns_add_fail" + +# Speed up the test by reducing the number or retries and the wait between retries. +DNS_WAIT=2 +DNS_WAIT_COUNT=11 +DNS_EXTRA_WAIT=0 +CHECK_ALL_AUTH_DNS="false" +CHECK_PUBLIC_DNS_SERVER="false" +EOF create_certificate -d assert_failure assert_line --partial "Retrying adding dns via command" diff --git a/test/Dockerfile-centos7-staging b/test/Dockerfile-centos7-staging index 0b2ff08..ad49896 100644 --- a/test/Dockerfile-centos7-staging +++ b/test/Dockerfile-centos7-staging @@ -9,6 +9,7 @@ RUN yum -y install git curl bind-utils ldns wget which nginx ENV staging "true" ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb +ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2 WORKDIR /root RUN mkdir /etc/nginx/pki diff --git a/test/Dockerfile-ubuntu-staging b/test/Dockerfile-ubuntu-staging index 1ee3f83..3032c85 100644 --- a/test/Dockerfile-ubuntu-staging +++ b/test/Dockerfile-ubuntu-staging @@ -8,6 +8,7 @@ ENV DEBIAN_FRONTEND noninteractive # Ensure tests in this image use the staging server ENV staging "true" ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb +ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2 # Update and install required software RUN apt-get update --fix-missing diff --git a/test/dns_add_fail b/test/dns_add_fail new file mode 100644 index 0000000..44ab42b --- /dev/null +++ b/test/dns_add_fail @@ -0,0 +1,6 @@ +#!/bin/bash + +# Special test script which will always fail to update dns + +echo "This is a test script to check retry works if DNS isn't updated" +exit 0 diff --git a/test/dns_fail_add_duckdns b/test/dns_fail_add_duckdns deleted file mode 100755 index 03df89f..0000000 --- a/test/dns_fail_add_duckdns +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Special test script which will always fail to update dns - -token=${DUCKDNS_TOKEN:-} - -if [ -z "$token" ]; then - echo "DUCKDNS_TOKEN not set" - exit 1 -fi - -domain="$1" - -response=$(curl --retry 5 --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=FAIL") -if [ "$response" != "OK" ]; then - echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)" - echo "Response: $response" - exit 1 -fi diff --git a/test/run-test.cmd b/test/run-test.cmd index 23235c9..0462617 100644 --- a/test/run-test.cmd +++ b/test/run-test.cmd @@ -23,7 +23,7 @@ set COMMAND=bats /getssl/test GOTO CheckAlias :staging -set ALIAS=%OS:-staging=%-getssl.duckdns.org +set ALIAS=%OS:-staging=%-getssl.freeddns.org set STAGING=--env STAGING=true :Run diff --git a/test/run-test.sh b/test/run-test.sh index 8a2a9f2..760c600 100755 --- a/test/run-test.sh +++ b/test/run-test.sh @@ -15,7 +15,8 @@ else fi if [[ "$OS" == *"staging"* ]]; then - ALIAS="${OS%-staging}-getssl.duckdns.org" + #ALIAS="${OS%-staging}-getssl.duckdns.org" + ALIAS="${OS%-staging}-getssl.freeddns.org" STAGING="--env STAGING=true" else ALIAS="$OS.getssl.test" diff --git a/test/test-config/getssl-staging-dns01-fail-dns-add.cfg b/test/test-config/getssl-staging-dns01-fail-dns-add.cfg deleted file mode 100644 index 2985d32..0000000 --- a/test/test-config/getssl-staging-dns01-fail-dns-add.cfg +++ /dev/null @@ -1,33 +0,0 @@ -# Special config to test that the retry dns_add_command logic works -# -CA="https://acme-staging-v02.api.letsencrypt.org/directory" - -# Generic staging config -VALIDATE_VIA_DNS=true -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=ns2.duckdns.org -CHECK_ALL_AUTH_DNS=true - -# Test that the retry works (dns_add_command will always fail) -DNS_WAIT_RETRY_ADD="true" -DNS_ADD_COMMAND="/getssl/test/dns_fail_add_duckdns" - -# Speed up the test by reducing the number or retries and the wait between retries. -DNS_WAIT=2 -DNS_WAIT_COUNT=11 -DNS_EXTRA_WAIT=0 - -# Standard config -ACCOUNT_KEY_TYPE="rsa" -PRIVATE_KEY_ALG="rsa" -SANS="" -ACL=('/var/www/html/.well-known/acme-challenge') -USE_SINGLE_ACL="false" -DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" -DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" -CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" -DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert -DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -SERVER_TYPE="https" -CHECK_REMOTE="true" diff --git a/test/test-config/getssl-staging-dns01-no-suffix.cfg b/test/test-config/getssl-staging-dns01-no-suffix.cfg deleted file mode 100644 index b4f5202..0000000 --- a/test/test-config/getssl-staging-dns01-no-suffix.cfg +++ /dev/null @@ -1,36 +0,0 @@ -# Test that the script works with external dns provider and staging server -# -CA="https://acme-staging-v02.api.letsencrypt.org" - -VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=ns2.duckdns.org -CHECK_ALL_AUTH_DNS=true -DNS_EXTRA_WAIT=120 - -# Speed up the test by reducing the number or retries and the wait between retries. -DNS_WAIT=2 -DNS_WAIT_COUNT=11 -DNS_WAIT_RETRY_ADD="true" - -ACCOUNT_KEY_TYPE="rsa" -PRIVATE_KEY_ALG="rsa" - -# Additional domains - this could be multiple domains / subdomains in a comma separated list -SANS="" - -# Location for all your certs, these can either be on the server (full path name) -# or using ssh /sftp as for the ACL -DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" -DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" -CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" -DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert -DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert - -# The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" - -# Define the server type and confirm correct certificate is installed (using a custom port) -SERVER_TYPE="https" -CHECK_REMOTE="true" diff --git a/test/test-config/getssl-staging-dns01.cfg b/test/test-config/getssl-staging-dns01.cfg index 19413cd..64a7388 100644 --- a/test/test-config/getssl-staging-dns01.cfg +++ b/test/test-config/getssl-staging-dns01.cfg @@ -3,15 +3,17 @@ CA="https://acme-staging-v02.api.letsencrypt.org/directory" VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=1.1.1.1 +DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_dynu" +DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_dynu" +PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de" +AUTH_DNS_SERVER=ns1.dynu.com CHECK_ALL_AUTH_DNS="true" CHECK_PUBLIC_DNS_SERVER="true" DNS_EXTRA_WAIT=120 # Speed up the test by reducing the number or retries and retrying DNS_ADD after 10 failures DNS_WAIT_COUNT=20 +DNS_WAIT=30 DNS_WAIT_RETRY_ADD="true" ACCOUNT_KEY_TYPE="rsa" @@ -38,3 +40,6 @@ CHECK_REMOTE="true" if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then . $DOMAIN_DIR/getssl_test_specific.cfg fi + +#_RUNNING_TEST=1 +#_USE_DEBUG=1