Revert "Merge pull request #485 from Greek64/PR"

This feature is not supported in this form by acme.sh This reverts commit 7dd2cd67e5, reversing changes made to 6a90d53c97.
2024-05-08 14:56:11 +02:00 · 2020-10-09 01:13:13 +02:00 · 2020-10-09 01:13:13 +02:00 · 96c9cbf821
parent 315e63201c
commit 96c9cbf821
6 changed files with 1 additions and 143 deletions
--- a/app/letsencrypt_service
+++ b/app/letsencrypt_service
@ -9,8 +9,6 @@ ACME_CA_URI="${ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory}"
 DEFAULT_KEY_SIZE=4096
 REUSE_ACCOUNT_KEYS="$(lc "${REUSE_ACCOUNT_KEYS:-true}")"
 REUSE_PRIVATE_KEYS="$(lc "${REUSE_PRIVATE_KEYS:-false}")"
-MIN_VALIDITY_CAP=7603200
-DEFAULT_MIN_VALIDITY=2592000

 function create_link {
    local -r source=${1?missing source argument}
@ -202,28 +200,7 @@ function update_certs {

        [[ "$DEBUG" == true ]] && params_d_arr+=(-v)
        [[ $REUSE_PRIVATE_KEYS == true ]] && params_d_arr+=(--reuse_key)
-        
-        min_validity="LETSENCRYPT_${cid}_MIN_VALIDITY"
-        min_validity="${!min_validity:-"<no value>"}"
-        if [[ "$min_validity" == "<no value>" ]]; then
-            min_validity=$DEFAULT_MIN_VALIDITY
-        fi
-        # Sanity Check
-        # Upper Bound
-        if [[ $min_validity -gt $MIN_VALIDITY_CAP ]]; then
-            min_validity=$MIN_VALIDITY_CAP
-        fi
-        # Lower Bound
-        if [[ $min_validity -lt $((seconds_to_wait * 2)) ]]; then
-            min_validity=$((seconds_to_wait * 2))
-        fi
-
-        if [[ "${1}" == "--force-renew" ]]; then
-            # Manually set to highest certificate lifetime given by LE CA
-            params_d_arr+=(--valid_min 7776000)
-        else
-            params_d_arr+=(--valid_min "$min_validity")
-        fi
+        [[ "${1}" == "--force-renew" ]] && params_d_arr+=(--valid_min 7776000)

        # Create directory for the first domain,
        # make it root readable only and make it the cwd
--- a/app/letsencrypt_service_data.tmpl
+++ b/app/letsencrypt_service_data.tmpl
@ -30,7 +30,6 @@ LETSENCRYPT_CONTAINERS=(
                LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_TEST="{{ $container.Env.LETSENCRYPT_TEST }}"
                LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_ACCOUNT_ALIAS="{{ $container.Env.LETSENCRYPT_ACCOUNT_ALIAS }}"
                LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_RESTART_CONTAINER="{{ $container.Env.LETSENCRYPT_RESTART_CONTAINER }}"
-                LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_MIN_VALIDITY="{{ $container.Env.LETSENCRYPT_MIN_VALIDITY }}"
            {{ end }}
        {{ else }}
            LETSENCRYPT_{{ $cid }}_HOST=( {{ range $host := split $hosts "," }}{{ $host := trim $host }}{{ $host := trimSuffix "." $host }}'{{ $host }}' {{ end }})
@ -39,7 +38,6 @@ LETSENCRYPT_CONTAINERS=(
            LETSENCRYPT_{{ $cid }}_TEST="{{ $container.Env.LETSENCRYPT_TEST }}"
            LETSENCRYPT_{{ $cid }}_ACCOUNT_ALIAS="{{ $container.Env.LETSENCRYPT_ACCOUNT_ALIAS }}"
            LETSENCRYPT_{{ $cid }}_RESTART_CONTAINER="{{ $container.Env.LETSENCRYPT_RESTART_CONTAINER }}"
-            LETSENCRYPT_{{ $cid }}_MIN_VALIDITY="{{ $container.Env.LETSENCRYPT_MIN_VALIDITY }}"
        {{ end }}
    {{ end }}
 {{ end }}
--- a/test/config.sh
+++ b/test/config.sh
@ -15,7 +15,6 @@ imageTests+=(
 	certs_single_domain
 	certs_standalone
 	force_renew
-	certs_validity
 	container_restart
 	permissions_default
 	permissions_custom
--- a/test/setup/setup-boulder.sh
+++ b/test/setup/setup-boulder.sh
@ -12,22 +12,12 @@ setup_boulder() {
  pushd $GOPATH/src/github.com/letsencrypt/boulder
  git checkout release-2019-10-07
  if [[ "$(uname)" == 'Darwin' ]]; then
-    # Set Standard Ports
    sed -i '' 's/ 5002/ 80/g' test/config/va.json
    sed -i '' 's/ 5001/ 443/g' test/config/va.json
-    # Set certificate lifetime to 88 days
-    sed -i '' 's/2160h/2112h/g' test/config/ca-a.json
-    sed -i '' 's/2160h/2112h/g' test/config/ca-b.json
-    # Modify custom rate limit
    sed -i '' 's/le.wtf,le1.wtf/le1.wtf,le2.wtf,le3.wtf/g' test/rate-limit-policies.yml
  else
-    # Set Standard Ports
    sed --in-place 's/ 5002/ 80/g' test/config/va.json
    sed --in-place 's/ 5001/ 443/g' test/config/va.json
-    # Set certificate lifetime to 88 days
-    sed --in-place 's/2160h/2112h/g' test/config/ca-a.json
-    sed --in-place 's/2160h/2112h/g' test/config/ca-b.json
-    # Modify custom rate limit
    sed --in-place 's/le.wtf,le1.wtf/le1.wtf,le2.wtf,le3.wtf/g' test/rate-limit-policies.yml
  fi
  docker-compose build --pull
--- a/test/tests/certs_validity/expected-std-out.txt
+++ b/test/tests/certs_validity/expected-std-out.txt
@ -1,13 +0,0 @@
-Started letsencrypt container for test certs_validity
-Started test web server for le1.wtf
-Started test web server for le2.wtf
-Started test web server for le3.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-Certificate for le1.wtf was not renewed.
-Certificate for le2.wtf was not renewed.
-Certificate for le3.wtf was renewed.
--- a/test/tests/certs_validity/run.sh
+++ b/test/tests/certs_validity/run.sh
@ -1,93 +0,0 @@
-#!/bin/bash
-
-## Test for the LETSENCRYPT_MIN_VALIDITY environment variable.
-
-if [[ -z $TRAVIS ]]; then
-  le_container_name="$(basename ${0%/*})_$(date "+%Y-%m-%d_%H.%M.%S")"
-else
-  le_container_name="$(basename ${0%/*})"
-fi
-run_le_container ${1:?} "$le_container_name"
-
-# Create the $domains array from comma separated domains in TEST_DOMAINS.
-IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
-
-# Cleanup function with EXIT trap
-function cleanup {
-  # Remove any remaining Nginx container(s) silently.
-  for domain in "${domains[@]}"; do
-    docker rm --force "$domain" > /dev/null 2>&1
-  done
-  # Cleanup the files created by this run of the test to avoid foiling following test(s).
-  docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf*'
-  # Stop the LE container
-  docker stop "$le_container_name" > /dev/null
-}
-trap cleanup EXIT
-
-# Run a separate nginx container for each domain in the $domains array.
-# Default validity
-docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
-# Manual validity (same as default)
-docker run --rm -d \
-  --name "${domains[1]}" \
-  -e "VIRTUAL_HOST=${domains[1]}" \
-  -e "LETSENCRYPT_HOST=${domains[1]}" \
-  -e "LETSENCRYPT_MIN_VALIDITY=2592000" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
-# Manual validity (few seconds shy of MIN_VALIDITY_CAP=7603200)
-docker run --rm -d \
-  --name "${domains[2]}" \
-  -e "VIRTUAL_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_MIN_VALIDITY=7603190" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
-
-# Wait for a symlinks
-wait_for_symlink "${domains[0]}" "$le_container_name"
-wait_for_symlink "${domains[1]}" "$le_container_name"
-wait_for_symlink "${domains[2]}" "$le_container_name"
-# Grab the expiration times of the certificates
-first_cert_expire_1="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
-first_cert_expire_2="$(get_cert_expiration_epoch "${domains[1]}" "$le_container_name")"
-first_cert_expire_3="$(get_cert_expiration_epoch "${domains[2]}" "$le_container_name")"
-
-# Wait for ${domains[2]} set certificate validity to expire
-sleep 10
-
-# Manually trigger letsencrypt_service
-docker exec "$le_container_name" /bin/bash -c "source /app/letsencrypt_service --source-only; update_certs" > /dev/null 2>&1
-
-# Grab the new expiration times of the certificates
-second_cert_expire_1="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
-second_cert_expire_2="$(get_cert_expiration_epoch "${domains[1]}" "$le_container_name")"
-second_cert_expire_3="$(get_cert_expiration_epoch "${domains[2]}" "$le_container_name")"
-
-if [[ $second_cert_expire_1 -eq $first_cert_expire_1 ]]; then
-  echo "Certificate for ${domains[0]} was not renewed."
-else
-  echo "Certificate for ${domains[0]} was incorrectly renewed."
-  echo "First certificate expiration epoch : $first_cert_expire_1."
-  echo "Second certificate expiration epoch : $second_cert_expire_1."
-fi
-if [[ $second_cert_expire_2 -eq $first_cert_expire_2 ]]; then
-  echo "Certificate for ${domains[1]} was not renewed."
-else
-  echo "Certificate for ${domains[1]} was incorrectly renewed."
-  echo "First certificate expiration epoch : $first_cert_expire_2."
-  echo "Second certificate expiration epoch : $second_cert_expire_2."
-fi
-if [[ $second_cert_expire_3 -gt $first_cert_expire_3 ]]; then
-  echo "Certificate for ${domains[2]} was renewed."
-else
-  echo "Certificate for ${domains[2]} was not renewed."
-  echo "First certificate expiration epoch : $first_cert_expire_3."
-  echo "Second certificate expiration epoch : $second_cert_expire_3."
-fi