From 1c8937d0542cc044fc8206e234012ec811f95b60 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Thu, 27 Feb 2020 14:39:56 +0000
Subject: [PATCH 1/9] Fix execution permissions

---
 dns_scripts/dns_add_challtestsrv | 0
 dns_scripts/dns_add_duckdns      | 0
 dns_scripts/dns_del_challtestsrv | 0
 dns_scripts/dns_del_duckdns      | 0
 test/restart-nginx               | 0
 5 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 dns_scripts/dns_add_challtestsrv
 mode change 100644 => 100755 dns_scripts/dns_add_duckdns
 mode change 100644 => 100755 dns_scripts/dns_del_challtestsrv
 mode change 100644 => 100755 dns_scripts/dns_del_duckdns
 mode change 100644 => 100755 test/restart-nginx

diff --git a/dns_scripts/dns_add_challtestsrv b/dns_scripts/dns_add_challtestsrv
old mode 100644
new mode 100755
diff --git a/dns_scripts/dns_add_duckdns b/dns_scripts/dns_add_duckdns
old mode 100644
new mode 100755
diff --git a/dns_scripts/dns_del_challtestsrv b/dns_scripts/dns_del_challtestsrv
old mode 100644
new mode 100755
diff --git a/dns_scripts/dns_del_duckdns b/dns_scripts/dns_del_duckdns
old mode 100644
new mode 100755
diff --git a/test/restart-nginx b/test/restart-nginx
old mode 100644
new mode 100755

From 1ab68d7c3b02a8fc0a84de7d0739f607d0ab96ec Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Thu, 27 Feb 2020 14:40:24 +0000
Subject: [PATCH 2/9] Run tests on PR and push

---
 .github/workflows/run-all-tests.yml | 17 +++++++++++++++++
 test/run-all-tests.sh               | 12 ++++++------
 2 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/run-all-tests.yml
 mode change 100644 => 100755 test/run-all-tests.sh

diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-all-tests.yml
new file mode 100644
index 0000000..0e43289
--- /dev/null
+++ b/.github/workflows/run-all-tests.yml
@@ -0,0 +1,17 @@
+name: Run all tests
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite
+        run: test/run-all-tests.sh
diff --git a/test/run-all-tests.sh b/test/run-all-tests.sh
old mode 100644
new mode 100755
index 6a0eb8a..ee2f1db
--- a/test/run-all-tests.sh
+++ b/test/run-all-tests.sh
@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 
-docker exec -it getssl-alpine bats /getssl/test
-docker exec -it getssl-centos6 bats /getssl/test
-docker exec -it getssl-debian bats /getssl/test
-docker exec -it getssl-ubuntu bats /getssl/test
-docker exec -it getssl-ubuntu18 bats /getssl/test
-docker exec -it getssl-duckdns bats /getssl/test
+docker exec getssl-alpine bats /getssl/test
+docker exec getssl-centos6 bats /getssl/test
+docker exec getssl-debian bats /getssl/test
+docker exec getssl-ubuntu bats /getssl/test
+docker exec getssl-ubuntu18 bats /getssl/test
+docker exec getssl-duckdns bats /getssl/test

From 9b9784489b2c816e1fb4347d7c4398f7a352f84b Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 4 Mar 2020 18:16:26 +0000
Subject: [PATCH 3/9] Parallelize the gitactions tests

---
 .github/workflows/run-all-tests.yml           |  54 +++++-
 docker-compose.yml                            | 180 ------------------
 test/4-more-than-10-hosts.bats                |   2 +-
 test/6-dual-rsa-ecdsa-copy-2-locations.bats   |   2 +-
 test/7-duckdns-dns01.bats                     |   2 +-
 test/Dockerfile-alpine                        |   4 +-
 test/Dockerfile-duckdns                       |  25 +++
 test/README-Testing.md                        |  35 ++++
 test/README.md                                |  40 ----
 test/restart-nginx                            |   2 +-
 test/run-all-tests.cmd                        |  15 --
 test/run-all-tests.sh                         |   8 -
 test/run-test.cmd                             |  52 +++++
 test/run-test.sh                              |  46 +++++
 .../{ => test-config}/alpine-supervisord.conf |  28 +--
 test/test-config/getssl-duckdns01.cfg         |   2 +-
 test/test_helper.bash                         |  41 +++-
 17 files changed, 261 insertions(+), 277 deletions(-)
 create mode 100644 test/Dockerfile-duckdns
 create mode 100644 test/README-Testing.md
 delete mode 100644 test/README.md
 delete mode 100644 test/run-all-tests.cmd
 delete mode 100755 test/run-all-tests.sh
 create mode 100644 test/run-test.cmd
 create mode 100644 test/run-test.sh
 rename test/{ => test-config}/alpine-supervisord.conf (80%)

diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-all-tests.yml
index 0e43289..5a02eda 100644
--- a/.github/workflows/run-all-tests.yml
+++ b/.github/workflows/run-all-tests.yml
@@ -7,11 +7,59 @@ on:
     branches:
       - master
 jobs:
-  build:
+  test-alpine:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
-      - name: Run test suite
-        run: test/run-all-tests.sh
+      - name: Run test suite on Alpine
+        run: test/run-test.sh alpine
+  test-centos6:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on centos6
+        run: test/run-test.sh centos6
+  test-debian:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Debian
+        run: test/run-test.sh debian
+  test-duckdns:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu using DuckDNS
+        run: test/run-test.sh duckdns
+  test-ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu
+        run: test/run-test.sh ubuntu
+  test-ubuntu16:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu16
+        run: test/run-test.sh ubuntu16
+  test-ubuntu18:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu18
+        run: test/run-test.sh ubuntu18
diff --git a/docker-compose.yml b/docker-compose.yml
index b493888..ec5c24a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,186 +21,6 @@ services:
     networks:
       acmenet:
         ipv4_address: 10.30.50.3
-  getssl-alpine:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-alpine
-    container_name: getssl-alpine
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: alpine.getssl.test
-      GETSSL_IP: 10.30.50.10
-      NGINX_CONFIG: /etc/nginx/conf.d/default.conf
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.10
-        aliases:
-          -   alpine.getssl.test
-          - a.alpine.getssl.test
-          - b.alpine.getssl.test
-          - c.alpine.getssl.test
-          - d.alpine.getssl.test
-          - e.alpine.getssl.test
-          - f.alpine.getssl.test
-          - g.alpine.getssl.test
-          - h.alpine.getssl.test
-          - i.alpine.getssl.test
-          - j.alpine.getssl.test
-          - k.alpine.getssl.test
-  getssl-centos6:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-centos6
-    container_name: getssl-centos6
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: centos6.getssl.test
-      GETSSL_IP: 10.30.50.11
-      NGINX_CONFIG: /etc/nginx/conf.d/default.conf
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.11
-        aliases:
-          -   centos6.getssl.test
-          - a.centos6.getssl.test
-          - b.centos6.getssl.test
-          - c.centos6.getssl.test
-          - d.centos6.getssl.test
-          - e.centos6.getssl.test
-          - f.centos6.getssl.test
-          - g.centos6.getssl.test
-          - h.centos6.getssl.test
-          - i.centos6.getssl.test
-          - j.centos6.getssl.test
-          - k.centos6.getssl.test
-  getssl-debian:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-debian
-    container_name: getssl-debian
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: debian.getssl.test
-      GETSSL_IP: 10.30.50.12
-      NGINX_CONFIG: /etc/nginx/sites-enabled/default
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.12
-        aliases:
-          -   debian.getssl.test
-          - a.debian.getssl.test
-          - b.debian.getssl.test
-          - c.debian.getssl.test
-          - d.debian.getssl.test
-          - e.debian.getssl.test
-          - f.debian.getssl.test
-          - g.debian.getssl.test
-          - h.debian.getssl.test
-          - i.debian.getssl.test
-          - j.debian.getssl.test
-          - k.debian.getssl.test
-  getssl-ubuntu:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-ubuntu
-    container_name: getssl-ubuntu
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: ubuntu.getssl.test
-      GETSSL_IP: 10.30.50.13
-      NGINX_CONFIG: /etc/nginx/sites-enabled/default
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.13
-        aliases:
-          - ubuntu.getssl.test
-          - a.ubuntu.getssl.test
-          - b.ubuntu.getssl.test
-          - c.ubuntu.getssl.test
-          - d.ubuntu.getssl.test
-          - e.ubuntu.getssl.test
-          - f.ubuntu.getssl.test
-          - g.ubuntu.getssl.test
-          - h.ubuntu.getssl.test
-          - i.ubuntu.getssl.test
-          - j.ubuntu.getssl.test
-          - k.ubuntu.getssl.test
-  getssl-ubuntu16:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-ubuntu16
-    container_name: getssl-ubuntu16
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: ubuntu16.getssl.test
-      GETSSL_IP: 10.30.50.14
-      NGINX_CONFIG: /etc/nginx/sites-enabled/default
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.14
-        aliases:
-          - ubuntu16.getssl.test
-          - a.ubuntu16.getssl.test
-          - b.ubuntu16.getssl.test
-          - c.ubuntu16.getssl.test
-          - d.ubuntu16.getssl.test
-          - e.ubuntu16.getssl.test
-          - f.ubuntu16.getssl.test
-          - g.ubuntu16.getssl.test
-          - h.ubuntu16.getssl.test
-          - i.ubuntu16.getssl.test
-          - j.ubuntu16.getssl.test
-          - k.ubuntu16.getssl.test
-  getssl-ubuntu18:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-ubuntu18
-    container_name: getssl-ubuntu18
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: ubuntu18.getssl.test
-      GETSSL_IP: 10.30.50.15
-      NGINX_CONFIG: /etc/nginx/sites-enabled/default
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.15
-        aliases:
-          - ubuntu18.getssl.test
-          - a.ubuntu18.getssl.test
-          - b.ubuntu18.getssl.test
-          - c.ubuntu18.getssl.test
-          - d.ubuntu18.getssl.test
-          - e.ubuntu18.getssl.test
-          - f.ubuntu18.getssl.test
-          - g.ubuntu18.getssl.test
-          - h.ubuntu18.getssl.test
-          - i.ubuntu18.getssl.test
-          - j.ubuntu18.getssl.test
-          - k.ubuntu18.getssl.test
-  getssl-duckdns:
-    build:
-      context: .
-      dockerfile: test/Dockerfile-ubuntu
-    container_name: getssl-duckdns
-    volumes:
-      - .:/getssl
-    environment:
-      GETSSL_HOST: getssl.duckdns.org
-      GETSSL_IP: 10.30.50.16
-      NGINX_CONFIG: /etc/nginx/sites-enabled/default
-      DUCKDNS_TOKEN: $DUCKDNS_TOKEN
-      STAGING: "true"
-    networks:
-      acmenet:
-        ipv4_address: 10.30.50.16
-        aliases:
-           - getssl.duckdns.org
 
 
 networks:
diff --git a/test/4-more-than-10-hosts.bats b/test/4-more-than-10-hosts.bats
index 5bdfc2a..bd93adc 100644
--- a/test/4-more-than-10-hosts.bats
+++ b/test/4-more-than-10-hosts.bats
@@ -44,6 +44,6 @@ setup() {
     # Remove all the dns aliases
     cleanup_environment
     for prefix in a b c d e f g h i j k; do
-        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
+        curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
     done
 }
diff --git a/test/6-dual-rsa-ecdsa-copy-2-locations.bats b/test/6-dual-rsa-ecdsa-copy-2-locations.bats
index aae21bb..73363ec 100644
--- a/test/6-dual-rsa-ecdsa-copy-2-locations.bats
+++ b/test/6-dual-rsa-ecdsa-copy-2-locations.bats
@@ -16,7 +16,7 @@ setup() {
 
 teardown() {
     if [ -z "$STAGING" ]; then
-        curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
+        curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
     fi
 }
 
diff --git a/test/7-duckdns-dns01.bats b/test/7-duckdns-dns01.bats
index e81b414..9466f05 100644
--- a/test/7-duckdns-dns01.bats
+++ b/test/7-duckdns-dns01.bats
@@ -38,5 +38,5 @@ setup() {
     refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
     cleanup_environment
-    curl --silent -X POST -d '{"host":"getssl.duckdns.org", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
+    curl --silent -X POST -d '{"host":"getssl.duckdns.org"}' http://10.30.50.3:8055/clear-a
 }
diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine
index ff69490..0c166cb 100644
--- a/test/Dockerfile-alpine
+++ b/test/Dockerfile-alpine
@@ -18,5 +18,5 @@ RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
 RUN /bats-core/install.sh /usr/local
 
 # Use supervisord to run nginx in the background
-COPY ./test/alpine-supervisord.conf /etc/supervisord.conf
-ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf
+COPY ./test/test-config/alpine-supervisord.conf /etc/supervisord.conf
+CMD tail -f /dev/null
diff --git a/test/Dockerfile-duckdns b/test/Dockerfile-duckdns
new file mode 100644
index 0000000..0bdc1f8
--- /dev/null
+++ b/test/Dockerfile-duckdns
@@ -0,0 +1,25 @@
+FROM ubuntu:latest
+
+# Note this image uses mawk1.3
+
+ENV staging "true"
+ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb
+# Update and install required software
+RUN apt-get update --fix-missing
+RUN apt-get install -y git curl dnsutils wget nginx-light
+RUN apt-get install -y vim dos2unix # for debugging
+# TODO test with drill, dig, host
+
+WORKDIR /root
+
+# Prevent "Can't load /root/.rnd into RNG" error from openssl
+RUN touch /root/.rnd
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
+
+# Run eternal loop - for testing
+CMD tail -f /dev/null
diff --git a/test/README-Testing.md b/test/README-Testing.md
new file mode 100644
index 0000000..3cd4b2c
--- /dev/null
+++ b/test/README-Testing.md
@@ -0,0 +1,35 @@
+# Testing
+
+## Continuous Integration
+
+For continuous integration testing we have the following:
+
+`gitactions` script which runs whenever a PR is pushed:
+
+1. Uses `docker-compose` to start `pebble` (letsencrypt test server) and `challtestsrv` (minimal dns client for pebble)
+2. Then runs the `bats` test scripts (all the files with a ".bats" extension) for each OS (alpine, centos6, debian, ubuntu)
+3. Runs the `bats` test script against the staging server (using nn ubuntu docker image and duckdns.org)
+
+## To run all the tests on a single OS
+
+1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
+2. Run the test suite ```run-test.sh [<os>]```
+3. eg. `run-test.sh ubuntu16`
+
+## To run a single bats test on a single OS
+
+1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
+2. ```run-test.sh <os> bats <bats test script>```
+3. e.g. `run-test.sh ubuntu bats /getssl/test/1-simple-http01.bats`
+
+## To debug a test
+
+1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
+2. ```run-test.sh <os> /getssl/test/debug-test.sh <getssl config file>```
+3. e.g. `run-test.sh ubuntu /getssl/test/debug-test.sh -d /getssl/test/test-config/getssl-http01-cfg`
+
+## TODO
+
+1. Test wildcards
+2. Test SSH, SFTP, SCP
+3. Test change of key algorithm (should automatically delete and re-create account.key)
diff --git a/test/README.md b/test/README.md
deleted file mode 100644
index 7648f17..0000000
--- a/test/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Testing
-
-This directory contains a simple test script which tests creating
-certificates with Pebble (testing version of the LetsEncrypt server)
-
-Start up pebble, the challdnstest server for DNS challenges
-
-```sh
-docker-compose -f "docker-compose.yml" up -d --build
-```
-
-Run the tests
-
-```sh
-test/run-all-tests.sh
-```
-
-Run individual test
-
-```sh
-docker exec -it getssl bats /getssl/test/<filename.bats>
-```
-
-Debug (uses helper script to set `CURL_CA_BUNDLE` as pebble uses a local certificate,
-otherwise you get a "unknown API version" error)
-
-```sh
-docker exec -it getssl-<os> /getssl/test/debug-test.sh <config-file>`
-
-eg.
-
-```sh
-docker exec -it getssl-ubuntu18 /getssl/test/debug-test.sh getssl-http01.cfg
-```
-
-## TODO
-
-1. Test wildcards
-2. Test SSH, SFTP, SCP
-3. Test change of key algorithm
diff --git a/test/restart-nginx b/test/restart-nginx
index d35f60f..f947d8d 100755
--- a/test/restart-nginx
+++ b/test/restart-nginx
@@ -4,5 +4,5 @@ if [ "$GETSSL_HOST" = "alpine.getssl.test" ]; then
     killall -HUP nginx >&3-
     sleep 5
 else
-    service nginx restart >&3-
+    service nginx restart >/dev/null >&3-
 fi
diff --git a/test/run-all-tests.cmd b/test/run-all-tests.cmd
deleted file mode 100644
index e887b6e..0000000
--- a/test/run-all-tests.cmd
+++ /dev/null
@@ -1,15 +0,0 @@
-echo %time%
-docker exec -it getssl-alpine bats /getssl/test
-echo %time%
-docker exec -it getssl-centos6 bats /getssl/test
-echo %time%
-docker exec -it getssl-debian bats /getssl/test
-echo %time%
-docker exec -it getssl-ubuntu bats /getssl/test
-echo %time%
-docker exec -it getssl-ubuntu18 bats /getssl/test
-echo %time%
-docker exec -it getssl-ubuntu16 bats /getssl/test
-echo %time%
-docker exec -it getssl-duckdns bats /getssl/test
-echo %time%
diff --git a/test/run-all-tests.sh b/test/run-all-tests.sh
deleted file mode 100755
index ee2f1db..0000000
--- a/test/run-all-tests.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-docker exec getssl-alpine bats /getssl/test
-docker exec getssl-centos6 bats /getssl/test
-docker exec getssl-debian bats /getssl/test
-docker exec getssl-ubuntu bats /getssl/test
-docker exec getssl-ubuntu18 bats /getssl/test
-docker exec getssl-duckdns bats /getssl/test
diff --git a/test/run-test.cmd b/test/run-test.cmd
new file mode 100644
index 0000000..e951c44
--- /dev/null
+++ b/test/run-test.cmd
@@ -0,0 +1,52 @@
+@echo off
+IF %1.==. GOTO NoOS
+set OS=%1
+
+:CheckCommand
+IF %2.==. GOTO NoCmd
+set COMMAND=%2 %3
+
+:CheckAlias
+IF %OS%==duckdns GOTO duckdns
+set ALIAS=%OS%.getssl.test
+set STAGING=
+GOTO Run
+
+:NoOS
+set OS=ubuntu
+GOTO CheckCommand
+
+:NoCmd
+REM set COMMAND=/getssl/test/run-bats.sh
+set COMMAND=bats /getssl/test
+GOTO CheckAlias
+
+:duckdns
+set ALIAS=getssl.duckdns.org
+set STAGING=--env STAGING=true
+
+:Run
+for %%I in (.) do set CurrDirName=%%~nxI
+
+docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
+@echo on
+docker run -it ^
+  --env GETSSL_HOST=%ALIAS% %STAGING% ^
+  -v %cd%:/getssl ^
+  --rm ^
+  --network %CurrDirName%_acmenet ^
+  --network-alias %ALIAS% ^
+  --network-alias a.%OS%.getssl.test ^
+  --network-alias b.%OS%.getssl.test ^
+  --network-alias c.%OS%.getssl.test ^
+  --network-alias d.%OS%.getssl.test ^
+  --network-alias e.%OS%.getssl.test ^
+  --network-alias f.%OS%.getssl.test ^
+  --network-alias g.%OS%.getssl.test ^
+  --network-alias h.%OS%.getssl.test ^
+  --network-alias i.%OS%.getssl.test ^
+  --network-alias j.%OS%.getssl.test ^
+  --network-alias k.%OS%.getssl.test ^
+  --name getssl-%OS% ^
+  getssl-%OS% ^
+  %COMMAND%
diff --git a/test/run-test.sh b/test/run-test.sh
new file mode 100644
index 0000000..d85730f
--- /dev/null
+++ b/test/run-test.sh
@@ -0,0 +1,46 @@
+#! /usr/bin/env bash
+
+if [ $# -eq 0 ]; then
+    echo "Usage: $(basename "$0") <os> [<command>]"
+    echo "e.g. $(basename "$0") alpine bats /getssl/test"
+    exit 1
+fi
+OS=$1
+
+if [ $# -gt 1 ]; then
+    shift
+    COMMAND=$*
+else
+    COMMAND="bats /getssl/test"
+fi
+
+if [ "$OS" == "duckdns" ]; then
+    ALIAS="getssl.duckdns.org"
+    STAGING="--env STAGING=true"
+else
+    ALIAS="$OS.getssl.test"
+    STAGING=""
+fi
+
+docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
+# shellcheck disable=SC2086
+docker run \
+  --env GETSSL_HOST="$OS.getssl.test" $STAGING \
+  -v "$(pwd)":/getssl \
+  --rm \
+  --network ${PWD##*/}_acmenet \
+  --network-alias $ALIAS \
+  --network-alias "a.$OS.getssl.test" \
+  --network-alias "b.$OS.getssl.test" \
+  --network-alias "c.$OS.getssl.test" \
+  --network-alias "d.$OS.getssl.test" \
+  --network-alias "e.$OS.getssl.test" \
+  --network-alias "f.$OS.getssl.test" \
+  --network-alias "g.$OS.getssl.test" \
+  --network-alias "h.$OS.getssl.test" \
+  --network-alias "i.$OS.getssl.test" \
+  --network-alias "j.$OS.getssl.test" \
+  --network-alias "k.$OS.getssl.test" \
+  --name "getssl-$OS" \
+  "getssl-$OS" \
+  $COMMAND
diff --git a/test/alpine-supervisord.conf b/test/test-config/alpine-supervisord.conf
similarity index 80%
rename from test/alpine-supervisord.conf
rename to test/test-config/alpine-supervisord.conf
index 8eec585..9759570 100644
--- a/test/alpine-supervisord.conf
+++ b/test/test-config/alpine-supervisord.conf
@@ -1,14 +1,14 @@
-[supervisord]
-nodaemon=true
-logfile=/tmp/supervisord.log
-childlogdir=/tmp
-pidfile = /tmp/supervisord.pid
-
-[program:nginx]
-command=nginx -g 'daemon off;'
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-autorestart=false
-startretries=0
+[supervisord]
+nodaemon=false
+logfile=/tmp/supervisord.log
+childlogdir=/tmp
+pidfile = /tmp/supervisord.pid
+
+[program:nginx]
+command=nginx
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=false
+startretries=0
diff --git a/test/test-config/getssl-duckdns01.cfg b/test/test-config/getssl-duckdns01.cfg
index 10ac366..517aaeb 100644
--- a/test/test-config/getssl-duckdns01.cfg
+++ b/test/test-config/getssl-duckdns01.cfg
@@ -7,7 +7,7 @@ DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
 AUTH_DNS_SERVER=1.1.1.1
 CHECK_ALL_AUTH_DNS=false
-DNS_EXTRA_WAIT=30
+DNS_EXTRA_WAIT=60
 
 ACCOUNT_KEY_TYPE="rsa"
 PRIVATE_KEY_ALG="rsa"
diff --git a/test/test_helper.bash b/test/test_helper.bash
index 0d106fa..d151d5a 100644
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@@ -8,15 +8,6 @@ setup_environment() {
         rm -r ${INSTALL_DIR}/.getssl
     fi
 
-    if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
-        wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1
-        CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-        if [ ! -f $CERT_FILE ]; then
-            CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
-        fi
-        cat $CERT_FILE ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
-    fi
-
     curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a
     cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}"
     /getssl/test/restart-nginx
@@ -24,7 +15,7 @@ setup_environment() {
 
 
 cleanup_environment() {
-    curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/del-a
+    curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'"}' http://10.30.50.3:8055/clear-a
 }
 
 
@@ -42,3 +33,33 @@ create_certificate() {
     # shellcheck disable=SC2086
     run ${CODE_DIR}/getssl $1 "$GETSSL_HOST"
 }
+
+# start nginx in background on alpine via supervisord
+if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
+    if [[ ! $(pgrep supervisord) ]]; then
+        /usr/bin/supervisord -c /etc/supervisord.conf >&3-
+    fi
+fi
+
+# Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config)
+if [[ -f /etc/nginx/conf.d/default.conf ]]; then
+    export NGINX_CONFIG=/etc/nginx/conf.d/default.conf
+elif [[ -f /etc/nginx/sites-enabled/default ]]; then
+    export NGINX_CONFIG=/etc/nginx/sites-enabled/default
+else
+    echo "Can't find NGINX directory"
+    exit 1
+fi
+
+# Find IP address
+GETSSL_IP=$(ip address | awk '/10.30.50/ { print $2 }' | awk -F/ '{ print $1 }')
+export GETSSL_IP
+
+if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
+    wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1
+    CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+    if [ ! -f $CERT_FILE ]; then
+        CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
+    fi
+    cat $CERT_FILE ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
+fi

From a67dc5db09215d3b5ad6612b50a3cc1c43fbe3de Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 4 Mar 2020 18:18:46 +0000
Subject: [PATCH 4/9] Add +x for scripts used in testing

---
 dns_scripts/dns_freedns.sh | 0
 test/debug-test.sh         | 0
 test/run-test.sh           | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 dns_scripts/dns_freedns.sh
 mode change 100644 => 100755 test/debug-test.sh
 mode change 100644 => 100755 test/run-test.sh

diff --git a/dns_scripts/dns_freedns.sh b/dns_scripts/dns_freedns.sh
old mode 100644
new mode 100755
diff --git a/test/debug-test.sh b/test/debug-test.sh
old mode 100644
new mode 100755
diff --git a/test/run-test.sh b/test/run-test.sh
old mode 100644
new mode 100755

From 95f292ce058af360c23aaa3776e58502fcd92f2f Mon Sep 17 00:00:00 2001
From: Tim Kimber <timkimber@users.noreply.github.com>
Date: Thu, 5 Mar 2020 07:09:16 +0000
Subject: [PATCH 5/9] Add test status badge

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 1d0d3fc..d0aa22c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+![Run all tests](https://github.com/srvrco/getssl/workflows/Run%20all%20tests/badge.svg)
 # getssl
 
 Obtain SSL certificates from the letsencrypt.org ACME server. Suitable

From 5ad1f96ee1e49a59ab80eeade75075101129c22c Mon Sep 17 00:00:00 2001
From: Tim Kimber <timkimber@users.noreply.github.com>
Date: Thu, 5 Mar 2020 13:52:35 +0000
Subject: [PATCH 6/9] Create shellcheck.yml

---
 .github/workflows/shellcheck.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/shellcheck.yml

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
new file mode 100644
index 0000000..d5adbf5
--- /dev/null
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,17 @@
+name: shellcheck
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Lint check
+        uses: azohra/shell-linter@v0.2.0
+        with:
+          path: "getssl"

From f51fa14c40839fd4e23aacee025f34058008837d Mon Sep 17 00:00:00 2001
From: Tim Kimber <timkimber@users.noreply.github.com>
Date: Thu, 5 Mar 2020 13:54:27 +0000
Subject: [PATCH 7/9] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d0aa22c..c359239 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![Run all tests](https://github.com/srvrco/getssl/workflows/Run%20all%20tests/badge.svg)
+![Run all tests](https://github.com/srvrco/getssl/workflows/Run%20all%20tests/badge.svg) ![shellcheck](https://github.com/srvrco/getssl/workflows/shellcheck/badge.svg)
 # getssl
 
 Obtain SSL certificates from the letsencrypt.org ACME server. Suitable

From 1dec15f1b5f626f5c2f3038817228b29527250b7 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Fri, 6 Mar 2020 13:50:24 +0000
Subject: [PATCH 8/9] Test on centos7 against staging server

---
 .github/workflows/run-all-tests.yml           | 20 +++++++---
 test/7-duckdns-dns01.bats                     |  8 ----
 test/8-duckdns-ecdsa.bats                     |  8 ----
 test/Dockerfile-centos7-duckdns               | 28 ++++++++++++++
 ...file-duckdns => Dockerfile-ubuntu-duckdns} |  0
 test/restart-nginx                            |  5 ++-
 test/run-test.cmd                             |  6 ++-
 test/run-test.sh                              |  5 ++-
 test/test-config/nginx-centos7.conf           | 37 +++++++++++++++++++
 test/test_helper.bash                         | 16 +++++++-
 10 files changed, 105 insertions(+), 28 deletions(-)
 create mode 100644 test/Dockerfile-centos7-duckdns
 rename test/{Dockerfile-duckdns => Dockerfile-ubuntu-duckdns} (100%)
 create mode 100644 test/test-config/nginx-centos7.conf

diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-all-tests.yml
index 5a02eda..e6d80ed 100644
--- a/.github/workflows/run-all-tests.yml
+++ b/.github/workflows/run-all-tests.yml
@@ -23,22 +23,22 @@ jobs:
         run: docker-compose up -d --build
       - name: Run test suite on centos6
         run: test/run-test.sh centos6
-  test-debian:
+  test-centos7-duckdns:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
-      - name: Run test suite on Debian
-        run: test/run-test.sh debian
-  test-duckdns:
+      - name: Run test suite on CentOS7 against Staging using DuckDNS
+        run: test/run-test.sh centos7-duckdns
+  test-debian:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
-      - name: Run test suite on Ubuntu using DuckDNS
-        run: test/run-test.sh duckdns
+      - name: Run test suite on Debian
+        run: test/run-test.sh debian
   test-ubuntu:
     runs-on: ubuntu-latest
     steps:
@@ -63,3 +63,11 @@ jobs:
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu18
         run: test/run-test.sh ubuntu18
+  test-ubuntu-duckdns:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose up -d --build
+      - name: Run test suite on Ubuntu against Staging using DuckDNS
+        run: test/run-test.sh ubuntu-duckdns
diff --git a/test/7-duckdns-dns01.bats b/test/7-duckdns-dns01.bats
index 9466f05..0c680ea 100644
--- a/test/7-duckdns-dns01.bats
+++ b/test/7-duckdns-dns01.bats
@@ -5,13 +5,6 @@ load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 
 
-# These are run for every test, not once per file
-setup() {
-    if [ -n "$STAGING" ]; then
-        export GETSSL_HOST=getssl.duckdns.org
-    fi
-}
-
 
 @test "Create new certificate using staging server and DuckDNS" {
     if [ -z "$STAGING" ]; then
@@ -38,5 +31,4 @@ setup() {
     refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
     refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
     cleanup_environment
-    curl --silent -X POST -d '{"host":"getssl.duckdns.org"}' http://10.30.50.3:8055/clear-a
 }
diff --git a/test/8-duckdns-ecdsa.bats b/test/8-duckdns-ecdsa.bats
index 0950d96..dfe84fe 100644
--- a/test/8-duckdns-ecdsa.bats
+++ b/test/8-duckdns-ecdsa.bats
@@ -5,12 +5,6 @@ load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 
 
-# These are run for every test, not once per file
-setup() {
-    if [ -n "$STAGING" ]; then
-        export GETSSL_HOST=getssl.duckdns.org
-    fi
-}
 
 
 @test "Create new certificate using staging server and prime256v1" {
@@ -18,7 +12,6 @@ setup() {
         skip "Running internal tests, skipping external test"
     fi
     CONFIG_FILE="getssl-duckdns01.cfg"
-    GETSSL_HOST=getssl.duckdns.org
 
     setup_environment
     init_getssl
@@ -49,7 +42,6 @@ setup() {
         skip "Running internal tests, skipping external test"
     fi
     CONFIG_FILE="getssl-duckdns01.cfg"
-    GETSSL_HOST=getssl.duckdns.org
 
     setup_environment
     init_getssl
diff --git a/test/Dockerfile-centos7-duckdns b/test/Dockerfile-centos7-duckdns
new file mode 100644
index 0000000..839ff76
--- /dev/null
+++ b/test/Dockerfile-centos7-duckdns
@@ -0,0 +1,28 @@
+FROM centos:centos7
+
+# Note this image uses gawk
+
+# Update and install required software
+RUN yum -y update
+RUN yum -y install epel-release
+RUN yum -y install git curl bind-utils wget which nginx
+
+ENV staging "true"
+ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb
+
+WORKDIR /root
+RUN mkdir /etc/nginx/pki
+RUN mkdir /etc/nginx/pki/private
+COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
+COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
+
+EXPOSE 80 443
+
+# Run eternal loop - for testing
+CMD tail -f /dev/null
diff --git a/test/Dockerfile-duckdns b/test/Dockerfile-ubuntu-duckdns
similarity index 100%
rename from test/Dockerfile-duckdns
rename to test/Dockerfile-ubuntu-duckdns
diff --git a/test/restart-nginx b/test/restart-nginx
index f947d8d..e62433d 100755
--- a/test/restart-nginx
+++ b/test/restart-nginx
@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-if [ "$GETSSL_HOST" = "alpine.getssl.test" ]; then
+if [ "$GETSSL_OS" = "alpine" ]; then
     killall -HUP nginx >&3-
     sleep 5
+elif [ "$GETSSL_OS" == "centos7" ]; then
+    pgrep nginx | head -1 | xargs kill -HUP
+    sleep 5
 else
     service nginx restart >/dev/null >&3-
 fi
diff --git a/test/run-test.cmd b/test/run-test.cmd
index e951c44..d1cf263 100644
--- a/test/run-test.cmd
+++ b/test/run-test.cmd
@@ -7,7 +7,8 @@ IF %2.==. GOTO NoCmd
 set COMMAND=%2 %3
 
 :CheckAlias
-IF %OS%==duckdns GOTO duckdns
+REM check if OS *contains* duckdns
+IF NOT x%OS:duckdns=%==x%OS% GOTO duckdns
 set ALIAS=%OS%.getssl.test
 set STAGING=
 GOTO Run
@@ -22,7 +23,7 @@ set COMMAND=bats /getssl/test
 GOTO CheckAlias
 
 :duckdns
-set ALIAS=getssl.duckdns.org
+set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
 set STAGING=--env STAGING=true
 
 :Run
@@ -32,6 +33,7 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
 @echo on
 docker run -it ^
   --env GETSSL_HOST=%ALIAS% %STAGING% ^
+  --env GETSSL_OS=%OS:-duckdns=% ^
   -v %cd%:/getssl ^
   --rm ^
   --network %CurrDirName%_acmenet ^
diff --git a/test/run-test.sh b/test/run-test.sh
index d85730f..07a1a49 100755
--- a/test/run-test.sh
+++ b/test/run-test.sh
@@ -14,8 +14,8 @@ else
     COMMAND="bats /getssl/test"
 fi
 
-if [ "$OS" == "duckdns" ]; then
-    ALIAS="getssl.duckdns.org"
+if [[ "$OS" == *"duckdns"* ]]; then
+    ALIAS="${OS%-duckdns}-getssl.duckdns.org"
     STAGING="--env STAGING=true"
 else
     ALIAS="$OS.getssl.test"
@@ -26,6 +26,7 @@ docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
 # shellcheck disable=SC2086
 docker run \
   --env GETSSL_HOST="$OS.getssl.test" $STAGING \
+  --env GETSSL_OS=${OS%-duckdns} \
   -v "$(pwd)":/getssl \
   --rm \
   --network ${PWD##*/}_acmenet \
diff --git a/test/test-config/nginx-centos7.conf b/test/test-config/nginx-centos7.conf
new file mode 100644
index 0000000..2327039
--- /dev/null
+++ b/test/test-config/nginx-centos7.conf
@@ -0,0 +1,37 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/test/test_helper.bash b/test/test_helper.bash
index d151d5a..3ffcf51 100644
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@@ -35,10 +35,15 @@ create_certificate() {
 }
 
 # start nginx in background on alpine via supervisord
+# shellcheck disable=SC2153 # Ignore GETSSL_OS looks like typo of GETSSL_IP
 if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
     if [[ ! $(pgrep supervisord) ]]; then
         /usr/bin/supervisord -c /etc/supervisord.conf >&3-
     fi
+elif [ "$GETSSL_OS" == "centos7" ]; then
+    if [ -z "$(pgrep nginx)" ]; then
+        nginx >&3-
+    fi
 fi
 
 # Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config)
@@ -52,7 +57,16 @@ else
 fi
 
 # Find IP address
-GETSSL_IP=$(ip address | awk '/10.30.50/ { print $2 }' | awk -F/ '{ print $1 }')
+if [[ -n "$(command -v ip)" ]]; then
+    IP=$(ip address)
+elif [[ -n "$(command -v hostname)" ]]; then
+    IP=$(hostname -I)
+else
+    echo "Cannot find IP address"
+    exit 1
+fi
+
+GETSSL_IP=$(echo "$IP" | awk '/10.30.50/ { print $2 }' | awk -F/ '{ print $1 }')
 export GETSSL_IP
 
 if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then

From 99bd342a5901326f7854a9ed6f3c79812ca297eb Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Fri, 6 Mar 2020 14:04:19 +0000
Subject: [PATCH 9/9] Update for multiple duckdns domains

---
 test/run-test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/run-test.sh b/test/run-test.sh
index 07a1a49..97842a5 100755
--- a/test/run-test.sh
+++ b/test/run-test.sh
@@ -25,7 +25,7 @@ fi
 docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
 # shellcheck disable=SC2086
 docker run \
-  --env GETSSL_HOST="$OS.getssl.test" $STAGING \
+  --env GETSSL_HOST=$ALIAS $STAGING \
   --env GETSSL_OS=${OS%-duckdns} \
   -v "$(pwd)":/getssl \
   --rm \