Merge pull request #563 from srvrco/force-v2

Auto upgrade CA url to ACMEv02

getssl

@@ -283,6 +283,7 @@ _REVOKE=0
 _UPGRADE=0
 _UPGRADE_CHECK=1
 _USE_DEBUG=0
+_ONLY_CHECK_CONFIG=0
 config_errors="false"
 LANG=C
 API=1
@@ -292,6 +293,18 @@ ORIGCMD="$0 $*"
 
 # Define all functions (in alphabetical order)
 
+auto_upgrade_v2() {  # Automatically update clients to v2
+  if [[ "${CA}" == *"acme-v01."* ]] || [[ "${CA}" == *"acme-staging."* ]]; then
+    OLDCA=${CA}
+    # shellcheck disable=SC2001
+    CA=$(echo "${OLDCA}" | sed "s/v01/v02/g")
+    # shellcheck disable=SC2001
+    CA=$(echo "${CA}" | sed "s/staging/staging-v02/g")
+    info "Upgraded to v2 (changed ${OLDCA} to ${CA})"
+  fi
+  debug "Using certificate issuer: ${CA}"
+}
+
 cert_archive() {  # Archive certificate file by copying files to dated archive dir.
   debug "creating an archive copy of current new certs"
   date_time=$(date +%Y_%m_%d_%H_%M)
@@ -2245,6 +2258,8 @@ while [[ -n ${1+defined} ]]; do
       _UPGRADE_CHECK=0 ;;
     -i | --install)
       _CERT_INSTALL=1 ;;
+    --check-config)
+      _ONLY_CHECK_CONFIG=1 ;;
     -w)
       shift; WORKING_DIR="$1" ;;
     -*)
@@ -2462,9 +2477,18 @@ set_server_type
 # check what dns utils are installed
 find_dns_utils
 
+# auto upgrade clients to v2
+auto_upgrade_v2
+
 # check config for typical errors.
 check_config
 
+# exit if just checking config (used for testing)
+if [ "${_ONLY_CHECK_CONFIG}" -eq 1 ]; then
+  info "Configuration check successful"
+  graceful_exit
+fi
+
 # if -i|--install install certs, reload and exit
 if [ "0${_CERT_INSTALL}" -eq 1 ]; then
   cert_install

test/12-auto-upgrade-v1.bats

@@ -0,0 +1,75 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+@test "Check that auto upgrade to v2 doesn't change pebble url" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-upgrade-test-pebble.cfg"
+    setup_environment
+    mkdir ${INSTALL_DIR}/.getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
+    run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST"
+    assert_success
+    assert_line 'Using certificate issuer: https://pebble:14000/dir'
+}
+
+
+@test "Check that auto upgrade to v2 doesn't change v2 staging url" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-upgrade-test-v2-staging.cfg"
+    setup_environment
+    mkdir ${INSTALL_DIR}/.getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
+    run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST"
+    assert_success
+    assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory'
+}
+
+
+@test "Check that auto upgrade to v2 doesn't change v2 prod url" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-upgrade-test-v2-prod.cfg"
+    setup_environment
+    mkdir ${INSTALL_DIR}/.getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
+    run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST"
+    assert_success
+    assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory'
+}
+
+
+@test "Check that auto upgrade to v2 changes v1 staging to v2 staging url" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-upgrade-test-v1-staging.cfg"
+    setup_environment
+    mkdir ${INSTALL_DIR}/.getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
+    run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST"
+    assert_success
+    assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory'
+}
+
+
+@test "Check that auto upgrade to v2 changes v1 prod to v2 prod url" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-upgrade-test-v1-prod.cfg"
+    setup_environment
+    mkdir ${INSTALL_DIR}/.getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
+    run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST"
+    assert_success
+    assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory'
+}

test/test-config/getssl-upgrade-test-pebble.cfg

@@ -0,0 +1,8 @@
+#
+# Test that auto-upgrade to v2 doesn't change pebble url
+#
+CA="https://pebble:14000/dir"
+
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')

test/test-config/getssl-upgrade-test-v1-prod.cfg

@@ -0,0 +1,7 @@
+#
+# Test that auto-upgrade to v2 changes v1 prod to v2 prod
+#
+CA="https://acme-v01.api.letsencrypt.org/directory"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')

test/test-config/getssl-upgrade-test-v1-staging.cfg

@@ -0,0 +1,7 @@
+#
+# Test that auto-upgrade to v2 changes v1 staging to v2 staging
+#
+CA="https://acme-staging.api.letsencrypt.org/directory"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')

test/test-config/getssl-upgrade-test-v2-prod.cfg

@@ -0,0 +1,7 @@
+#
+# Test that auto-upgrade to v2 doesn't change v2 prod url
+#
+CA="https://acme-v02.api.letsencrypt.org/directory"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')

test/test-config/getssl-upgrade-test-v2-staging.cfg

@@ -0,0 +1,7 @@
+#
+# Test that auto-upgrade to v2 doesn't change v2 staging url
+#
+CA="https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# Acme Challenge Location.
+ACL=('/var/www/html/.well-known/acme-challenge')