echo -n " + ${1} "
}
_PASS() {
+ if [[ ! -z "$(cat errorlog)" ]]; then
+ _FAIL
+ fi
echo -e "[\u001B[32mPASS\u001B[0m]"
}
_FAIL() {
if [[ ! -e "ngrok/ngrok" ]]; then
(
mkdir -p ngrok
- cd ngrog
+ cd ngrok
wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip
unzip ngrok.zip ngrok
chmod +x ngrok
# Run ngrok and grab temporary url from logfile
ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
+ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp2.log &
+ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp3.log &
sleep 2
TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
-if [[ -z "${TMP_URL}" ]]; then
+TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)"
+TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)"
+if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then
echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
exit 1
fi
echo 'CA="https://testca.kurz.pw/directory"' > config.sh
echo 'LICENSE="https://testca.kurz.pw/terms/v1"' >> config.sh
echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
+echo 'RENEW_DAYS="14"' >> config.sh
touch domains.txt
# Check if help command is working
# Temporarily move config out of the way and try signing certificate by using temporary config location
_TEST "Try signing using temporary config location and with domain as command line parameter"
mv config.sh tmp_config.sh
-./letsencrypt.sh --cron --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog || _FAIL "Script execution failed"
+./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config.sh > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_NOT_LOG "Checking domain name(s) of existing cert"
_CHECK_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}"
+_CHECK_LOG "Requesting challenge for ${TMP2_URL}"
_CHECK_LOG "Challenge is valid!"
_CHECK_LOG "Creating fullchain.pem"
_CHECK_LOG "Done!"
mv private_key.pem account_key.pem
echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
+# Add third domain to command-lime, should force renewal.
+_TEST "Run in cron mode again, this time adding third domain, should force renewal."
+./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed"
+_CHECK_LOG "Domain name(s) are not matching!"
+_CHECK_LOG "Forcing renew."
+_CHECK_LOG "Requesting challenge for ${TMP_URL}"
+_CHECK_LOG "Requesting challenge for ${TMP2_URL}"
+_CHECK_LOG "Requesting challenge for ${TMP3_URL}"
+_CHECK_LOG "Challenge is valid!"
+_CHECK_LOG "Creating fullchain.pem"
+_CHECK_LOG "Done!"
+_CHECK_ERRORLOG
+
# Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing)
_TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
-echo "${TMP_URL}" >> domains.txt
+echo "${TMP_URL} ${TMP2_URL} ${TMP3_URL}" >> domains.txt
./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Skipping!"
# Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key)
_TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
-echo "${TMP_URL}" >> domains.txt
./letsencrypt.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Ignoring because renew was forced!"
_CHECK_NOT_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}"
+_CHECK_LOG "Requesting challenge for ${TMP2_URL}"
+_CHECK_LOG "Requesting challenge for ${TMP3_URL}"
_CHECK_LOG "Challenge is valid!"
_CHECK_LOG "Creating fullchain.pem"
_CHECK_LOG "Done!"
_CHECK_ERRORLOG
+# Check if signcsr command is working
+_TEST "Running signcsr command"
+./letsencrypt.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed"
+_CHECK_ERRORLOG
+
# Delete account key (not needed anymore)
rm account_key.pem
_SUBTEST "Verifying certificate on its own..."
openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog && _PASS || _FAIL
_CHECK_LOG "CN=${TMP_URL}"
+_CHECK_LOG "${TMP2_URL}"
_SUBTEST "Verifying file with full chain..."
openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog && _PASS || _FAIL
_SUBTEST "Verifying certificate against CA certificate..."
# Revoke certificate using certificate key
_TEST "Revoking certificate..."
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
-_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
-_CHECK_LOG "SUCCESS"
-_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
+REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
+_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
+_CHECK_LOG "Done."
+_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
_CHECK_ERRORLOG
# All done
projects / andy / dehydrated.git / blobdiff