6 # Check if running in CI environment
7 if [[ ! "${CI:-false}" == "true" ]]; then
8 echo "ERROR: Not running in CI environment!"
16 if [[ -z "$(cat errorlog)" ]]; then
17 echo -e "[\u001B[32mPASS\u001B[0m]"
19 _FAIL "Non-empty errorlog"
23 echo -e "[\u001B[31mFAIL\u001B[0m]"
35 [[ -e "${1}" ]] || _FAIL "Missing file: ${1}"
38 grep "${1}" tmplog > /dev/null || _FAIL "Missing in log: ${1}"
41 # If not found (should be cached in travis) download ngrok
42 if [[ ! -e "ngrok/ngrok" ]]; then
46 wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip
52 # Run ngrok and grab temporary url from logfile
53 ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
55 TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
56 if [[ -z "${TMP_URL}" ]]; then
57 echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
61 # Run python webserver in .acme-challenges directory to serve challenge responses
62 mkdir -p .acme-challenges/.well-known/acme-challenge
65 python -m SimpleHTTPServer 8080 > /dev/null 2> /dev/null
68 # Generate config and create empty domains.txt
69 echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
70 echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
73 # Check if help command is working
74 _TEST "Checking if help command is working..."
75 ./letsencrypt.sh --help > tmplog 2> errorlog
76 _CHECK_LOG "Default command: help"
77 _CHECK_LOG "\--help (-h)"
78 _CHECK_LOG "\--domain (-d) domain.tld"
81 # Run in cron mode with empty domains.txt (should only generate private key and exit)
82 _TEST "First run in cron mode, checking if private key is generated and registered"
83 ./letsencrypt.sh --cron > tmplog 2> errorlog
84 _CHECK_LOG "Registering account key"
85 _CHECK_FILE "private_key.pem"
88 # Temporarily move config out of the way and try signing certificate by using temporary config location
89 _TEST "Try signing using temporary config location and with domain as command line parameter"
90 mv config.sh tmp_config.sh
91 ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog
92 _CHECK_LOG "Generating private key"
93 _CHECK_LOG "Requesting challenge for ${TMP_URL}"
94 _CHECK_LOG "Challenge is valid!"
95 _CHECK_LOG "Creating fullchain.pem"
98 mv tmp_config.sh config.sh
100 # Move private key and add new location to config
101 mv private_key.pem account_key.pem
102 echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
104 # Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing)
105 _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
106 echo "${TMP_URL}" >> domains.txt
107 ./letsencrypt.sh --cron > tmplog 2> errorlog
108 _CHECK_LOG "Skipping!"
111 # Delete account key (not needed anymore)
114 # Check if certificate is valid in various ways
115 _TEST "Verifying certificate..."
116 openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog
117 _CHECK_LOG "CN=${TMP_URL}"
118 openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog
119 (openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" 2>&1 || true) | (grep -v ': OK$' || true) >> errorlog 2>> errorlog
122 # Revoke certificate using certificate key
123 _TEST "Revoking certificate..."
124 ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog
125 _CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
127 _CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
projects / andy / dehydrated.git / blob