Test more than 10 domains (i7 branch)

6 years ago · 6d56c38474
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -13,5 +13,15 @@
        "rhel",
        "roboxes",
        "workdir"
    ]
 }
    ],
    "workbench.colorCustomizations": {
        "titleBar.activeBackground": "#68217a",
        "titleBar.inactiveBackground": "#68217a99",
        "titleBar.activeForeground": "#e7e7e7",
        "titleBar.inactiveForeground": "#e7e7e799",
        "statusBar.background": "#68217a",
        "statusBarItem.hoverBackground": "#8a2ca2",
        "statusBar.foreground": "#e7e7e7"
    },
    "peacock.color": "#68217A"
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,6 +7,8 @@ services:
    environment:
      # with Go 1.13.x which defaults TLS 1.3 to on
      GODEBUG: "tls13=1"
      # Don't re-use authorisations (breaks force renew test scripts)
      # PEBBLE_AUTHZREUSE: "0"
    ports:
      - 14000:14000  # HTTPS ACME API
      - 15000:15000  # HTTPS Management API
@ -33,6 +35,17 @@ services:
        ipv4_address: 10.30.50.4
        aliases:
          - getssl.test
          - a.getssl.test
          - b.getssl.test
          - c.getssl.test
          - d.getssl.test
          - e.getssl.test
          - f.getssl.test
          - g.getssl.test
          - h.getssl.test
          - i.getssl.test
          - j.getssl.test
          - k.getssl.test

 networks:
  acmenet:
--- a/+ 1
+++ b/+ 1
@ -1467,7 +1467,7 @@ json_get() { # get values from json
    if [[ -n "$6" ]]; then
      full=$(json_awk "$1")
      section=$(echo "$full" | grep "\"$2\"" | grep "\"$3\"" | grep "\"$4\"" | awk -F"," '{print $2}')
      echo "$full" | grep "^..${5}\",$section" | awk '{print $2}' | tr -d '"'
      echo "$full" | grep "^..${5}\",$section\]" | awk '{print $2}' | tr -d '"'
    elif [[ -n "$5" ]]; then
      full=$(json_awk "$1")
      section=$(echo "$full" | grep "\"$2\"" | grep "\"$3\"" | grep "\"$4\"" | awk -F"," '{print $2}')
--- a/test/pebble/config/pebble-config.json
+++ b/test/pebble/config/pebble-config.json
@ -0,0 +1,11 @@

 {
    "pebble": {
      "listenAddress": "0.0.0.0:14000",
      "managementListenAddress": "0.0.0.0:15000",
      "httpPort": 80,
      "tlsPort": 443,
      "ocspResponderURL": "",
      "externalAccountBindingRequired": false
    }
  }
--- a/test/run-test-10-hosts.sh
+++ b/test/run-test-10-hosts.sh
@ -0,0 +1,28 @@
 #! /bin/bash

 set -e

 # Test setup
 if [[ -d /root/.getssl ]]; then
    rm -r /root/.getssl
 fi

 HOST=getssl.test

 wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
 # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt

 for prefix in a b c d e f g h i j k; do
    curl -X POST -d '{"host":"'$prefix.$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
 done

 # Test #1 - http-01 verification
 echo Test \#1 - http-01 verification

 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-http01-10-hosts.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl -f $HOST
--- a/test/run-test-dual-eca.sh
+++ b/test/run-test-dual-eca.sh
@ -0,0 +1,46 @@
 #! /bin/bash

 set -e

 # Test setup
 if [[ -d /root/.getssl ]]; then
    rm -r /root/.getssl
 fi

 HOST=getssl.test

 wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
 # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt

 curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a

 # Test #1 - http-01 verification
 echo Test \#1 - http-01 verification

 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl -f $HOST

 # Test #2 - http-01 forced renewal
 echo Test \#2 - http-01 forced renewal
 /getssl/getssl $HOST -f

 # Test cleanup
 rm -r /root/.getssl

 # Test #3 - dns-01 verification
 echo Test \#3 - dns-01 verification

 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl $HOST

 # Test #4 - dns-01 forced renewal
 echo Test \#4 - dns-01 forced renewal
 /getssl/getssl $HOST -f
--- a/test/run-test.sh
+++ b/test/run-test.sh
@ -27,10 +27,6 @@ cp /getssl/test/test-config/getssl-http01.cfg /root/.getssl/${HOST}/getssl.cfg

 # Test #2 - http-01 forced renewal
 echo Test \#2 - http-01 forced renewal

 # Remove previous validation tokens
 rm -rf /var/www/html/.well-known
 service nginx restart
 /getssl/getssl $HOST -f

 # Test cleanup
@ -47,9 +43,4 @@ cp /getssl/test/test-config/getssl-dns01.cfg /root/.getssl/${HOST}/getssl.cfg

 # Test #4 - dns-01 forced renewal
 echo Test \#4 - dns-01 forced renewal

 # There's a race condition if renew too soon (authlink returns "valid" instead of "pending")
 echo Sleeping 30s to allow previous validation to expire
 sleep 30

 /getssl/getssl $HOST -f
--- a/test/test-config/getssl-http01-10-hosts.cfg
+++ b/test/test-config/getssl-http01-10-hosts.cfg
@ -0,0 +1,28 @@
 # Uncomment and modify any variables you need
 # see https://github.com/srvrco/getssl/wiki/Config-variables for details
 # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs

 CA="https://pebble:14000/dir"

 # Additional domains - this could be multiple domains / subdomains in a comma separated list
 # Note: this is Additional domains - so should not include the primary domain.
 SANS="a.getssl.test,b.getssl.test,c.getssl.test,d.getssl.test,e.getssl.test,f.getssl.test,g.getssl.test,h.getssl.test,i.getssl.test,j.getssl.test,k.getssl.test"

 # Acme Challenge Location.
 ACL=('/var/www/html/.well-known/acme-challenge')

 # Use a single ACL for all checks
 USE_SINGLE_ACL="true"

 # Location for all your certs, these can either be on the server (full path name)
 DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
 DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
 CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
 DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert

 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"

 #SERVER_TYPE="https"
 #CHECK_REMOTE="true"