diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-tests-pebble.yml similarity index 67% rename from .github/workflows/run-all-tests.yml rename to .github/workflows/run-tests-pebble.yml index 7bb05dc..0e26962 100644 --- a/.github/workflows/run-all-tests.yml +++ b/.github/workflows/run-tests-pebble.yml @@ -1,4 +1,4 @@ -name: Run all tests +name: Run all tests on pebble on: push: branches: @@ -15,14 +15,6 @@ jobs: run: docker-compose up -d --build - name: Run test suite on Alpine run: test/run-test.sh alpine - test-centos6: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Build the docker-compose stack - run: docker-compose up -d --build - - name: Run test suite on CentOS6 - run: test/run-test.sh centos6 test-centos7: runs-on: ubuntu-latest steps: @@ -31,14 +23,6 @@ jobs: run: docker-compose up -d --build - name: Run test suite on CentOS7 run: test/run-test.sh centos7 - test-centos7-staging: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Build the docker-compose stack - run: docker-compose up -d --build - - name: Run test suite on CentOS7 against Staging using DuckDNS - run: test/run-test.sh centos7-staging test-centos8: runs-on: ubuntu-latest steps: @@ -79,12 +63,3 @@ jobs: run: docker-compose up -d --build - name: Run test suite on Ubuntu18 run: test/run-test.sh ubuntu18 - test-ubuntu-staging: - needs: test-centos7-staging - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Build the docker-compose stack - run: docker-compose up -d --build - - name: Run test suite on Ubuntu against Staging using DuckDNS - run: test/run-test.sh ubuntu-staging diff --git a/.github/workflows/run-tests-staging-duckdns.yml b/.github/workflows/run-tests-staging-duckdns.yml new file mode 100644 index 0000000..54da950 --- /dev/null +++ b/.github/workflows/run-tests-staging-duckdns.yml @@ -0,0 +1,25 @@ +name: Run all tests using DuckDNS +on: + push: + branches: + - master + pull_request: + branches: + - master +jobs: + test-centos7-duckdns: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build the docker-compose stack + run: docker-compose up -d --build + - name: Run test suite on CentOS7 against Staging using DuckDNS + run: test/run-test.sh centos7-duckdns + test-ubuntu-duckdns: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build the docker-compose stack + run: docker-compose up -d --build + - name: Run test suite on Ubuntu against Staging using DuckDNS + run: test/run-test.sh ubuntu-duckdns diff --git a/.github/workflows/run-tests-staging-dynu.yml b/.github/workflows/run-tests-staging-dynu.yml new file mode 100644 index 0000000..c523278 --- /dev/null +++ b/.github/workflows/run-tests-staging-dynu.yml @@ -0,0 +1,25 @@ +name: Run all tests using Dynu +on: + push: + branches: + - master + pull_request: + branches: + - master +jobs: + test-centos7-dynu: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build the docker-compose stack + run: docker-compose up -d --build + - name: Run test suite on CentOS7 against Staging using Dynu + run: test/run-test.sh centos7-dynu + test-ubuntu-dynu: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build the docker-compose stack + run: docker-compose up -d --build + - name: Run test suite on Ubuntu against Staging using Dynu + run: test/run-test.sh ubuntu-dynu diff --git a/dns_scripts/dns_add_dynu b/dns_scripts/dns_add_dynu new file mode 100755 index 0000000..e20470d --- /dev/null +++ b/dns_scripts/dns_add_dynu @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# Need to add your API key below or set as env variable +apikey=${DYNU_API_KEY:-''} + +# This script adds a token to dynu.com DNS for the ACME challenge +# usage dns_add_dynu "domain name" "token" +# return codes are; +# 0 - success +# 1 - error in input +# 2 - error within internal processing +# 3 - error in result ( domain not found in dynu.com etc) + +fulldomain="${1}" +token="${2}" + +API='https://api.dynu.com/v2/dns' + +# Check initial parameters +if [[ -z "$fulldomain" ]]; then + echo "DNS script requires full domain name as first parameter" + exit 1 +fi +if [[ -z "$token" ]]; then + echo "DNS script requires challenge token as second parameter" + exit 1 +fi + +curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' ) + +# Get domain id +# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org +resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}") + +# Match domain id +re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\"" +if [[ "$resp" =~ $re ]]; then + domain_id="${BASH_REMATCH[1]}" +fi + +if [[ -z "$domain_id" ]]; then + echo 'Domain name not found on your Dynu account' + exit 3 +fi + +# Check for existing _acme-challenge TXT record +# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT" +resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT") +re="\"id\":([^,]*)" +if [[ "$resp" =~ $re ]]; then + record_id="${BASH_REMATCH[1]}" +fi + +if [[ -z "$record_id" ]]; then + # Add new TXT challenge record + resp=$(curl --silent \ + "${curl_params[@]}" \ + -X POST "${API}/${domain_id}/record" \ + --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}") +else + # Update existing record + # curl -X POST https://api.dynu.com/v2/dns/9329328/record/7082063 -d "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"Test2\"}" + resp=$(curl --silent \ + "${curl_params[@]}" \ + -X POST "${API}/${domain_id}/record/${record_id}" \ + --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}") +fi + +# If adding record failed (exception:) then print error message +if [[ "$resp" != *"\"statusCode\":200"* ]]; then + echo "Error: DNS challenge not added: unknown error - ${resp}" + exit 3 +fi diff --git a/dns_scripts/dns_del_dynu b/dns_scripts/dns_del_dynu new file mode 100755 index 0000000..1d8d588 --- /dev/null +++ b/dns_scripts/dns_del_dynu @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +# Need to add your API key below or set as env variable +apikey=${DYNU_API_KEY:-''} + +# This script deletes the _acme-challenge TXT record from the dynu.com DNS entry for the domain +# usage dns_del_dynu "domain name" +# return codes are; +# 0 - success +# 1 - error in input +# 2 - error within internal processing +# 3 - error in result ( domain not found in dynu.com etc) + +# After deleting the TXT record from Dynu.com it takes over 30 minutes to add a new TXT record! +# This doesn't happen when updating the TXT record, just for delete then add +# As this is used for testing, changed the delete to a no-op. + +exit 0 + +fulldomain="${1}" + +API='https://api.dynu.com/v2/dns' + +# Check initial parameters +if [[ -z "$fulldomain" ]]; then + echo "DNS script requires full domain name as first parameter" + exit 1 +fi +if [[ -z "$apikey" ]]; then + echo "DNS script requires apikey environment variable to be set" + exit 1 +fi + +curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' ) + +# Get domain id +# curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org +resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}") + +# Match domain id +re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\"" +if [[ "$resp" =~ $re ]]; then + domain_id="${BASH_REMATCH[1]}" +fi + +if [[ -z "$domain_id" ]]; then + echo 'Domain name not found on your Dynu account' + exit 3 +fi + +# Check for existing _acme-challenge TXT record +# curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT" +resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT") +re="\"id\":([^,]*)" +if [[ "$resp" =~ $re ]]; then + record_id="${BASH_REMATCH[1]}" +fi + +if [[ -z "$record_id" ]]; then + echo "No _acme-challenge.${fulldomain} TXT record found" + exit 0 +fi + +resp=$(curl --silent \ + "${curl_params[@]}" \ + -X DELETE "${API}/${domain_id}/record/${record_id}") + +# If adding record failed (exception:) then print error message +if [[ "$resp" != *"\"statusCode\":200"* ]]; then + echo "Error: DNS challenge not added: unknown error - ${resp}" + exit 3 +fi diff --git a/getssl b/getssl index 99d5d3b..2257349 100755 --- a/getssl +++ b/getssl @@ -507,7 +507,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge # check for token at public dns server, waiting for a valid response. for ns in $primary_ns; do - debug "checking dns at $ns" + info "checking dns at $ns" ntries=0 check_dns="fail" while [[ "$check_dns" == "fail" ]]; do @@ -520,12 +520,24 @@ check_challenge_completion_dns() { # perform validation via DNS challenge check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${lower_d}" "@${ns}" \ | grep -i "^_acme-challenge.${lower_d}" \ | grep 'IN\WTXT'|awk -F'"' '{ print $2}') + debug "check_result=$check_result" + if [[ -z "$check_result" ]]; then + debug "$DNS_CHECK_FUNC" ANY "_acme-challenge.${lower_d}" "@${ns}" + check_result=$($DNS_CHECK_FUNC ANY "_acme-challenge.${lower_d}" "@${ns}" \ + | grep -i "^_acme-challenge.${lower_d}" \ + | grep 'IN\WTXT'|awk -F'"' '{ print $2}') + debug "check_result=$check_result" + fi elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${lower_d}" "${ns}" \ | grep 'descriptive text'|awk -F'"' '{ print $2}') else check_result=$(nslookup -type=txt "_acme-challenge.${lower_d}" "${ns}" \ | grep 'text ='|awk -F'"' '{ print $2}') + if [[ -z "$check_result" ]]; then + check_result=$(nslookup -type=any "_acme-challenge.${lower_d}" "${ns}" \ + | grep 'text ='|awk -F'"' '{ print $2}') + fi fi debug "expecting $auth_key" debug "${ns} gave ... $check_result" @@ -538,6 +550,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge if [[ $DNS_WAIT_RETRY_ADD == "true" && $(( ntries % 10 )) == 0 ]]; then debug "Retrying adding dns via command: $DNS_ADD_COMMAND $lower_d $auth_key" + test_output "Retrying adding dns via command: $DNS_ADD_COMMAND" eval "$DNS_DEL_COMMAND" "$lower_d" "$auth_key" if ! eval "$DNS_ADD_COMMAND" "$lower_d" "$auth_key" ; then error_exit "DNS_ADD_COMMAND failed for domain $d" @@ -1167,10 +1180,12 @@ for d in "${alldomains[@]}"; do # find a primary / authoritative DNS server for the domain if [[ -z "$AUTH_DNS_SERVER" ]]; then get_auth_dns "$d" + elif [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then + primary_ns="$AUTH_DNS_SERVER $PUBLIC_DNS_SERVER" else primary_ns="$AUTH_DNS_SERVER" fi - debug primary_ns "$primary_ns" + debug set primary_ns = "$primary_ns" check_challenge_completion_dns "${token}" "${uri}" "${keyauthorization}" "${d}" "${primary_ns}" "${auth_key}" else # set up the correct http token for verification @@ -1272,11 +1287,11 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n if [[ -z "$all_auth_dns_servers" ]]; then error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config" fi + primary_ns="$all_auth_dns_servers" if [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then - primary_ns="$all_auth_dns_servers $PUBLIC_DNS_SERVER" - else - primary_ns="$all_auth_dns_servers" + primary_ns="$primary_ns $PUBLIC_DNS_SERVER" fi + return fi @@ -1350,8 +1365,8 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n primary_ns="$primary_ns $PUBLIC_DNS_SERVER" fi - debug set primary_ns = "$primary_ns" test_output set primary_ns ="$primary_ns" + return fi fi @@ -1430,9 +1445,6 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}') fi - if [[ "$CHECK_PUBLIC_DNS_SERVER" == "true" ]]; then - primary_ns="$primary_ns $PUBLIC_DNS_SERVER" - fi return fi fi diff --git a/test/15-test-revoke-no-suffix.bats b/test/15-test-revoke-no-suffix.bats index 5e8d797..96e174b 100644 --- a/test/15-test-revoke-no-suffix.bats +++ b/test/15-test-revoke-no-suffix.bats @@ -15,10 +15,12 @@ setup() { @test "Create certificate to check revoke (no suffix)" { if [ -n "$STAGING" ]; then - CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg" + CONFIG_FILE="getssl-staging-dns01.cfg" else CONFIG_FILE="getssl-http01-no-suffix.cfg" fi + echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg + . "${CODE_DIR}/test/test-config/${CONFIG_FILE}" setup_environment init_getssl @@ -34,6 +36,8 @@ setup() { else CONFIG_FILE="getssl-http01.cfg" fi + echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg + . "${CODE_DIR}/test/test-config/${CONFIG_FILE}" CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key diff --git a/test/18-staging-retry-dns-add.bats b/test/18-staging-retry-dns-add.bats index 8b636d6..bca7c05 100644 --- a/test/18-staging-retry-dns-add.bats +++ b/test/18-staging-retry-dns-add.bats @@ -6,14 +6,26 @@ load '/getssl/test/test_helper.bash' -@test "Check retry add dns command if dns isn't updated (DuckDNS)" { +@test "Check retry add dns command if dns isn't updated" { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - CONFIG_FILE="getssl-staging-dns01-fail-dns-add.cfg" + + CONFIG_FILE="getssl-staging-dns01.cfg" setup_environment init_getssl + + cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg +DNS_ADD_COMMAND="/getssl/test/dns_add_fail" + +# Speed up the test by reducing the number or retries and the wait between retries. +DNS_WAIT=2 +DNS_WAIT_COUNT=11 +DNS_EXTRA_WAIT=0 +CHECK_ALL_AUTH_DNS="false" +CHECK_PUBLIC_DNS_SERVER="false" +EOF create_certificate -d assert_failure assert_line --partial "Retrying adding dns via command" diff --git a/test/Dockerfile-centos7-staging b/test/Dockerfile-centos7-duckdns similarity index 97% rename from test/Dockerfile-centos7-staging rename to test/Dockerfile-centos7-duckdns index 0b2ff08..719c9de 100644 --- a/test/Dockerfile-centos7-staging +++ b/test/Dockerfile-centos7-duckdns @@ -8,6 +8,7 @@ RUN yum -y install epel-release RUN yum -y install git curl bind-utils ldns wget which nginx ENV staging "true" +ENV dynamic_dns "dynu" ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb WORKDIR /root diff --git a/test/Dockerfile-centos7-dynu b/test/Dockerfile-centos7-dynu new file mode 100644 index 0000000..01d41a7 --- /dev/null +++ b/test/Dockerfile-centos7-dynu @@ -0,0 +1,29 @@ +FROM centos:centos7 + +# Note this image uses gawk + +# Update and install required software +RUN yum -y update +RUN yum -y install epel-release +RUN yum -y install git curl bind-utils ldns wget which nginx + +ENV staging "true" +ENV dynamic_dns "duckdns" +ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2 + +WORKDIR /root +RUN mkdir /etc/nginx/pki +RUN mkdir /etc/nginx/pki/private +COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf +COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 +RUN git clone https://github.com/bats-core/bats-support /bats-support +RUN git clone https://github.com/bats-core/bats-assert /bats-assert +RUN /bats-core/install.sh /usr/local + +EXPOSE 80 443 + +# Run eternal loop - for testing +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu-staging b/test/Dockerfile-ubuntu-duckdns similarity index 97% rename from test/Dockerfile-ubuntu-staging rename to test/Dockerfile-ubuntu-duckdns index 1ee3f83..f4cf9e3 100644 --- a/test/Dockerfile-ubuntu-staging +++ b/test/Dockerfile-ubuntu-duckdns @@ -7,6 +7,7 @@ ENV DEBIAN_FRONTEND noninteractive # Ensure tests in this image use the staging server ENV staging "true" +ENV dynamic_dns "duckdns" ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb # Update and install required software diff --git a/test/Dockerfile-ubuntu-dynu b/test/Dockerfile-ubuntu-dynu new file mode 100644 index 0000000..2ea8c31 --- /dev/null +++ b/test/Dockerfile-ubuntu-dynu @@ -0,0 +1,30 @@ +FROM ubuntu:latest + +# Note this image uses mawk1.3 + +# Set noninteractive otherwise tzdata hangs +ENV DEBIAN_FRONTEND noninteractive + +# Ensure tests in this image use the staging server +ENV staging "true" +ENV dynamic_dns "dynu" +ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2 + +# Update and install required software +RUN apt-get update --fix-missing +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y vim dos2unix # for debugging + +WORKDIR /root + +# Prevent "Can't load /root/.rnd into RNG" error from openssl +RUN touch /root/.rnd + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 +RUN git clone https://github.com/bats-core/bats-support /bats-support +RUN git clone https://github.com/bats-core/bats-assert /bats-assert +RUN /bats-core/install.sh /usr/local + +# Run eternal loop - for testing +CMD tail -f /dev/null diff --git a/test/dns_add_fail b/test/dns_add_fail new file mode 100755 index 0000000..44ab42b --- /dev/null +++ b/test/dns_add_fail @@ -0,0 +1,6 @@ +#!/bin/bash + +# Special test script which will always fail to update dns + +echo "This is a test script to check retry works if DNS isn't updated" +exit 0 diff --git a/test/dns_fail_add_duckdns b/test/dns_fail_add_duckdns deleted file mode 100755 index 03df89f..0000000 --- a/test/dns_fail_add_duckdns +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Special test script which will always fail to update dns - -token=${DUCKDNS_TOKEN:-} - -if [ -z "$token" ]; then - echo "DUCKDNS_TOKEN not set" - exit 1 -fi - -domain="$1" - -response=$(curl --retry 5 --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=FAIL") -if [ "$response" != "OK" ]; then - echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)" - echo "Response: $response" - exit 1 -fi diff --git a/test/run-test.cmd b/test/run-test.cmd index 23235c9..ed6ad6e 100644 --- a/test/run-test.cmd +++ b/test/run-test.cmd @@ -8,9 +8,11 @@ set COMMAND=%2 %3 :CheckAlias REM check if OS *contains* staging -IF NOT x%OS:staging=%==x%OS% GOTO staging +IF NOT x%OS:duck=%==x%OS% GOTO duckdns +IF NOT x%OS:dynu=%==x%OS% GOTO dynu set ALIAS=%OS%.getssl.test set STAGING= +set GETSSL_OS=%OS% GOTO Run :NoOS @@ -19,12 +21,19 @@ GOTO CheckCommand :NoCmd REM set COMMAND=/getssl/test/run-bats.sh -set COMMAND=bats /getssl/test +set COMMAND=bats /getssl/test --timing GOTO CheckAlias -:staging -set ALIAS=%OS:-staging=%-getssl.duckdns.org -set STAGING=--env STAGING=true +:duckdns +set ALIAS=%OS:-duckdns=%-getssl.duckdns.org +set STAGING=--env STAGING=true --env dynamic_dns=duckdns +set GETSSL_OS=%OS:-duckdns=% +GOTO Run + +:dynu +set ALIAS=%OS:-dynu=%-getssl.freeddns.org +set STAGING=--env STAGING=true --env dynamic_dns=dynu +set GETSSL_OS=%OS:-dynu=% :Run for %%I in (.) do set CurrDirName=%%~nxI @@ -33,7 +42,7 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% . @echo on docker run -it ^ --env GETSSL_HOST=%ALIAS% %STAGING% ^ - --env GETSSL_OS=%OS:-staging=% ^ + --env GETSSL_OS=%GETSSL_OS% ^ -v %cd%:/getssl ^ --rm ^ --network %CurrDirName%_acmenet ^ diff --git a/test/run-test.sh b/test/run-test.sh index 8a2a9f2..18443cd 100755 --- a/test/run-test.sh +++ b/test/run-test.sh @@ -11,22 +11,28 @@ if [ $# -gt 1 ]; then shift COMMAND=$* else - COMMAND="bats /getssl/test" + COMMAND="bats /getssl/test --timing" fi -if [[ "$OS" == *"staging"* ]]; then - ALIAS="${OS%-staging}-getssl.duckdns.org" - STAGING="--env STAGING=true" +if [[ "$OS" == *"duckdns"* ]]; then + ALIAS="${OS%-duckdns}-getssl.duckdns.org" + STAGING="--env STAGING=true --env dynamic_dns=duckdns" + GETSSL_OS="${OS%-duckdns}" +elif [[ "$OS" == *"dynu"* ]]; then + ALIAS="${OS%-dynu}-getssl.freeddns.org" + STAGING="--env STAGING=true --env dynamic_dns=dynu" + GETSSL_OS="${OS%-dynu}" else ALIAS="$OS.getssl.test" STAGING="" + GETSSL_OS=$OS fi docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" . # shellcheck disable=SC2086 docker run \ --env GETSSL_HOST=$ALIAS $STAGING \ - --env GETSSL_OS=${OS%-staging} \ + --env GETSSL_OS=$GETSSL_OS \ -v "$(pwd)":/getssl \ --rm \ --network ${PWD##*/}_acmenet \ diff --git a/test/test-config/getssl-staging-dns01-fail-dns-add.cfg b/test/test-config/getssl-staging-dns01-fail-dns-add.cfg deleted file mode 100644 index 2985d32..0000000 --- a/test/test-config/getssl-staging-dns01-fail-dns-add.cfg +++ /dev/null @@ -1,33 +0,0 @@ -# Special config to test that the retry dns_add_command logic works -# -CA="https://acme-staging-v02.api.letsencrypt.org/directory" - -# Generic staging config -VALIDATE_VIA_DNS=true -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=ns2.duckdns.org -CHECK_ALL_AUTH_DNS=true - -# Test that the retry works (dns_add_command will always fail) -DNS_WAIT_RETRY_ADD="true" -DNS_ADD_COMMAND="/getssl/test/dns_fail_add_duckdns" - -# Speed up the test by reducing the number or retries and the wait between retries. -DNS_WAIT=2 -DNS_WAIT_COUNT=11 -DNS_EXTRA_WAIT=0 - -# Standard config -ACCOUNT_KEY_TYPE="rsa" -PRIVATE_KEY_ALG="rsa" -SANS="" -ACL=('/var/www/html/.well-known/acme-challenge') -USE_SINGLE_ACL="false" -DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" -DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" -CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" -DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert -DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -SERVER_TYPE="https" -CHECK_REMOTE="true" diff --git a/test/test-config/getssl-staging-dns01-no-suffix.cfg b/test/test-config/getssl-staging-dns01-no-suffix.cfg deleted file mode 100644 index b4f5202..0000000 --- a/test/test-config/getssl-staging-dns01-no-suffix.cfg +++ /dev/null @@ -1,36 +0,0 @@ -# Test that the script works with external dns provider and staging server -# -CA="https://acme-staging-v02.api.letsencrypt.org" - -VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=ns2.duckdns.org -CHECK_ALL_AUTH_DNS=true -DNS_EXTRA_WAIT=120 - -# Speed up the test by reducing the number or retries and the wait between retries. -DNS_WAIT=2 -DNS_WAIT_COUNT=11 -DNS_WAIT_RETRY_ADD="true" - -ACCOUNT_KEY_TYPE="rsa" -PRIVATE_KEY_ALG="rsa" - -# Additional domains - this could be multiple domains / subdomains in a comma separated list -SANS="" - -# Location for all your certs, these can either be on the server (full path name) -# or using ssh /sftp as for the ACL -DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt" -DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key" -CA_CERT_LOCATION="/etc/nginx/pki/chain.crt" -DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert -DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert - -# The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" - -# Define the server type and confirm correct certificate is installed (using a custom port) -SERVER_TYPE="https" -CHECK_REMOTE="true" diff --git a/test/test-config/getssl-staging-dns01.cfg b/test/test-config/getssl-staging-dns01.cfg index 19413cd..8859686 100644 --- a/test/test-config/getssl-staging-dns01.cfg +++ b/test/test-config/getssl-staging-dns01.cfg @@ -3,15 +3,21 @@ CA="https://acme-staging-v02.api.letsencrypt.org/directory" VALIDATE_VIA_DNS=true -DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns" -DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" -PUBLIC_DNS_SERVER=1.1.1.1 +DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_${dynamic_dns}" +DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_${dynamic_dns}" +PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de" +if [[ "${dynamic_dns}" == "dynu" ]]; then + AUTH_DNS_SERVER=ns1.dynu.com +else + AUTH_DNS_SERVER=ns1.duckdns.org +fi CHECK_ALL_AUTH_DNS="true" CHECK_PUBLIC_DNS_SERVER="true" DNS_EXTRA_WAIT=120 # Speed up the test by reducing the number or retries and retrying DNS_ADD after 10 failures DNS_WAIT_COUNT=20 +DNS_WAIT=30 DNS_WAIT_RETRY_ADD="true" ACCOUNT_KEY_TYPE="rsa" @@ -38,3 +44,6 @@ CHECK_REMOTE="true" if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then . $DOMAIN_DIR/getssl_test_specific.cfg fi + +#_RUNNING_TEST=1 +#_USE_DEBUG=1 diff --git a/test/u1-test-get_auth_dns-dig.bats b/test/u1-test-get_auth_dns-dig.bats index d13cc56..6e64e68 100644 --- a/test/u1-test-get_auth_dns-dig.bats +++ b/test/u1-test-get_auth_dns-dig.bats @@ -59,14 +59,14 @@ teardown() { run get_auth_dns ubuntu-getssl.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we had to use dig NS assert_line --partial 'Using dig NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' } @@ -86,7 +86,7 @@ teardown() { run get_auth_dns ubuntu-getssl.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we had to use dig NS assert_line --partial 'Using dig SOA' @@ -95,12 +95,12 @@ teardown() { # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' # Check that we also check the public DNS server if requested CHECK_PUBLIC_DNS_SERVER=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org 1\.0\.0\.1' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org 1\.0\.0\.1' } @@ -165,7 +165,7 @@ teardown() { run get_auth_dns www.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we found a CNAME but didn't use dig NS assert_line --partial 'Using dig CNAME' @@ -174,5 +174,5 @@ teardown() { # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns www.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' } diff --git a/test/u2-test-get_auth_dns-drill.bats b/test/u2-test-get_auth_dns-drill.bats index 1db1011..c5feadf 100644 --- a/test/u2-test-get_auth_dns-drill.bats +++ b/test/u2-test-get_auth_dns-drill.bats @@ -78,14 +78,14 @@ teardown() { run get_auth_dns ubuntu-getssl.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we had to use drill NS assert_line --partial 'Using drill NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' } @@ -110,7 +110,7 @@ teardown() { run get_auth_dns ubuntu-getssl.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we had to use drill NS assert_line --partial 'Using drill SOA' @@ -119,12 +119,12 @@ teardown() { # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' # Check that we also check the public DNS server if requested CHECK_PUBLIC_DNS_SERVER=true run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org 1\.0\.0\.1' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org 1\.0\.0\.1' } @@ -202,7 +202,7 @@ teardown() { run get_auth_dns www.duckdns.org # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org' # Assert that we found a CNAME but didn't use drill NS assert_line --partial 'Using drill CNAME' @@ -211,5 +211,5 @@ teardown() { # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns www.duckdns.org - assert_output --regexp 'set primary_ns = ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org ns[1-3]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org ns[1-4]+\.duckdns\.org' }