diff --git a/test/10-mixed-case.bats b/test/10-mixed-case.bats index f144058..974f669 100644 --- a/test/10-mixed-case.bats +++ b/test/10-mixed-case.bats @@ -29,11 +29,7 @@ setup() { } @test "Check that DNS-01 verification works if the domain is not lowercase" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z) setup_environment diff --git a/test/14-test-revoke.bats b/test/14-test-revoke.bats index 5bdb72b..d31e832 100644 --- a/test/14-test-revoke.bats +++ b/test/14-test-revoke.bats @@ -15,7 +15,7 @@ setup() { @test "Create certificate to check revoke" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-http01.cfg" fi @@ -30,7 +30,7 @@ setup() { @test "Check we can revoke a certificate" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-http01.cfg" fi diff --git a/test/15-test-revoke-no-suffix.bats b/test/15-test-revoke-no-suffix.bats index 4c54961..30802d8 100644 --- a/test/15-test-revoke-no-suffix.bats +++ b/test/15-test-revoke-no-suffix.bats @@ -15,7 +15,7 @@ setup() { @test "Create certificate to check revoke (no suffix)" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-http01-no-suffix.cfg" fi @@ -34,7 +34,7 @@ setup() { @test "Check we can revoke a certificate (no suffix)" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-http01.cfg" fi diff --git a/test/18-staging-retry-dns-add.bats b/test/18-retry-dns-add.bats similarity index 79% rename from test/18-staging-retry-dns-add.bats rename to test/18-retry-dns-add.bats index bca7c05..3a79880 100644 --- a/test/18-staging-retry-dns-add.bats +++ b/test/18-retry-dns-add.bats @@ -4,14 +4,18 @@ load '/bats-support/load.bash' load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' +# This is run for every test +setup() { + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt +} @test "Check retry add dns command if dns isn't updated" { - if [ -z "$STAGING" ]; then + if [ -n "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" setup_environment init_getssl @@ -25,6 +29,7 @@ DNS_WAIT_COUNT=11 DNS_EXTRA_WAIT=0 CHECK_ALL_AUTH_DNS="false" CHECK_PUBLIC_DNS_SERVER="false" +DNS_WAIT_RETRY_ADD="true" EOF create_certificate -d assert_failure diff --git a/test/19-test-add-to-sans.bats b/test/19-test-add-to-sans.bats index 8ba9f20..da9deb7 100644 --- a/test/19-test-add-to-sans.bats +++ b/test/19-test-add-to-sans.bats @@ -26,7 +26,7 @@ teardown() { skip "FIXME: Certificate is not recreated when SANS is updated" if [ -n "$STAGING" ]; then skip "Not trying on staging server yet" - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-dns01-add-to-sans-1.cfg" fi @@ -45,7 +45,7 @@ teardown() { skip "FIXME: Certificate is not recreated when SANS is updated" if [ -n "$STAGING" ]; then skip "Not trying on staging server yet" - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" else CONFIG_FILE="getssl-dns01-add-to-sans-2.cfg" fi diff --git a/test/2-simple-dns01-dig.bats b/test/2-simple-dns01-dig.bats index 6f701b3..f8f0cb4 100644 --- a/test/2-simple-dns01-dig.bats +++ b/test/2-simple-dns01-dig.bats @@ -30,9 +30,6 @@ teardown() { @test "Create new certificate using DNS-01 verification (dig)" { CONFIG_FILE="getssl-dns01.cfg" - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - fi setup_environment init_getssl diff --git a/test/2-simple-dns01-nslookup.bats b/test/2-simple-dns01-nslookup.bats index c883485..f97b5dc 100644 --- a/test/2-simple-dns01-nslookup.bats +++ b/test/2-simple-dns01-nslookup.bats @@ -31,9 +31,6 @@ teardown() { @test "Create new certificate using DNS-01 verification (nslookup)" { CONFIG_FILE="getssl-dns01.cfg" - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - fi setup_environment init_getssl diff --git a/test/20-wildcard-simple.bats b/test/20-wildcard-simple.bats index e9b0f98..b56a876 100644 --- a/test/20-wildcard-simple.bats +++ b/test/20-wildcard-simple.bats @@ -14,11 +14,7 @@ setup() { @test "Create wildcard certificate" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="*.${GETSSL_HOST}" setup_environment diff --git a/test/21-wildcard-dual-rsa.bats b/test/21-wildcard-dual-rsa.bats index 7f0943f..550bbe0 100644 --- a/test/21-wildcard-dual-rsa.bats +++ b/test/21-wildcard-dual-rsa.bats @@ -14,11 +14,7 @@ setup() { @test "Create secp384r1 wildcard certificate" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="*.${GETSSL_HOST}" @@ -40,11 +36,7 @@ EOF @test "Create dual certificates using DNS-01 verification" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="*.${GETSSL_HOST}" diff --git a/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats b/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats index 238142e..b005af5 100644 --- a/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats +++ b/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats @@ -14,11 +14,7 @@ setup() { @test "Create dual certificates (one wildcard) and copy RSA and ECDSA chain and key to two locations" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="*.${GETSSL_HOST}" diff --git a/test/24-wildcard-sans.bats b/test/24-wildcard-sans.bats index da5fea9..a9ca2a5 100644 --- a/test/24-wildcard-sans.bats +++ b/test/24-wildcard-sans.bats @@ -22,11 +22,7 @@ teardown() { @test "Check can create certificate for wildcard domain as arg and non-wildcard in SANS" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" # Staging server generates an error if try to create a certificate for *.domain and a.domain # so create for *.wild-domain and a.domain instead @@ -50,11 +46,7 @@ teardown() { @test "Check can create certificate for non-wildcard domain as arg and wildcard in SANS" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="${GETSSL_HOST}" setup_environment diff --git a/test/26-wildcard-revoke.bats b/test/26-wildcard-revoke.bats index 1416ef4..37f8f10 100644 --- a/test/26-wildcard-revoke.bats +++ b/test/26-wildcard-revoke.bats @@ -14,11 +14,7 @@ setup() { @test "Create certificate to check wildcard revoke" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" GETSSL_CMD_HOST="*.${GETSSL_HOST}" setup_environment @@ -30,11 +26,7 @@ setup() { @test "Check we can revoke a wildcard certificate" { - if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01.cfg" - else - CONFIG_FILE="getssl-dns01.cfg" - fi + CONFIG_FILE="getssl-dns01.cfg" . "${CODE_DIR}/test/test-config/${CONFIG_FILE}" GETSSL_CMD_HOST="*.${GETSSL_HOST}" diff --git a/test/8-staging-ecdsa.bats b/test/8-staging-ecdsa.bats index 127e989..6aebd60 100644 --- a/test/8-staging-ecdsa.bats +++ b/test/8-staging-ecdsa.bats @@ -9,9 +9,9 @@ load '/getssl/test/test_helper.bash' @test "Create new certificate using staging server and prime256v1" { if [ -z "$STAGING" ]; then - skip "Running internal tests, skipping external test" + skip "Running external tests, skipping internal testing" fi - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" setup_environment init_getssl @@ -35,9 +35,9 @@ load '/getssl/test/test_helper.bash' @test "Create new certificate using staging server and secp384r1" { if [ -z "$STAGING" ]; then - skip "Running internal tests, skipping external test" + skip "Running external tests, skipping internal testing" fi - CONFIG_FILE="getssl-staging-dns01.cfg" + CONFIG_FILE="getssl-dns01.cfg" setup_environment init_getssl diff --git a/test/test-config/getssl-dns01.cfg b/test/test-config/getssl-dns01.cfg index c67f995..bd02c50 100644 --- a/test/test-config/getssl-dns01.cfg +++ b/test/test-config/getssl-dns01.cfg @@ -1,19 +1,38 @@ -# Uncomment and modify any variables you need -# see https://github.com/srvrco/getssl/wiki/Config-variables for details -# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs -# -CA="https://pebble:14000/dir" +# Test that the script works with dns VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" -AUTH_DNS_SERVER=10.30.50.3 - -# Speed up the test by reducing the number or retries and the wait between retries. -DNS_WAIT=2 -DNS_WAIT_COUNT=11 -DNS_EXTRA_WAIT=0 - +if [ -z "$STAGING" ]; then + # Settings for challtestserv dns provider running in local docker + CA="https://pebble:14000/dir" + + DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" + DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" + AUTH_DNS_SERVER=10.30.50.3 + + # Speed up the test by reducing the number or retries and the wait between retries. + DNS_WAIT=2 + DNS_WAIT_COUNT=11 + DNS_EXTRA_WAIT=0 +else + # Settings for external dns provider and staging server + CA="https://acme-staging-v02.api.letsencrypt.org/directory" + + DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_${dynamic_dns}" + DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_${dynamic_dns}" + PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de" + if [[ "${dynamic_dns}" == "dynu" ]]; then + AUTH_DNS_SERVER=ns1.dynu.com + else + AUTH_DNS_SERVER=ns1.duckdns.org + fi + CHECK_ALL_AUTH_DNS="true" + CHECK_PUBLIC_DNS_SERVER="true" + DNS_EXTRA_WAIT=120 + + DNS_WAIT_COUNT=20 + DNS_WAIT=30 + DNS_WAIT_RETRY_ADD="true" +fi # Additional domains - this could be multiple domains / subdomains in a comma separated list SANS="" diff --git a/test/test-config/getssl-staging-dns01.cfg b/test/test-config/getssl-staging-dns01.cfg deleted file mode 100644 index 8859686..0000000 --- a/test/test-config/getssl-staging-dns01.cfg +++ /dev/null @@ -1,49 +0,0 @@ -# Test that the script works with external dns provider and staging server -# -CA="https://acme-staging-v02.api.letsencrypt.org/directory" - -VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_${dynamic_dns}" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_${dynamic_dns}" -PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de" -if [[ "${dynamic_dns}" == "dynu" ]]; then - AUTH_DNS_SERVER=ns1.dynu.com -else - AUTH_DNS_SERVER=ns1.duckdns.org -fi -CHECK_ALL_AUTH_DNS="true" -CHECK_PUBLIC_DNS_SERVER="true" -DNS_EXTRA_WAIT=120 - -# Speed up the test by reducing the number or retries and retrying DNS_ADD after 10 failures -DNS_WAIT_COUNT=20 -DNS_WAIT=30 -DNS_WAIT_RETRY_ADD="true" - -ACCOUNT_KEY_TYPE="rsa" -PRIVATE_KEY_ALG="rsa" - -# Additional domains - this could be multiple domains / subdomains in a comma separated list -SANS="" - -# Location for all your certs, these can either be on the server (full path name) -# or using ssh /sftp as for the ACL -DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" -DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" -CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" -DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert -DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert - -# The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" - -# Define the server type and confirm correct certificate is installed -SERVER_TYPE="https" -CHECK_REMOTE="true" - -if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then - . $DOMAIN_DIR/getssl_test_specific.cfg -fi - -#_RUNNING_TEST=1 -#_USE_DEBUG=1