aboutsummaryrefslogtreecommitdiffstats
path: root/tests/apache2-static
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-19 23:22:15 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-20 20:16:29 +0100
commit11d971bc07ceb4359565e6611ae03a0c0134d153 (patch)
treeaf2e01a8304db84357a6677ad84b9ab96eb18dfe /tests/apache2-static
parentc214f20a835d0da4bd0c5a85a4bd9089fc4febcb (diff)
Add test suite against Let's Encrypt's staging environment.
https://letsencrypt.org/docs/staging-environment/
Diffstat (limited to 'tests/apache2-static')
-rw-r--r--tests/apache2-static47
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/apache2-static b/tests/apache2-static
new file mode 100644
index 0000000..f697cd7
--- /dev/null
+++ b/tests/apache2-static
@@ -0,0 +1,47 @@
+# Use Nginx to directly serve ACME challenge responses using the
+# provided snippet
+
+# bind the webserver to the default listening address
+sed -i 's|^listen\s*=|#&|' /etc/lacme/lacme.conf
+
+DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends apache2 curl
+
+ln -fs /etc/lacme/apache2-static.conf /etc/apache2/conf-available/lacme.conf
+a2enmod proxy_http
+a2enconf lacme
+
+mkdir /run/apache2
+( set +eux && . /etc/apache2/envvars && apache2 )
+
+# 'challenge-directory' set to a non-existent directory
+sed -ri 's|^#?challenge-directory\s*=.*|challenge-directory = /var/www/acme-challenge|' /etc/lacme/lacme.conf
+! lacme newOrder 2>"$STDERR" || fail
+grepstderr -Fqx "opendir(/var/www/acme-challenge): No such file or directory"
+
+# ensure that requests to the root URI and challenge URIs respectively yield 403 Forbidden (no index) and 404 Not Found
+install -o_lacme-client -gwww-data -m0750 -d /var/www/acme-challenge
+rv="$(curl -w"%{http_code}" -so/dev/null http://127.0.0.1/.well-known/acme-challenge/)"; [ $rv -eq 403 ]
+rv="$(curl -w"%{http_code}" -so/dev/null http://127.0.0.1/.well-known/acme-challenge/foo)"; [ $rv -eq 404 ]
+
+# 'challenge-directory' set to a non-empty directory
+touch /var/www/acme-challenge/.stamp
+! lacme newOrder 2>"$STDERR" || fail
+grepstderr -Fqx "Error: Refusing to use non-empty challenge directory /var/www/acme-challenge"
+
+rm -f /var/www/acme-challenge/.stamp
+lacme --debug newOrder 2>"$STDERR" || fail
+test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+
+ngrepstderr -Fq "Forking ACME webserver"
+grepstderr -Fq "Using existing webserver on /var/www/acme-challenge"
+grepstderr -Fq "Forking lacme-accountd, child PID "
+grepstderr -Fq "Forking /usr/libexec/lacme/client, child PID "
+grepstderr -Fq "Shutting down lacme-accountd"
+ngrepstderr -Fq "Shutting down ACME webserver"
+ngrepstderr -Eq "Incoming connection( from \S+)?: GET /\.well-known/acme-challenge/\S+ HTTP/[0-9.]+$"
+
+# ensure apache2 was indeed used to serve challenge responses (Let's Encrypt caches validation results)
+grep -E "\"GET /\.well-known/acme-challenge/\S+ HTTP/[0-9.]+\" 200 .* \(([^)]+; )*Let's Encrypt validation server(; [^)]+)*\)\"$" \
+ /var/log/apache2/access.log
+
+# vim: set filetype=sh :