fixed travis config? maybe. again.

author Lukas Schauer <lukas@schauer.so>

Mon, 14 Dec 2015 13:44:38 +0000 (14:44 +0100)

committer Lukas Schauer <lukas@schauer.so>

Mon, 14 Dec 2015 13:56:16 +0000 (14:56 +0100)
author Lukas Schauer <lukas@schauer.so>
Mon, 14 Dec 2015 13:44:38 +0000 (14:44 +0100)
committer Lukas Schauer <lukas@schauer.so>
Mon, 14 Dec 2015 13:56:16 +0000 (14:56 +0100)
diff --git a/.travis.yml b/.travis.yml

index 572d799232497c49e717765217546b3cf684c1a0..d6c25b54f6b478d147e4b0731407d58d120fca40 100644 (file)
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,27 +6,45 @@ cache:
      - ngrok
  
  before_script:
+  # install ngrok
    - if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi
+
+  # run ngrok and grab url from logfile
    - ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
    - sleep 5
    - cat tmp.log
    - export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
-  - (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
    - if [[ -z "${TMP_URL}" ]]; then exit 1; fi
+
+  # start python http server in challenges directory
+  - (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
+
+  # generate config
    - echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
    - echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
-  - echo 'ROOTCERT="lets-encrypt-staging.pem"' >> config.sh
    - echo "${TMP_URL}" > domains.txt
  
  script:
+  # check if help command is worling
    - ./letsencrypt.sh --help
+
+  # move config out of the way and try signing certificate by using temporary config location
    - mv config.sh tmp_config.sh
    - ./letsencrypt.sh --sign "${TMP_URL}" -f tmp_config.sh
    - mv tmp_config.sh config.sh
+
+  # run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode)
    - ./letsencrypt.sh --cron
    - ./letsencrypt.sh
+
+  # check if certificate is valid in various ways
    - openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
-  - export errout="$(openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" | grep -v ': OK$')"
+  - openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
+  - "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\""
    - if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi
+
+  # delete account key
    - rm private_key.pem
+
+  # revoke certificate using certificate key
    - ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"
author	Lukas Schauer <lukas@schauer.so>
	Mon, 14 Dec 2015 13:44:38 +0000 (14:44 +0100)
committer	Lukas Schauer <lukas@schauer.so>
	Mon, 14 Dec 2015 13:56:16 +0000 (14:56 +0100)