RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Merge pull request #618 from srvrco/timkimber/issue308 

Test using Dynu.com as well as Duckdns.org
pull/619/head
Tim Kimber 5 years ago
committed by GitHub
parent
3c0ababc38 ba319dd50f
commit
69a5bda374
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 353 additions and 154 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -26
      .github/workflows/run-tests-pebble.yml
  2. +25
    -0
      .github/workflows/run-tests-staging-duckdns.yml
  3. +25
    -0
      .github/workflows/run-tests-staging-dynu.yml
  4. +72
    -0
      dns_scripts/dns_add_dynu
  5. +71
    -0
      dns_scripts/dns_del_dynu
  6. +21
    -9
      getssl
  7. +5
    -1
      test/15-test-revoke-no-suffix.bats
  8. +14
    -2
      test/18-staging-retry-dns-add.bats
  9. +1
    -0
      test/Dockerfile-centos7-duckdns
  10. +29
    -0
      test/Dockerfile-centos7-dynu
  11. +1
    -0
      test/Dockerfile-ubuntu-duckdns
  12. +30
    -0
      test/Dockerfile-ubuntu-dynu
  13. +6
    -0
      test/dns_add_fail
  14. +0
    -19
      test/dns_fail_add_duckdns
  15. +15
    -6
      test/run-test.cmd
  16. +11
    -5
      test/run-test.sh
  17. +0
    -33
      test/test-config/getssl-staging-dns01-fail-dns-add.cfg
  18. +0
    -36
      test/test-config/getssl-staging-dns01-no-suffix.cfg
  19. +12
    -3
      test/test-config/getssl-staging-dns01.cfg
  20. +7
    -7
      test/u1-test-get_auth_dns-dig.bats
  21. +7
    -7
      test/u2-test-get_auth_dns-drill.bats

.github/workflows/run-all-tests.yml → .github/workflows/run-tests-pebble.yml View File


+ 25
- 0
.github/workflows/run-tests-staging-duckdns.yml View File

@ -0,0 +1,25 @@
name: Run all tests using DuckDNS
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
test-centos7-duckdns:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7 against Staging using DuckDNS
run: test/run-test.sh centos7-duckdns
test-ubuntu-duckdns:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu against Staging using DuckDNS
run: test/run-test.sh ubuntu-duckdns

+ 25
- 0
.github/workflows/run-tests-staging-dynu.yml View File

@ -0,0 +1,25 @@
name: Run all tests using Dynu
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
test-centos7-dynu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on CentOS7 against Staging using Dynu
run: test/run-test.sh centos7-dynu
test-ubuntu-dynu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the docker-compose stack
run: docker-compose up -d --build
- name: Run test suite on Ubuntu against Staging using Dynu
run: test/run-test.sh ubuntu-dynu

+ 72
- 0
dns_scripts/dns_add_dynu View File

@ -0,0 +1,72 @@
#!/usr/bin/env bash
# Need to add your API key below or set as env variable
apikey=${DYNU_API_KEY:-''}
# This script adds a token to dynu.com DNS for the ACME challenge
# usage dns_add_dynu "domain name" "token"
# return codes are;
# 0 - success
# 1 - error in input
# 2 - error within internal processing
# 3 - error in result ( domain not found in dynu.com etc)
fulldomain="${1}"
token="${2}"
API='https://api.dynu.com/v2/dns'
# Check initial parameters
if [[ -z "$fulldomain" ]]; then
echo "DNS script requires full domain name as first parameter"
exit 1
fi
if [[ -z "$token" ]]; then
echo "DNS script requires challenge token as second parameter"
exit 1
fi
curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' )
# Get domain id
# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org
resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}")
# Match domain id
re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\""
if [[ "$resp" =~ $re ]]; then
domain_id="${BASH_REMATCH[1]}"
fi
if [[ -z "$domain_id" ]]; then
echo 'Domain name not found on your Dynu account'
exit 3
fi
# Check for existing _acme-challenge TXT record
# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT"
resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT")
re="\"id\":([^,]*)"
if [[ "$resp" =~ $re ]]; then
record_id="${BASH_REMATCH[1]}"
fi
if [[ -z "$record_id" ]]; then
# Add new TXT challenge record
resp=$(curl --silent \
"${curl_params[@]}" \
-X POST "${API}/${domain_id}/record" \
--data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}")
else
# Update existing record
# curl -X POST https://api.dynu.com/v2/dns/9329328/record/7082063 -d "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"Test2\"}"
resp=$(curl --silent \
"${curl_params[@]}" \
-X POST "${API}/${domain_id}/record/${record_id}" \
--data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}")
fi
# If adding record failed (exception:) then print error message
if [[ "$resp" != *"\"statusCode\":200"* ]]; then
echo "Error: DNS challenge not added: unknown error - ${resp}"
exit 3
fi

+ 71
- 0
dns_scripts/dns_del_dynu View File

@ -0,0 +1,71 @@
#!/usr/bin/env bash
# Need to add your API key below or set as env variable
apikey=${DYNU_API_KEY:-''}
# This script deletes the _acme-challenge TXT record from the dynu.com DNS entry for the domain
# usage dns_del_dynu "domain name"
# return codes are;
# 0 - success
# 1 - error in input
# 2 - error within internal processing
# 3 - error in result ( domain not found in dynu.com etc)
# After deleting the TXT record from Dynu.com it takes over 30 minutes to add a new TXT record!
# This doesn't happen when updating the TXT record, just for delete then add
# As this is used for testing, changed the delete to a no-op.
exit 0
fulldomain="${1}"
API='https://api.dynu.com/v2/dns'
# Check initial parameters
if [[ -z "$fulldomain" ]]; then
echo "DNS script requires full domain name as first parameter"
exit 1
fi
if [[ -z "$apikey" ]]; then
echo "DNS script requires apikey environment variable to be set"
exit 1
fi
curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' )
# Get domain id
# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org
resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}")
# Match domain id
re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\""
if [[ "$resp" =~ $re ]]; then
domain_id="${BASH_REMATCH[1]}"
fi
if [[ -z "$domain_id" ]]; then
echo 'Domain name not found on your Dynu account'
exit 3
fi
# Check for existing _acme-challenge TXT record
# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT"
resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT")
re="\"id\":([^,]*)"
if [[ "$resp" =~ $re ]]; then
record_id="${BASH_REMATCH[1]}"
fi
if [[ -z "$record_id" ]]; then
echo "No _acme-challenge.${fulldomain} TXT record found"
exit 0
fi
resp=$(curl --silent \
"${curl_params[@]}" \
-X DELETE "${API}/${domain_id}/record/${record_id}")
# If adding record failed (exception:) then print error message
if [[ "$resp" != *"\"statusCode\":200"* ]]; then
echo "Error: DNS challenge not added: unknown error - ${resp}"
exit 3
fi

+ 21
- 9
getssl View File

@ -507,7 +507,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge
# check for token at public dns server, waiting for a valid response.
for ns in $primary_ns; do
debug "checking dns at $ns"
info "checking dns at $ns"
ntries=0
check_dns="fail"
while [[ "$check_dns" == "fail" ]]; do
@ -520,12 +520,24 @@ check_challenge_completion_dns() { # perform validation via DNS challenge
check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${lower_d}" "@${ns}" \
| grep -i "^_acme-challenge.${lower_d}" \
| grep 'IN\WTXT'|awk -F'"' '{ print $2}')
debug "check_result=$check_result"
if [[ -z "$check_result" ]]; then
debug "$DNS_CHECK_FUNC" ANY "_acme-challenge.${lower_d}" "@${ns}"
check_result=$($DNS_CHECK_FUNC ANY "_acme-challenge.${lower_d}" "@${ns}" \
| grep -i "^_acme-challenge.${lower_d}" \
| grep 'IN\WTXT'|awk -F'"' '{ print $2}')
debug "check_result=$check_result"
fi
elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${lower_d}" "${ns}" \
| grep 'descriptive text'|awk -F'"' '{ print $2}')
else
check_result=$(nslookup -type=txt "_acme-challenge.${lower_d}" "${ns}" \
| grep 'text ='|awk -F'"' '{ print $2}')
if [[ -z "$check_result" ]]; then
check_result=$(nslookup -type=any "_acme-challenge.${lower_d}" "${ns}" \
| grep 'text ='|awk -F'"' '{ print $2}')
fi
fi
debug "expecting $auth_key"
debug "${ns} gave ... $check_result"
@ -538,6 +550,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge
if [[ $DNS_WAIT_RETRY_ADD == "true" && $(( ntries % 10 )) == 0 ]]; then
debug "Retrying adding dns via command: $DNS_ADD_COMMAND $lower_d $auth_key"
test_output "Retrying adding dns via command: $DNS_ADD_COMMAND"
eval "$DNS_DEL_COMMAND" "$lower_d" "$auth_key"
if ! eval "$DNS_ADD_COMMAND" "$lower_d" "$auth_key" ; then
error_exit "DNS_ADD_COMMAND failed for domain $d"
@ -1167,10 +1180,12 @@ for d in "${alldomains[@]}"; do
# find a primary / authoritative DNS server for the domain
if [[ -z "$AUTH_DNS_SERVER" ]]; then
get_auth_dns "$d"
elif [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then
primary_ns="$AUTH_DNS_SERVER $PUBLIC_DNS_SERVER"
else
primary_ns="$AUTH_DNS_SERVER"
fi
debug primary_ns "$primary_ns"
debug set primary_ns = "$primary_ns"
check_challenge_completion_dns "${token}" "${uri}" "${keyauthorization}" "${d}" "${primary_ns}" "${auth_key}"
else # set up the correct http token for verification
@ -1272,11 +1287,11 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
if [[ -z "$all_auth_dns_servers" ]]; then
error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config"
fi
primary_ns="$all_auth_dns_servers"
if [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then
primary_ns="$all_auth_dns_servers $PUBLIC_DNS_SERVER"
else
primary_ns="$all_auth_dns_servers"
primary_ns="$primary_ns $PUBLIC_DNS_SERVER"
fi
return
fi
@ -1350,8 +1365,8 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
primary_ns="$primary_ns $PUBLIC_DNS_SERVER"
fi
debug set primary_ns = "$primary_ns"
test_output set primary_ns ="$primary_ns"
return
fi
fi
@ -1430,9 +1445,6 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}')
fi
if [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then
primary_ns="$primary_ns $PUBLIC_DNS_SERVER"
fi
return
fi
fi


+ 5
- 1
test/15-test-revoke-no-suffix.bats View File

@ -15,10 +15,12 @@ setup() {
@test "Create certificate to check revoke (no suffix)" {
if [ -n "$STAGING" ]; then
CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg"
CONFIG_FILE="getssl-staging-dns01.cfg"
else
CONFIG_FILE="getssl-http01-no-suffix.cfg"
fi
echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
. "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
setup_environment
init_getssl
@ -34,6 +36,8 @@ setup() {
else
CONFIG_FILE="getssl-http01.cfg"
fi
echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
. "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt
KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key


+ 14
- 2
test/18-staging-retry-dns-add.bats View File

@ -6,14 +6,26 @@ load '/getssl/test/test_helper.bash'
@test "Check retry add dns command if dns isn't updated (DuckDNS)" {
@test "Check retry add dns command if dns isn't updated" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
CONFIG_FILE="getssl-staging-dns01-fail-dns-add.cfg"
CONFIG_FILE="getssl-staging-dns01.cfg"
setup_environment
init_getssl
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
DNS_ADD_COMMAND="/getssl/test/dns_add_fail"
# Speed up the test by reducing the number or retries and the wait between retries.
DNS_WAIT=2
DNS_WAIT_COUNT=11
DNS_EXTRA_WAIT=0
CHECK_ALL_AUTH_DNS="false"
CHECK_PUBLIC_DNS_SERVER="false"
EOF
create_certificate -d
assert_failure
assert_line --partial "Retrying adding dns via command"


test/Dockerfile-centos7-staging → test/Dockerfile-centos7-duckdns View File


+ 29
- 0
test/Dockerfile-centos7-dynu View File

@ -0,0 +1,29 @@
FROM centos:centos7
# Note this image uses gawk
# Update and install required software
RUN yum -y update
RUN yum -y install epel-release
RUN yum -y install git curl bind-utils ldns wget which nginx
ENV staging "true"
ENV dynamic_dns "duckdns"
ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2
WORKDIR /root
RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
# BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support
RUN git clone https://github.com/bats-core/bats-assert /bats-assert
RUN /bats-core/install.sh /usr/local
EXPOSE 80 443
# Run eternal loop - for testing
CMD tail -f /dev/null

test/Dockerfile-ubuntu-staging → test/Dockerfile-ubuntu-duckdns View File


+ 30
- 0
test/Dockerfile-ubuntu-dynu View File

@ -0,0 +1,30 @@
FROM ubuntu:latest
# Note this image uses mawk1.3
# Set noninteractive otherwise tzdata hangs
ENV DEBIAN_FRONTEND noninteractive
# Ensure tests in this image use the staging server
ENV staging "true"
ENV dynamic_dns "dynu"
ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2
# Update and install required software
RUN apt-get update --fix-missing
RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
RUN apt-get install -y vim dos2unix # for debugging
WORKDIR /root
# Prevent "Can't load /root/.rnd into RNG" error from openssl
RUN touch /root/.rnd
# BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support
RUN git clone https://github.com/bats-core/bats-assert /bats-assert
RUN /bats-core/install.sh /usr/local
# Run eternal loop - for testing
CMD tail -f /dev/null

+ 6
- 0
test/dns_add_fail View File

@ -0,0 +1,6 @@
#!/bin/bash
# Special test script which will always fail to update dns
echo "This is a test script to check retry works if DNS isn't updated"
exit 0

+ 0
- 19
test/dns_fail_add_duckdns View File

@ -1,19 +0,0 @@
#!/bin/bash
# Special test script which will always fail to update dns
token=${DUCKDNS_TOKEN:-}
if [ -z "$token" ]; then
echo "DUCKDNS_TOKEN not set"
exit 1
fi
domain="$1"
response=$(curl --retry 5 --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=FAIL")
if [ "$response" != "OK" ]; then
echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)"
echo "Response: $response"
exit 1
fi

+ 15
- 6
test/run-test.cmd View File

@ -8,9 +8,11 @@ set COMMAND=%2 %3
:CheckAlias
REM check if OS *contains* staging
IF NOT x%OS:staging=%==x%OS% GOTO staging
IF NOT x%OS:duck=%==x%OS% GOTO duckdns
IF NOT x%OS:dynu=%==x%OS% GOTO dynu
set ALIAS=%OS%.getssl.test
set STAGING=
set GETSSL_OS=%OS%
GOTO Run
:NoOS
@ -19,12 +21,19 @@ GOTO CheckCommand
:NoCmd
REM set COMMAND=/getssl/test/run-bats.sh
set COMMAND=bats /getssl/test
set COMMAND=bats /getssl/test --timing
GOTO CheckAlias
:staging
set ALIAS=%OS:-staging=%-getssl.duckdns.org
set STAGING=--env STAGING=true
:duckdns
set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
set STAGING=--env STAGING=true --env dynamic_dns=duckdns
set GETSSL_OS=%OS:-duckdns=%
GOTO Run
:dynu
set ALIAS=%OS:-dynu=%-getssl.freeddns.org
set STAGING=--env STAGING=true --env dynamic_dns=dynu
set GETSSL_OS=%OS:-dynu=%
:Run
for %%I in (.) do set CurrDirName=%%~nxI
@ -33,7 +42,7 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
@echo on
docker run -it ^
--env GETSSL_HOST=%ALIAS% %STAGING% ^
--env GETSSL_OS=%OS:-staging=% ^
--env GETSSL_OS=%GETSSL_OS% ^
-v %cd%:/getssl ^
--rm ^
--network %CurrDirName%_acmenet ^


+ 11
- 5
test/run-test.sh View File

@ -11,22 +11,28 @@ if [ $# -gt 1 ]; then
shift
COMMAND=$*
else
COMMAND="bats /getssl/test"
COMMAND="bats /getssl/test --timing"
fi
if [[ "$OS" == *"staging"* ]]; then
ALIAS="${OS%-staging}-getssl.duckdns.org"
STAGING="--env STAGING=true"
if [[ "$OS" == *"duckdns"* ]]; then
ALIAS="${OS%-duckdns}-getssl.duckdns.org"
STAGING="--env STAGING=true --env dynamic_dns=duckdns"
GETSSL_OS="${OS%-duckdns}"
elif [[ "$OS" == *"dynu"* ]]; then
ALIAS="${OS%-dynu}-getssl.freeddns.org"
STAGING="--env STAGING=true --env dynamic_dns=dynu"
GETSSL_OS="${OS%-dynu}"
else
ALIAS="$OS.getssl.test"
STAGING=""
GETSSL_OS=$OS
fi
docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
# shellcheck disable=SC2086
docker run \
--env GETSSL_HOST=$ALIAS $STAGING \
--env GETSSL_OS=${OS%-staging} \
--env GETSSL_OS=$GETSSL_OS \
-v "$(pwd)":/getssl \
--rm \
--network ${PWD##*/}_acmenet \


+ 0
- 33
test/test-config/getssl-staging-dns01-fail-dns-add.cfg View File

@ -1,33 +0,0 @@
# Special config to test that the retry dns_add_command logic works
#
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
# Generic staging config
VALIDATE_VIA_DNS=true
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
PUBLIC_DNS_SERVER=ns2.duckdns.org
CHECK_ALL_AUTH_DNS=true
# Test that the retry works (dns_add_command will always fail)
DNS_WAIT_RETRY_ADD="true"
DNS_ADD_COMMAND="/getssl/test/dns_fail_add_duckdns"
# Speed up the test by reducing the number or retries and the wait between retries.
DNS_WAIT=2
DNS_WAIT_COUNT=11
DNS_EXTRA_WAIT=0
# Standard config
ACCOUNT_KEY_TYPE="rsa"
PRIVATE_KEY_ALG="rsa"
SANS=""
ACL=('/var/www/html/.well-known/acme-challenge')
USE_SINGLE_ACL="false"
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 0
- 36
test/test-config/getssl-staging-dns01-no-suffix.cfg View File

@ -1,36 +0,0 @@
# Test that the script works with external dns provider and staging server
#
CA="https://acme-staging-v02.api.letsencrypt.org"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
PUBLIC_DNS_SERVER=ns2.duckdns.org
CHECK_ALL_AUTH_DNS=true
DNS_EXTRA_WAIT=120
# Speed up the test by reducing the number or retries and the wait between retries.
DNS_WAIT=2
DNS_WAIT_COUNT=11
DNS_WAIT_RETRY_ADD="true"
ACCOUNT_KEY_TYPE="rsa"
PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=""
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed (using a custom port)
SERVER_TYPE="https"
CHECK_REMOTE="true"

+ 12
- 3
test/test-config/getssl-staging-dns01.cfg View File

@ -3,15 +3,21 @@
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
PUBLIC_DNS_SERVER=1.1.1.1
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_${dynamic_dns}"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_${dynamic_dns}"
PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de"
if [[ "${dynamic_dns}" == "dynu" ]]; then
AUTH_DNS_SERVER=ns1.dynu.com
else
AUTH_DNS_SERVER=ns1.duckdns.org
fi
CHECK_ALL_AUTH_DNS="true"
CHECK_PUBLIC_DNS_SERVER="true"
DNS_EXTRA_WAIT=120
# Speed up the test by reducing the number or retries and retrying DNS_ADD after 10 failures
DNS_WAIT_COUNT=20
DNS_WAIT=30
DNS_WAIT_RETRY_ADD="true"
ACCOUNT_KEY_TYPE="rsa"
@ -38,3 +44,6 @@ CHECK_REMOTE="true"
if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then
. $DOMAIN_DIR/getssl_test_specific.cfg
fi
#_RUNNING_TEST=1
#_USE_DEBUG=1

+ 7
- 7
test/u1-test-get_auth_dns-dig.bats View File

@ -59,14 +59,14 @@ teardown() {
run get_auth_dns ubuntu-getssl.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we had to use dig NS
assert_line --partial 'Using dig NS'
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
}
@ -86,7 +86,7 @@ teardown() {
run get_auth_dns ubuntu-getssl.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we had to use dig NS
assert_line --partial 'Using dig SOA'
@ -95,12 +95,12 @@ teardown() {
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
# Check that we also check the public DNS server if requested
CHECK_PUBLIC_DNS_SERVER=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org 1\.0\.0\.1'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org 1\.0\.0\.1'
}
@ -165,7 +165,7 @@ teardown() {
run get_auth_dns www.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we found a CNAME but didn't use dig NS
assert_line --partial 'Using dig CNAME'
@ -174,5 +174,5 @@ teardown() {
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns www.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
}

+ 7
- 7
test/u2-test-get_auth_dns-drill.bats View File

@ -78,14 +78,14 @@ teardown() {
run get_auth_dns ubuntu-getssl.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we had to use drill NS
assert_line --partial 'Using drill NS'
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
}
@ -110,7 +110,7 @@ teardown() {
run get_auth_dns ubuntu-getssl.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we had to use drill NS
assert_line --partial 'Using drill SOA'
@ -119,12 +119,12 @@ teardown() {
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
# Check that we also check the public DNS server if requested
CHECK_PUBLIC_DNS_SERVER=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org 1\.0\.0\.1'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org 1\.0\.0\.1'
}
@ -202,7 +202,7 @@ teardown() {
run get_auth_dns www.duckdns.org
# Assert that we've found the primary_ns server
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org'
# Assert that we found a CNAME but didn't use drill NS
assert_line --partial 'Using drill CNAME'
@ -211,5 +211,5 @@ teardown() {
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns www.duckdns.org
assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org'
assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org'
}

Write Preview
Loading…
Cancel
Save