]>
Commit | Line | Data |
---|---|---|
9ebbce04 | 1 | sudo: false |
81882a64 | 2 | language: shell |
9ebbce04 LS |
3 | |
4 | cache: | |
5 | directories: | |
6 | - ngrok | |
7 | ||
8 | before_script: | |
79ef6af2 | 9 | # install ngrok |
9ebbce04 | 10 | - if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi |
79ef6af2 LS |
11 | |
12 | # run ngrok and grab url from logfile | |
9ebbce04 LS |
13 | - ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log & |
14 | - sleep 5 | |
15 | - cat tmp.log | |
16 | - export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)" | |
9ebbce04 | 17 | - if [[ -z "${TMP_URL}" ]]; then exit 1; fi |
79ef6af2 LS |
18 | |
19 | # start python http server in challenges directory | |
20 | - (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) & | |
21 | ||
22 | # generate config | |
9ebbce04 LS |
23 | - echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh |
24 | - echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh | |
25 | - echo "${TMP_URL}" > domains.txt | |
26 | ||
27 | script: | |
79ef6af2 | 28 | # check if help command is worling |
81882a64 | 29 | - ./letsencrypt.sh --help |
79ef6af2 LS |
30 | |
31 | # move config out of the way and try signing certificate by using temporary config location | |
81882a64 LS |
32 | - mv config.sh tmp_config.sh |
33 | - ./letsencrypt.sh --sign "${TMP_URL}" -f tmp_config.sh | |
34 | - mv tmp_config.sh config.sh | |
79ef6af2 LS |
35 | |
36 | # run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode) | |
81882a64 | 37 | - ./letsencrypt.sh --cron |
9ebbce04 | 38 | - ./letsencrypt.sh |
79ef6af2 LS |
39 | |
40 | # check if certificate is valid in various ways | |
9ebbce04 | 41 | - openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text |
79ef6af2 LS |
42 | - openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null |
43 | - "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\"" | |
2f3b13fb | 44 | - if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi |
79ef6af2 LS |
45 | |
46 | # delete account key | |
81882a64 | 47 | - rm private_key.pem |
79ef6af2 LS |
48 | |
49 | # revoke certificate using certificate key | |
81882a64 | 50 | - ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" |