From 32c732e276b2637cdda1fd1cc8b5ba318a765687 Mon Sep 17 00:00:00 2001 From: Michael Sprauer Date: Tue, 30 Jun 2020 22:43:22 +0200 Subject: [PATCH] certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json` --- target/check-for-changes.sh | 8 ++- target/helper_functions.sh | 68 ++++++++++++------- target/start-mailserver.sh | 4 +- test/config/letsencrypt/acme-changed.json | 31 +++++++++ test/config/letsencrypt/acme.json | 31 +++++++++ test/config/letsencrypt/changed/cert.pem | 18 +++++ test/config/letsencrypt/changed/fullchain.pem | 36 ++++++++++ test/config/letsencrypt/changed/key.pem | 27 ++++++++ test/mail_ssl_letsencrypt.bats | 51 ++++++++++++++ 9 files changed, 247 insertions(+), 27 deletions(-) create mode 100644 test/config/letsencrypt/acme-changed.json create mode 100644 test/config/letsencrypt/acme.json create mode 100644 test/config/letsencrypt/changed/cert.pem create mode 100644 test/config/letsencrypt/changed/fullchain.pem create mode 100644 test/config/letsencrypt/changed/key.pem diff --git a/target/check-for-changes.sh b/target/check-for-changes.sh index 804d7070..da3e0607 100755 --- a/target/check-for-changes.sh +++ b/target/check-for-changes.sh @@ -1,5 +1,7 @@ #!/bin/bash +. /usr/local/bin/helper_functions.sh + # create date for log output log_date=$(date +"%Y-%m-%d %H:%M:%S ") echo "${log_date} Start check-for-changes script." @@ -32,7 +34,7 @@ echo "${log_date} Using postmaster address ${PM_ADDRESS}" # Create an array of files to monitor, must be the same as in start-mailserver.sh declare -a cf_files=() -for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do +for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json; do [ -f "$file" ] && cf_files+=("$file") done @@ -61,6 +63,10 @@ if [[ $chksum == *"FAIL"* ]]; then ( flock -e 200 + if [[ $chksum == *"/etc/letsencrypt/acme.json: FAILED"* ]]; then + (extractCertsFromAcmeJson "$HOSTNAME" || extractCertsFromAcmeJson "$DOMAINNAME") + fi + #regen postix aliases. echo "root: ${PM_ADDRESS}" > /etc/aliases if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then diff --git a/target/helper_functions.sh b/target/helper_functions.sh index 207daef1..24a13829 100644 --- a/target/helper_functions.sh +++ b/target/helper_functions.sh @@ -2,36 +2,54 @@ # expects mask prefix length and the digit function _mask_ip_digit() { - if [[ $1 -ge 8 ]]; then - MASK=255 - else - if [[ $1 -le 0 ]]; then - MASK=0 - else - VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255') - MASK=${VALUES[$1]} - fi - fi - echo $(( $2 & $MASK )) + if [[ $1 -ge 8 ]]; then + MASK=255 + else + if [[ $1 -le 0 ]]; then + MASK=0 + else + VALUES=('0' '128' '192' '224' '240' '248' '252' '254' '255') + MASK=${VALUES[$1]} + fi + fi + echo $(($2 & $MASK)) } # transforms a specific ip with CIDR suffix like 1.2.3.4/16 # to subnet with cidr suffix like 1.2.0.0/16 function _sanitize_ipv4_to_subnet_cidr() { - IP=${1%%/*} - PREFIX_LENGTH=${1#*/} + IP=${1%%/*} + PREFIX_LENGTH=${1#*/} - # split IP by . into digits - DIGITS=(${IP//./ }) + # split IP by . into digits + DIGITS=(${IP//./ }) - # mask digits according to prefix length - MASKED_DIGITS=() - DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH" - for DIGIT in "${DIGITS[@]}" ; do - MASKED_DIGITS+=( $(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT) ) - DIGIT_PREFIX_LENGTH=$(( $DIGIT_PREFIX_LENGTH - 8 )) - done + # mask digits according to prefix length + MASKED_DIGITS=() + DIGIT_PREFIX_LENGTH="$PREFIX_LENGTH" + for DIGIT in "${DIGITS[@]}"; do + MASKED_DIGITS+=($(_mask_ip_digit $DIGIT_PREFIX_LENGTH $DIGIT)) + DIGIT_PREFIX_LENGTH=$(($DIGIT_PREFIX_LENGTH - 8)) + done - # output masked ip plus prefix length - echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH -} \ No newline at end of file + # output masked ip plus prefix length + echo ${MASKED_DIGITS[0]}.${MASKED_DIGITS[1]}.${MASKED_DIGITS[2]}.${MASKED_DIGITS[3]}/$PREFIX_LENGTH +} + +# extracts certificates from acme.json and returns 0 if found +function extractCertsFromAcmeJson() { + WHAT=$1 + # sorry for the code-golf :( + KEY=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"key\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]") + CERT=$(cat /etc/letsencrypt/acme.json | python -c "import sys,json,itertools; print map(lambda c: c[\"certificate\"] if (c[\"domain\"][\"main\"]==\"$WHAT\" or \"$WHAT\" in c[\"domain\"][\"sans\"]) else \"\", list(itertools.chain.from_iterable(map(lambda x: x[\"Certificates\"], json.load(sys.stdin).values()))))[0]") + + if [[ -n "${KEY}${CERT}" ]]; then + mkdir -p /etc/letsencrypt/live/"$HOSTNAME"/ + echo $KEY | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem || exit 1 + echo $CERT | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem || exit 1 + echo "Cert found in /etc/letsencrypt/acme.json for $WHAT" + return 0 + else + return 1 + fi +} diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 7f56923e..932b00b1 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -505,7 +505,7 @@ function _setup_chksum_file() { pushd /tmp/docker-mailserver declare -a cf_files=() - for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf; do + for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf dovecot-quotas.cf /etc/letsencrypt/acme.json; do [ -f "$file" ] && cf_files+=("$file") done @@ -1048,6 +1048,8 @@ function _setup_ssl() { local LETSENCRYPT_DOMAIN="" local LETSENCRYPT_KEY="" + [[ -f /etc/letsencrypt/acme.json ]] && (extractCertsFromAcmeJson "$HOSTNAME" || extractCertsFromAcmeJson "$DOMAINNAME") + # first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert if [ -e "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]; then LETSENCRYPT_DOMAIN=$HOSTNAME diff --git a/test/config/letsencrypt/acme-changed.json b/test/config/letsencrypt/acme-changed.json new file mode 100644 index 00000000..0e05482a --- /dev/null +++ b/test/config/letsencrypt/acme-changed.json @@ -0,0 +1,31 @@ +{ + "le": { + "Account": { + "Email": "acme@admin.com", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@admin.com" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "YES", + "KeyType": "4096" + }, + "Certificates": [ + { + "domain": { + "main": "mail.my-domain.com", + "sans": [ + "mail2.my-domain.com" + ] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1RENDQWN5Z0F3SUJBZ0lKQU4vKzNMTVF2bnYxTUEwR0NTcUdTSWIzRFFFQkN3VUFNQkl4RURBT0JnTlYKQkFNTUIzUmxjM1F0WTJFd0hoY05NakF3TmpJNU1qQTFOVEl4V2hjTk1qQXdPREk0TWpBMU5USXhXakFXTVJRdwpFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DCmdnRUJBTDVVTmc3eWJyWG9DSW5teFErZjM4KytzTEVjZ0c2UDBYK2ZhSDExQnc0N1Z0K21mMXZsdEloN29qTzgKRGVYcUZ4c0dMM1MvWXF5dVhYMFRHSU9oL2Nzam52djFHRUwxVXgwWUNzeUZrdmZsYjhOdVNLVzUyVDBkblVxRgpaRndsZHlrQ3dIblF4bXdZWnhuWmpWRjJZT3IvS21HWnZPNWR4U1RzL3FEdVUwY3AzRkQ0ejJDQkVMTG16aXh2CmZPMkxnazFZbi9IOW1OTE5TS1FhaVNlQ3hJZDVDek5JbG1VSWZuTDB0dWMzbjJmTmlnanVQS09WMkgvN05WVFQKVHJpdVAzODRieDlXVExmWDI5Y24rSG80aEtCYXEydDFXbXoranNXaTFneWExS3JMQU00enpRSEkrdTZyMytqUwozUHNSVnMxY3N5TzJOQ1hxVm8vYnhxZTM4K3NDQXdFQUFhTTVNRGN3Q1FZRFZSMFRCQUl3QURBTEJnTlZIUThFCkJBTUNCZUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGQndNQk1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFrbUhIVGFaOGhpU3RvQS9YWWpHWGtIVDVEQmpqT2hSbTNtbWRDRit4aGJVY2ovZnJ3QlluMAphcEFHZk5TR3ErUEpUZ1Zkc1pVQUMrc09meFJtZTNGalU1Z0Fla2VJRGpPUU1kMVZiZG1jSVd0bkorVHR6OTRGClFtNVY3RGY4a1ZrY3FFNlV2dlh5WDNZRUZqMi9md2I0aHh5eWwvZkFXbDVhY1dUTE5BMm1PS20vZk1oS2V6K2gKM1ZHaEtRNVpHUzBRdCtMZWEzbzdMV3M1ZEg1TGhTdnMzRmU5UFNkZHhhME5idHI0c2ZnZk9JUUpnbzJtQ3ZjaAp1NXpGcTdudkRxZHNtZFp3WU1JY2lucFBXSmdFb1FMSldVL2dXTDJZYSs1a0oxMzdzbVBjWVg3akRTeUJIbGtRCm9BWU9CNjVZbm9XeFZ1UXRLcUhXNmY4bnFEMW53RUJuCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5ekNDQWQrZ0F3SUJBZ0lKQVAvNDFhc0srSTNCTUEwR0NTcUdTSWIzRFFFQkN3VUFNQkl4RURBT0JnTlYKQkFNTUIzUmxjM1F0WTJFd0hoY05NakF3TmpJNU1qQTFOVEl4V2hjTk1qQXdPREk0TWpBMU5USXhXakFTTVJBdwpEZ1lEVlFRRERBZDBaWE4wTFdOaE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCmt6bE9GM1E4d3Q2RzhNOENnKy9VQURsa2JPVW5CbGJDd2xSbnFTcnZyWDdCUmMzN1IxWStLenNNbUdna1BrdkUKY3padVdiT1FVOGdoblFKd1NIVC9BSzFnNWpNYzdtWkxTa0UrdVZNb3I0KzRWZ3Q0a0t2Zmt0emNDSk9mby9xTApYVjJlUFJnVmxIaitwZWlscUhNTThQMDNWUHg2a3E3b1pFMXBCbGg0UXlMejdEWWNQNkFEM0JxL0hTTTVobXZQCmlIYkNIeTZ5ZitRc3VCcWFXQ2VjMXlnYzlHUG55RFhRb0RSQXdsY0EwYVZTU29zYzZIZVZRb0RCUFR6WlVyaU0KcmlxUEszWVQ0TEdFSDZuVHgzUlV0anVHOFpkR3pwZ3V3OS95MHRjY3Q3NzdXTEZJZXVCUWttWmlNRzNYZWl2dQpUYmZIQ2JxSkNPNTNmc2JLMENyekVRSURBUUFCbzFBd1RqQWRCZ05WSFE0RUZnUVV4bzZOWFJpMzlReEpuWlpECnZieGNvK20yVTdZd0h3WURWUjBqQkJnd0ZvQVV4bzZOWFJpMzlReEpuWlpEdmJ4Y28rbTJVN1l3REFZRFZSMFQKQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBT0JLTUcyYWFaK2YyR2F6ZHRxNytJbFJNM1lGdgppbkY1dWFaM2JxQytwS0RiMXdaSkx6V2dIVmdOU0dYZXRIUEthOVFweVFxRWUvYllNSzdhdkpvLy9GbWhnMCszClN3STJnOUJvSVBCZDRqSUJZNDFoL3pyeVRZNFBMeC9OcWFwV1I0LzNuRFBKM1NTTUhaNEpnUDhHVFhsem1GNmoKNFVnd1JyTEZRZDBaWllORFJvOGJaZVVFcVg3MGswRXFZOVF4QmpKZ1V6VnlXWWpQKy9TZVhBQkp5UHY3bHpSTgpudktqM0Y5MWVOZnFmOFkrV2RkdkI4am4zTFhvazRTaUZ6eEVTZkozblZPZ3dwOFNQaGhUU2hiWFFhajQ4Rng4Cm82VEdNOXV0UHROOXFJTnd2cXlySzRsVXdLajZZTHlUa1YxMG9WZ3RKWWh5eUhWVmw3SmhjOFVJTXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", + "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdmxRMkR2SnV0ZWdJaWViRkQ1L2Z6NzZ3c1J5QWJvL1JmNTlvZlhVSERqdFczNlovClcrVzBpSHVpTTd3TjVlb1hHd1l2ZEw5aXJLNWRmUk1ZZzZIOXl5T2UrL1VZUXZWVEhSZ0t6SVdTOStWdncyNUkKcGJuWlBSMmRTb1ZrWENWM0tRTEFlZERHYkJobkdkbU5VWFpnNnY4cVlabTg3bDNGSk96K29PNVRSeW5jVVBqUApZSUVRc3ViT0xHOTg3WXVDVFZpZjhmMlkwczFJcEJxSko0TEVoM2tMTTBpV1pRaCtjdlMyNXplZlo4MktDTzQ4Cm81WFlmL3MxVk5OT3VLNC9memh2SDFaTXQ5ZmIxeWY0ZWppRW9GcXJhM1ZhYlA2T3hhTFdESnJVcXNzQXpqUE4KQWNqNjdxdmY2TkxjK3hGV3pWeXpJN1kwSmVwV2o5dkdwN2Z6NndJREFRQUJBb0lCQVFDdWZoNGhqZm9hSStUUQpLUlk1d09VOFhTTTQvVnh5QU1DZE5OUmpVTXRyTE5QMHIzek1EOGgzNklGSTFQd1k4WWpGYWVKUU1yYVFnanVMCjA5b0J0SjR0Z3piYTRGV2g3YkNKVitWdXBIZWRkbWdFMERNaVhVVGhWeWxCalJINXVRK0tOYytvM3ROTGZ3UG4KR3lFSXNuTWdmMWVucTM4Zk9qRG9MYTgwYzhzOXpYaEh0Wng5SlF6RFViUXIrRE5UUzBSTFA1Mk1JL3BYR0MrZwpUMjI1c1ZWMzl1cVFGY2NIRUNhY0xEYlllNUVoelJpMlBOQTk4Zkh0Ty9sQVA5amp2UWlNY2NyMEtqanpFSGxTCmxvRnMxL3kvdkNBby9rVGhxaEtMLzBUM3FkaUcrWU5zbmUrVGh5Mnh4NVczN1lNR0l0ZTlmKzV5bVRtYitsZ2IKZlU2L2kydGhBb0dCQVBPNlVydDUwaDN2SjJtLytNRkNrb2tjYTE5NWs5c1lPMVJNa1RZSFBaNW40K25UdTMybwpSREt1L0t3T2dseTljcDAwUW44WEljRGk3TXV0OE1LN1JHdjFXeVpWbGJYMStMMzFGVCtjL045NnJIQmE1U0hJCm5oZFRMQkxQVG1iNk9PUFNXWEVIbDAwdnNsdEFsdXRJcnVmanpvd0V0Z3B0T2hZTzhhNjA4aWh2QW9HQkFNZnAKa2l1LzBibDdjUWdZZmdmSWZ5YzJpTU9aU0RseVRFRThxZmhWa1NWNFg3bDNycXk3eUNQNEc1MXBaQ1dWcDl6WQo4UzNtYmlDM3hYVjZpTzVQeGVoS1ZmdnFySXF6MnpaWDhTRjFhMUwzekRGQ3BFNkdmUHB5Uk1uK01hLy84b3haCmRwdGV6WlRCMVJtUDd6UndIVGJrSXhjU3NuYkVUOWNuZDc1ck9OSkZBb0dCQU0wQm0xZFFONW13TU5HMWhQSmkKSWNtc212QTYzbEE2eUtTMnBxbndXemNqb2NScnNWZ1hzZzJEdk1xb2hhU21RWUxUazE4OVFNbnkxa1RZY1J3SwowcG1RVG5Rbkp2OWYvek1ndEJmRzM3akdnY2NiM1lHV01zdmh6TCtobWd2cVN2SHVYQWRENEZNdlhIRi9HYktjCmQycGI1cjlGc3kyQUJJekxVeVNsMU02SEFvR0FCQUxneHZYelhGaG92VFBZbTRsZlc4Y1JXWE5pNnB3cmdZZVoKRlgyS0N3bHVTa2RuZnRuSnUwY0lMdEZsakFlRHRiKzRueVluZ1lxT2NMd0RzVnh5YVNYTXNlQlVrL2ZsNXlJKwptV0JFeGdabzEzZ3gyYzJEQm5keWYrY1UwaVk5bEtsYTR1VTFGTTRLMjVkeXdrZVpubmRYYU9nY0lwdnZ5aTVsCmpiR1RFMDBDZ1lBVCtVTm9tcDhKbW01YXFDME1kc050OW13T0tMVnRDazFZei9YODVQbVNpU1p4eG11cThVNXUKYThvYUovTm1tTXBZc1JHOXB5NW1JZ0RXSDFicnlPWlA3YVB0T0lWWnBZSDc3cU1ySjR2RmJ6MkphQTFiMWlySgoyMkhkajFYRDdMdjJ1cXQ3UVVsYU5RY3VrSkZJSE94WVJOWUNobEpuSUVmMmU3MGpkbEN4TGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } +} diff --git a/test/config/letsencrypt/acme.json b/test/config/letsencrypt/acme.json new file mode 100644 index 00000000..244d058a --- /dev/null +++ b/test/config/letsencrypt/acme.json @@ -0,0 +1,31 @@ +{ + "le": { + "Account": { + "Email": "acme@admin.com", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@admin.com" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "YES", + "KeyType": "4096" + }, + "Certificates": [ + { + "domain": { + "main": "mail.my-domain.com", + "sans": [ + "mail2.my-domain.com" + ] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHVENDQkFHZ0F3SUJBZ0lTQTUwamo2QS9pbEV4TWxhNDFQd1NlanlCTUEwR0NTcUdTSWIzRFFFQkN3VUEKTUVveEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1TTXdJUVlEVlFRRApFeHBNWlhRbmN5QkZibU55ZVhCMElFRjFkR2h2Y21sMGVTQllNekFlRncweE5qQTBNVGt4T1RBMU1EQmFGdzB4Ck5qQTNNVGd4T1RBMU1EQmFNQlV4RXpBUkJnTlZCQU1UQ21sbWRYTnBieTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDY0NsZitQZWUxRUl0ZG5qYWdPVVF1d0E0U0xMaUtDZjVUKzJFYwpCUG53TUdLdERiL1RCV2M4S0VIUUd4WUNkdGFtRmNpVCtPWFVsSkdqUEdFbmE0REFLQU5pNW5qbXErVFFGYjdKCmlwQTdwZlE0ZnAvMk9xRzNlNlN3TnZXdXJKbEhJaWdpTGUxbGJjKzdydC81aG9uN0p3bjI2MHgvWGFQSFhSa1UKQWl5NUZTRFZlWG5uQ0w1UU91NXNybkhyZFRsV3BFbno5V1V2WUNqM0RNUjM4Z3hvam5tcGo0OGFNUlJ0ckJBTwpObHhUOVRzc0hvS3ZEWEkxYkViZWIydHBtQy8ra1JQdXNJdWtpdWNjM0ZvOVIvc0hYakZrRDdtSzJVTWIwVUxFCkJHMkQ0d3dFSU5VU0czQjN3c3UwZXl3QWxrcFgxVWNGemRGVHRzalU3VjJhMDZqQkFnTUJBQUdqZ2dJc01JSUMKS0RBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZPS3FSbktUZDJhZFdEK1NuZFNaVkZQc0xWSmtNQjhHCkExVWRJd1FZTUJhQUZLaEthbU1FZmQyNjV0RTV0NlpGWmUvenFPeWhNSEFHQ0NzR0FRVUZCd0VCQkdRd1lqQXYKQmdnckJnRUZCUWN3QVlZamFIUjBjRG92TDI5amMzQXVhVzUwTFhnekxteGxkSE5sYm1OeWVYQjBMbTl5Wnk4dwpMd1lJS3dZQkJRVUhNQUtHSTJoMGRIQTZMeTlqWlhKMExtbHVkQzE0TXk1c1pYUnpaVzVqY25sd2RDNXZjbWN2Ck1EWUdBMVVkRVFRdk1DMkNDbWxtZFhOcGJ5NWpiMjJDRDIxaGFXd3VhV1oxYzJsdkxtTnZiWUlPZDNkM0xtbG0KZFhOcGJ5NWpiMjB3Z2Y0R0ExVWRJQVNCOWpDQjh6QUlCZ1puZ1F3QkFnRXdnZVlHQ3lzR0FRUUJndDhUQVFFQgpNSUhXTUNZR0NDc0dBUVVGQndJQkZocG9kSFJ3T2k4dlkzQnpMbXhsZEhObGJtTnllWEIwTG05eVp6Q0Jxd1lJCkt3WUJCUVVIQWdJd2daNE1nWnRVYUdseklFTmxjblJwWm1sallYUmxJRzFoZVNCdmJteDVJR0psSUhKbGJHbGwKWkNCMWNHOXVJR0o1SUZKbGJIbHBibWNnVUdGeWRHbGxjeUJoYm1RZ2IyNXNlU0JwYmlCaFkyTnZjbVJoYm1ObApJSGRwZEdnZ2RHaGxJRU5sY25ScFptbGpZWFJsSUZCdmJHbGplU0JtYjNWdVpDQmhkQ0JvZEhSd2N6b3ZMMnhsCmRITmxibU55ZVhCMExtOXlaeTl5WlhCdmMybDBiM0o1THpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWd6ZjkKRFZDZFZ0S3ZsbUdlVDJwdUhVNVVMZjN0L0pENk5MM29jdUJNc0RRUE9IeGE2a2t5ZDZ4cWRCQWVsTlNmRVl2KwpCVmZRcDZXb3gySUdyd2ZxcXZOTnpQR1RITHhTcEs5NEdrMGVlZzdZaGN4am9Pcnl2NEZnb3dRT2F4NUowT1NTCldJZEFGVnlrUHM4N1dLeUhOWThXMXpsZS9ZZTl5alM2YmpIZGpxbk9pRy83cURRL0REWUduN0lMSEFIbVVaWXkKMVFRMEVkZmZOa0xwa21DblRub3RnQlVwcW1EdDdwTU5aUnVZRlRRcTYzMWloZTdqUlhqU2tnV1M3dFRmVVQxNQpTZXNVSW8xTmJqQ0ptQmNlRmQyYy9zcmdWbGJXYzJMWHQ3UWY1eXhXSnloVDE2ci9NN29rMGJ0SDI1RDVhemsyClRLZG5xL1FGaEhXVlpVcjNoZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVrakNDQTNxZ0F3SUJBZ0lRQ2dGQlFnQUFBVk9GYzJvTGhleW5DREFOQmdrcWhraUc5dzBCQVFzRkFEQS8KTVNRd0lnWURWUVFLRXh0RWFXZHBkR0ZzSUZOcFoyNWhkSFZ5WlNCVWNuVnpkQ0JEYnk0eEZ6QVZCZ05WQkFNVApEa1JUVkNCU2IyOTBJRU5CSUZnek1CNFhEVEUyTURNeE56RTJOREEwTmxvWERUSXhNRE14TnpFMk5EQTBObG93ClNqRUxNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQW9URFV4bGRDZHpJRVZ1WTNKNWNIUXhJekFoQmdOVkJBTVQKR2t4bGRDZHpJRVZ1WTNKNWNIUWdRWFYwYUc5eWFYUjVJRmd6TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBUThBTUlJQkNnS0NBUUVBbk5NTThGcmxMa2UzY2wwM2c3Tm9ZekRxMXpVbUdTWGh2YjQxOFhDU0w3ZTRTMEVGCnE2bWVOUWhZN0xFcXhHaUhDNlBqZGVUbTg2ZGljYnA1Z1dBZjE1R2FuL1BRZUdkeHlHa09sWkhQL3VhWjZXQTgKU014K3lrMTNFaVNkUnh0YTY3bnNIamNBSEp5c2U2Y0Y2czVLNjcxQjVUYVl1Y3Y5YlR5V2FOOGpLa0tRRElaMApaOGgvcFpxNFVtRVVFejlsNllLSHk5djZEbGIyaG9uemhUK1hocSt3M0JydmF3MlZGbjNFSzZCbHNwa0VObldBCmE2eEs4eHVRU1hndm9wWlBLaUFsS1FUR2RNRFFNYzJQTVRpVkZycW9NN2hEOGJFZnd6Qi9vbmt4RXowdE52amoKL1BJemFyazVNY1d2eEkwTkhXUVdNNnI2aENtMjFBdkEySDNEa3dJREFRQUJvNElCZlRDQ0FYa3dFZ1lEVlIwVApBUUgvQkFnd0JnRUIvd0lCQURBT0JnTlZIUThCQWY4RUJBTUNBWVl3ZndZSUt3WUJCUVVIQVFFRWN6QnhNRElHCkNDc0dBUVVGQnpBQmhpWm9kSFJ3T2k4dmFYTnlaeTUwY25WemRHbGtMbTlqYzNBdWFXUmxiblJ5ZFhOMExtTnYKYlRBN0JnZ3JCZ0VGQlFjd0FvWXZhSFIwY0RvdkwyRndjSE11YVdSbGJuUnlkWE4wTG1OdmJTOXliMjkwY3k5awpjM1J5YjI5MFkyRjRNeTV3TjJNd0h3WURWUjBqQkJnd0ZvQVV4S2V4cEhzc2NmcmI0VXVRZGYvRUZXQ0ZpUkF3ClZBWURWUjBnQkUwd1N6QUlCZ1puZ1F3QkFnRXdQd1lMS3dZQkJBR0MzeE1CQVFFd01EQXVCZ2dyQmdFRkJRY0MKQVJZaWFIUjBjRG92TDJOd2N5NXliMjkwTFhneExteGxkSE5sYm1OeWVYQjBMbTl5WnpBOEJnTlZIUjhFTlRBegpNREdnTDZBdGhpdG9kSFJ3T2k4dlkzSnNMbWxrWlc1MGNuVnpkQzVqYjIwdlJGTlVVazlQVkVOQldETkRVa3d1ClkzSnNNQjBHQTFVZERnUVdCQlNvU21wakJIM2R1dWJST2JlbVJXWHY4Nmpzb1RBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUEzVFBYRWZOaldEamRHQlg3Q1ZXK2RsYTVjRWlsYVVjbmU4SWtDSkx4V2g5S0VpazNKSFJSSEdKbwp1TTJWY0dmbDk2UzhUaWhSelp2b3JvZWQ2dGk2V3FFQm10enczV29kYXRnK1Z5T2VwaDRFWXByLzF3WEt0eDgvCndBcEl2SlN3dG1WaTRNRlU1YU1xclNERTZlYTczTWoydGNNeW81ak1kNmptZVdVSEs4c28vam9XVW9IT1Vnd3UKWDRQbzFRWXorM2RzemtEcU1wNGZrbHhCd1hSc1cxMEtYelBNVForc09QQXZleXhpbmRtamtXOGxHeStRc1JsRwpQZlorRzZaNmg3bWplbTBZK2lXbGtZY1Y0UElXTDFpd0JpOHNhQ2JHUzVqTjJwOE0rWCtRN1VOS0VrUk9iM042CktPcWtxbTU3VEgySDNlREpBa1NuaDYvRE5GdTBRZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=", + "key": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2NDbGYrUGVlMUVJdGQKbmphZ09VUXV3QTRTTExpS0NmNVQrMkVjQlBud01HS3REYi9UQldjOEtFSFFHeFlDZHRhbUZjaVQrT1hVbEpHagpQR0VuYTREQUtBTmk1bmptcStUUUZiN0ppcEE3cGZRNGZwLzJPcUczZTZTd052V3VySmxISWlnaUxlMWxiYys3CnJ0LzVob243SnduMjYweC9YYVBIWFJrVUFpeTVGU0RWZVhubkNMNVFPdTVzcm5IcmRUbFdwRW56OVdVdllDajMKRE1SMzhneG9qbm1wajQ4YU1SUnRyQkFPTmx4VDlUc3NIb0t2RFhJMWJFYmViMnRwbUMvK2tSUHVzSXVraXVjYwozRm85Ui9zSFhqRmtEN21LMlVNYjBVTEVCRzJENHd3RUlOVVNHM0Izd3N1MGV5d0Fsa3BYMVVjRnpkRlR0c2pVCjdWMmEwNmpCQWdNQkFBRUNnZ0VBTStjQTQ5RmxqQVdIeGNrRmRILzMzUEVHL1NhZzcxRnBwamVjVW55WlFqcGwKNkJnRnNVUS8xWE95aUcwcUFnSFRYZ1VxNVlWSnRVOEJybUU4RTZlZmVNc1diVVFwL05nNlVMaWE4R0RGbndHUgpYV1ZKQWRiNHlaWTM3bUVwa1VOWjdKNUE2VFdMbkV4Tlo2bEFXTGhXbHhLaUx0NlBZR0llUXdjRmUzRkp2UG4wCkdVU0ZZWFlMSnE5bElpclF2bDZsVnpsanBQNnF2RlFFcWE0ZGdXcUJPckMyL2pMNGFtS0s3MU4yM3NGbnowc1EKVXFqUDcyYzdOcis0eE1PaHNHZXRWMW1ZZ1BxQW9SNVczWFpScURQZVo2ZjBGSjdMNXhHNjlZSmVvN01yWGhLbApOOWtMaGJHUi9GSDNJSGRvN3RSYjJvR21IRExOSmY5ei9tQkVlclNXMFFLQmdRRFBIQ2M1OXRDd21GMVVWNGVWCmZoUm9xNFF5cDh3RjJJdEpUTWQxMkxKT1g2N2VOSnk2djkzQWh1YVBnS3Ava1JNdWw1WmpMOTBVVjFJU2wvbHoKZVl6Z3JlTXR0Q3RSaFp4VVN2Qm82dzMyTlNhY29pS2Nab2p5VGR5WlB1T2VBRzJSeE5IaCtuK05aN05qSVd2Rwo3eGxXOUhYUU9QaTh4bEhwRGZEcys3RWdYUUtCZ1FEQTRBSmxvcjIyZEV4R3VET0xsTzBldCtUVmhFcnFYRlNaCkN0Um13c0wrWFRlU0t5bmdaY3l1MVlueW9OT0E5dkd5T2syNkFXK1dWOU45VTZyd1ZzOENWY3plZTVlS1BaSk4KeFFaalVvK2ZlcDN4SUZ2QnBnbmFkZnJvZHhqRDhYTXBIY2IwSS9aUklDWktxSVZ2OXErRnpFWHFFK0hzZkQzQgprQmZaOEdaenRRS0JnRVZTZHc2L3ZqcGR4Vjlsck13czEwZnhvTjRUckFhSTVKWTBUTTcxS1RseWJXV1MxcUxyCmRaM3JpV0NmQUhLU2JJazcwK3AvS3RDVUtiUnZpZDlNNEFxVUtXWXkyQTBCVzhJYkV6MEs4REZvdVBQVWtTRW8KY000cG9aenBuK1pTM2xuY055UWNaSFZBTUpzTnBMV0Jja25ZcVZaNHUwajBXSlpaUkRzT1E4dEJBb0dCQUsycApCSDkraUZJL1pHNUliQ0RCZHI2eDFOaHF4UWsvR095elU0c3kwVjgxajFPTWlhZ0NBTWxxZTBwNmcvVWFZNFNWCittWC81UGo1R3ZNODRpeUQvTitkWVZqdzd3RUpiekdXdEttNUxKZnJUMHBNV0ZHRHJsdUUzdVZ3Vmx3V2lobjcKTmFlY3VhdFJ4eWh4azdPNzZVNFBIdVFrQXNkckZpK3lEY2V0TEpJQkFvR0JBSkhVTXR0S1E5L3NjNkVZZ2R5bQp1OGhNaS9XR3J0NWVPT0FKMTdsWTUzZVJaTGNpN3MxbWZzV0lGOWIwTjUwaUU2MFNhRkFEUWlNUkFVdGtKWE5JCmE1NXFkcGFsVkhzQUU0V3doN25sS0xrYURFYXJ0eDVYMXFTVEZ3NGZUTXlLTk92ZWlnZ1EvaTlMWnBGeHN6MjIKM1YrN2pQSmFDTnlQYm1PZXZYR2hCRWpyCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=", + "Store": "default" + } + ] + } +} diff --git a/test/config/letsencrypt/changed/cert.pem b/test/config/letsencrypt/changed/cert.pem new file mode 100644 index 00000000..aecb192c --- /dev/null +++ b/test/config/letsencrypt/changed/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAcygAwIBAgIJAN/+3LMQvnv1MA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV +BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjAWMRQw +EgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5UNg7ybrXoCInmxQ+f38++sLEcgG6P0X+faH11Bw47Vt+mf1vltIh7ojO8 +DeXqFxsGL3S/YqyuXX0TGIOh/csjnvv1GEL1Ux0YCsyFkvflb8NuSKW52T0dnUqF +ZFwldykCwHnQxmwYZxnZjVF2YOr/KmGZvO5dxSTs/qDuU0cp3FD4z2CBELLmzixv +fO2Lgk1Yn/H9mNLNSKQaiSeCxId5CzNIlmUIfnL0tuc3n2fNigjuPKOV2H/7NVTT +TriuP384bx9WTLfX29cn+Ho4hKBaq2t1Wmz+jsWi1gya1KrLAM4zzQHI+u6r3+jS +3PsRVs1csyO2NCXqVo/bxqe38+sCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8E +BAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEB +CwUAA4IBAQAkmHHTaZ8hiStoA/XYjGXkHT5DBjjOhRm3mmdCF+xhbUcj/frwBYn0 +apAGfNSGq+PJTgVdsZUAC+sOfxRme3FjU5gAekeIDjOQMd1VbdmcIWtnJ+Ttz94F +Qm5V7Df8kVkcqE6UvvXyX3YEFj2/fwb4hxyyl/fAWl5acWTLNA2mOKm/fMhKez+h +3VGhKQ5ZGS0Qt+Lea3o7LWs5dH5LhSvs3Fe9PSddxa0Nbtr4sfgfOIQJgo2mCvch +u5zFq7nvDqdsmdZwYMIcinpPWJgEoQLJWU/gWL2Ya+5kJ137smPcYX7jDSyBHlkQ +oAYOB65YnoWxVuQtKqHW6f8nqD1nwEBn +-----END CERTIFICATE----- diff --git a/test/config/letsencrypt/changed/fullchain.pem b/test/config/letsencrypt/changed/fullchain.pem new file mode 100644 index 00000000..ee19d130 --- /dev/null +++ b/test/config/letsencrypt/changed/fullchain.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAcygAwIBAgIJAN/+3LMQvnv1MA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV +BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjAWMRQw +EgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5UNg7ybrXoCInmxQ+f38++sLEcgG6P0X+faH11Bw47Vt+mf1vltIh7ojO8 +DeXqFxsGL3S/YqyuXX0TGIOh/csjnvv1GEL1Ux0YCsyFkvflb8NuSKW52T0dnUqF +ZFwldykCwHnQxmwYZxnZjVF2YOr/KmGZvO5dxSTs/qDuU0cp3FD4z2CBELLmzixv +fO2Lgk1Yn/H9mNLNSKQaiSeCxId5CzNIlmUIfnL0tuc3n2fNigjuPKOV2H/7NVTT +TriuP384bx9WTLfX29cn+Ho4hKBaq2t1Wmz+jsWi1gya1KrLAM4zzQHI+u6r3+jS +3PsRVs1csyO2NCXqVo/bxqe38+sCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8E +BAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEB +CwUAA4IBAQAkmHHTaZ8hiStoA/XYjGXkHT5DBjjOhRm3mmdCF+xhbUcj/frwBYn0 +apAGfNSGq+PJTgVdsZUAC+sOfxRme3FjU5gAekeIDjOQMd1VbdmcIWtnJ+Ttz94F +Qm5V7Df8kVkcqE6UvvXyX3YEFj2/fwb4hxyyl/fAWl5acWTLNA2mOKm/fMhKez+h +3VGhKQ5ZGS0Qt+Lea3o7LWs5dH5LhSvs3Fe9PSddxa0Nbtr4sfgfOIQJgo2mCvch +u5zFq7nvDqdsmdZwYMIcinpPWJgEoQLJWU/gWL2Ya+5kJ137smPcYX7jDSyBHlkQ +oAYOB65YnoWxVuQtKqHW6f8nqD1nwEBn +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIJAP/41asK+I3BMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV +BAMMB3Rlc3QtY2EwHhcNMjAwNjI5MjA1NTIxWhcNMjAwODI4MjA1NTIxWjASMRAw +DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +kzlOF3Q8wt6G8M8Cg+/UADlkbOUnBlbCwlRnqSrvrX7BRc37R1Y+KzsMmGgkPkvE +czZuWbOQU8ghnQJwSHT/AK1g5jMc7mZLSkE+uVMor4+4Vgt4kKvfktzcCJOfo/qL +XV2ePRgVlHj+peilqHMM8P03VPx6kq7oZE1pBlh4QyLz7DYcP6AD3Bq/HSM5hmvP +iHbCHy6yf+QsuBqaWCec1ygc9GPnyDXQoDRAwlcA0aVSSosc6HeVQoDBPTzZUriM +riqPK3YT4LGEH6nTx3RUtjuG8ZdGzpguw9/y0tcct777WLFIeuBQkmZiMG3Xeivu +TbfHCbqJCO53fsbK0CrzEQIDAQABo1AwTjAdBgNVHQ4EFgQUxo6NXRi39QxJnZZD +vbxco+m2U7YwHwYDVR0jBBgwFoAUxo6NXRi39QxJnZZDvbxco+m2U7YwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOBKMG2aaZ+f2Gazdtq7+IlRM3YFv +inF5uaZ3bqC+pKDb1wZJLzWgHVgNSGXetHPKa9QpyQqEe/bYMK7avJo//Fmhg0+3 +SwI2g9BoIPBd4jIBY41h/zryTY4PLx/NqapWR4/3nDPJ3SSMHZ4JgP8GTXlzmF6j +4UgwRrLFQd0ZZYNDRo8bZeUEqX70k0EqY9QxBjJgUzVyWYjP+/SeXABJyPv7lzRN +nvKj3F91eNfqf8Y+WddvB8jn3LXok4SiFzxESfJ3nVOgwp8SPhhTShbXQaj48Fx8 +o6TGM9utPtN9qINwvqyrK4lUwKj6YLyTkV10oVgtJYhyyHVVl7Jhc8UIMw== +-----END CERTIFICATE----- diff --git a/test/config/letsencrypt/changed/key.pem b/test/config/letsencrypt/changed/key.pem new file mode 100644 index 00000000..727fcf31 --- /dev/null +++ b/test/config/letsencrypt/changed/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvlQ2DvJutegIiebFD5/fz76wsRyAbo/Rf59ofXUHDjtW36Z/ +W+W0iHuiM7wN5eoXGwYvdL9irK5dfRMYg6H9yyOe+/UYQvVTHRgKzIWS9+Vvw25I +pbnZPR2dSoVkXCV3KQLAedDGbBhnGdmNUXZg6v8qYZm87l3FJOz+oO5TRyncUPjP +YIEQsubOLG987YuCTVif8f2Y0s1IpBqJJ4LEh3kLM0iWZQh+cvS25zefZ82KCO48 +o5XYf/s1VNNOuK4/fzhvH1ZMt9fb1yf4ejiEoFqra3VabP6OxaLWDJrUqssAzjPN +Acj67qvf6NLc+xFWzVyzI7Y0JepWj9vGp7fz6wIDAQABAoIBAQCufh4hjfoaI+TQ +KRY5wOU8XSM4/VxyAMCdNNRjUMtrLNP0r3zMD8h36IFI1PwY8YjFaeJQMraQgjuL +09oBtJ4tgzba4FWh7bCJV+VupHeddmgE0DMiXUThVylBjRH5uQ+KNc+o3tNLfwPn +GyEIsnMgf1enq38fOjDoLa80c8s9zXhHtZx9JQzDUbQr+DNTS0RLP52MI/pXGC+g +T225sVV39uqQFccHECacLDbYe5EhzRi2PNA98fHtO/lAP9jjvQiMccr0KjjzEHlS +loFs1/y/vCAo/kThqhKL/0T3qdiG+YNsne+Thy2xx5W37YMGIte9f+5ymTmb+lgb +fU6/i2thAoGBAPO6Urt50h3vJ2m/+MFCkokca195k9sYO1RMkTYHPZ5n4+nTu32o +RDKu/KwOgly9cp00Qn8XIcDi7Mut8MK7RGv1WyZVlbX1+L31FT+c/N96rHBa5SHI +nhdTLBLPTmb6OOPSWXEHl00vsltAlutIrufjzowEtgptOhYO8a608ihvAoGBAMfp +kiu/0bl7cQgYfgfIfyc2iMOZSDlyTEE8qfhVkSV4X7l3rqy7yCP4G51pZCWVp9zY +8S3mbiC3xXV6iO5PxehKVfvqrIqz2zZX8SF1a1L3zDFCpE6GfPpyRMn+Ma//8oxZ +dptezZTB1RmP7zRwHTbkIxcSsnbET9cnd75rONJFAoGBAM0Bm1dQN5mwMNG1hPJi +IcmsmvA63lA6yKS2pqnwWzcjocRrsVgXsg2DvMqohaSmQYLTk189QMny1kTYcRwK +0pmQTnQnJv9f/zMgtBfG37jGgccb3YGWMsvhzL+hmgvqSvHuXAdD4FMvXHF/GbKc +d2pb5r9Fsy2ABIzLUySl1M6HAoGABALgxvXzXFhovTPYm4lfW8cRWXNi6pwrgYeZ +FX2KCwluSkdnftnJu0cILtFljAeDtb+4nyYngYqOcLwDsVxyaSXMseBUk/fl5yI+ +mWBExgZo13gx2c2DBndyf+cU0iY9lKla4uU1FM4K25dywkeZnndXaOgcIpvvyi5l +jbGTE00CgYAT+UNomp8Jmm5aqC0MdsNt9mwOKLVtCk1Yz/X85PmSiSZxxmuq8U5u +a8oaJ/NmmMpYsRG9py5mIgDWH1bryOZP7aPtOIVZpYH77qMrJ4vFbz2JaA1b1irJ +22Hdj1XD7Lv2uqt7QUlaNQcukJFIHOxYRNYChlJnIEf2e70jdlCxLg== +-----END RSA PRIVATE KEY----- diff --git a/test/mail_ssl_letsencrypt.bats b/test/mail_ssl_letsencrypt.bats index 01c7a742..1f67d45d 100644 --- a/test/mail_ssl_letsencrypt.bats +++ b/test/mail_ssl_letsencrypt.bats @@ -26,11 +26,24 @@ function setup_file() { -e SSL_TYPE=letsencrypt \ -h mail.my-domain.com -t ${NAME} wait_for_finished_setup_in_container mail_lets_hostname + + cp "`pwd`/test/config/letsencrypt/acme.json" "`pwd`/test/config/acme.json" + docker run -d --name mail_lets_acme_json \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/config/acme.json":/etc/letsencrypt/acme.json:ro \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e DMS_DEBUG=0 \ + -e SSL_TYPE=letsencrypt \ + -h mail.my-domain.com -t ${NAME} + + wait_for_finished_setup_in_container mail_lets_acme_json } function teardown_file() { docker rm -f mail_lets_domain docker rm -f mail_lets_hostname + docker rm -f mail_lets_acme_json + rm "`pwd`/test/config/acme.json" } # this test must come first to reliably identify when to run setup_file @@ -78,6 +91,44 @@ function teardown_file() { assert_success } +# +# acme.json updates +# + +@test "checking changedetector: server is ready" { + run docker exec mail_lets_acme_json /bin/bash -c "ps aux | grep '/bin/bash /usr/local/bin/check-for-changes.sh'" + assert_success +} + +@test "can extract certs from acme.json" { + run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem" + assert_output "$(cat "`pwd`/test/config/letsencrypt/mail.my-domain.com/privkey.pem")" + assert_success + + run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" + assert_output "$(cat "`pwd`/test/config/letsencrypt/mail.my-domain.com/fullchain.pem")" + assert_success +} + +@test "can detect changes" { + cp "`pwd`/test/config/letsencrypt/acme-changed.json" "`pwd`/test/config/acme.json" + sleep 11 + run docker exec mail_lets_acme_json /bin/bash -c "supervisorctl tail changedetector" + assert_output --partial "Cert found in /etc/letsencrypt/acme.json for mail.my-domain.com" + assert_output --partial "postfix: stopped" + assert_output --partial "postfix: started" + assert_output --partial "Update checksum" + + run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem" + assert_output "$(cat "`pwd`/test/config/letsencrypt/changed/key.pem")" + assert_success + + run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" + assert_output "$(cat "`pwd`/test/config/letsencrypt/changed/fullchain.pem")" + assert_success +} + + # this test is only there to reliably mark the end for the teardown_file @test "last" { skip 'Finished testing of letsencrypt SSL'