mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-05-08 14:56:11 +02:00
Revert "Merge pull request #485 from Greek64/PR"
This feature is not supported in this form by acme.sh This reverts commit7dd2cd67e5
, reversing changes made to6a90d53c97
.
This commit is contained in:
parent
315e63201c
commit
96c9cbf821
|
@ -9,8 +9,6 @@ ACME_CA_URI="${ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory}"
|
|||
DEFAULT_KEY_SIZE=4096
|
||||
REUSE_ACCOUNT_KEYS="$(lc "${REUSE_ACCOUNT_KEYS:-true}")"
|
||||
REUSE_PRIVATE_KEYS="$(lc "${REUSE_PRIVATE_KEYS:-false}")"
|
||||
MIN_VALIDITY_CAP=7603200
|
||||
DEFAULT_MIN_VALIDITY=2592000
|
||||
|
||||
function create_link {
|
||||
local -r source=${1?missing source argument}
|
||||
|
@ -202,28 +200,7 @@ function update_certs {
|
|||
|
||||
[[ "$DEBUG" == true ]] && params_d_arr+=(-v)
|
||||
[[ $REUSE_PRIVATE_KEYS == true ]] && params_d_arr+=(--reuse_key)
|
||||
|
||||
min_validity="LETSENCRYPT_${cid}_MIN_VALIDITY"
|
||||
min_validity="${!min_validity:-"<no value>"}"
|
||||
if [[ "$min_validity" == "<no value>" ]]; then
|
||||
min_validity=$DEFAULT_MIN_VALIDITY
|
||||
fi
|
||||
# Sanity Check
|
||||
# Upper Bound
|
||||
if [[ $min_validity -gt $MIN_VALIDITY_CAP ]]; then
|
||||
min_validity=$MIN_VALIDITY_CAP
|
||||
fi
|
||||
# Lower Bound
|
||||
if [[ $min_validity -lt $((seconds_to_wait * 2)) ]]; then
|
||||
min_validity=$((seconds_to_wait * 2))
|
||||
fi
|
||||
|
||||
if [[ "${1}" == "--force-renew" ]]; then
|
||||
# Manually set to highest certificate lifetime given by LE CA
|
||||
params_d_arr+=(--valid_min 7776000)
|
||||
else
|
||||
params_d_arr+=(--valid_min "$min_validity")
|
||||
fi
|
||||
[[ "${1}" == "--force-renew" ]] && params_d_arr+=(--valid_min 7776000)
|
||||
|
||||
# Create directory for the first domain,
|
||||
# make it root readable only and make it the cwd
|
||||
|
|
|
@ -30,7 +30,6 @@ LETSENCRYPT_CONTAINERS=(
|
|||
LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_TEST="{{ $container.Env.LETSENCRYPT_TEST }}"
|
||||
LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_ACCOUNT_ALIAS="{{ $container.Env.LETSENCRYPT_ACCOUNT_ALIAS }}"
|
||||
LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_RESTART_CONTAINER="{{ $container.Env.LETSENCRYPT_RESTART_CONTAINER }}"
|
||||
LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_MIN_VALIDITY="{{ $container.Env.LETSENCRYPT_MIN_VALIDITY }}"
|
||||
{{ end }}
|
||||
{{ else }}
|
||||
LETSENCRYPT_{{ $cid }}_HOST=( {{ range $host := split $hosts "," }}{{ $host := trim $host }}{{ $host := trimSuffix "." $host }}'{{ $host }}' {{ end }})
|
||||
|
@ -39,7 +38,6 @@ LETSENCRYPT_CONTAINERS=(
|
|||
LETSENCRYPT_{{ $cid }}_TEST="{{ $container.Env.LETSENCRYPT_TEST }}"
|
||||
LETSENCRYPT_{{ $cid }}_ACCOUNT_ALIAS="{{ $container.Env.LETSENCRYPT_ACCOUNT_ALIAS }}"
|
||||
LETSENCRYPT_{{ $cid }}_RESTART_CONTAINER="{{ $container.Env.LETSENCRYPT_RESTART_CONTAINER }}"
|
||||
LETSENCRYPT_{{ $cid }}_MIN_VALIDITY="{{ $container.Env.LETSENCRYPT_MIN_VALIDITY }}"
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -15,7 +15,6 @@ imageTests+=(
|
|||
certs_single_domain
|
||||
certs_standalone
|
||||
force_renew
|
||||
certs_validity
|
||||
container_restart
|
||||
permissions_default
|
||||
permissions_custom
|
||||
|
|
|
@ -12,22 +12,12 @@ setup_boulder() {
|
|||
pushd $GOPATH/src/github.com/letsencrypt/boulder
|
||||
git checkout release-2019-10-07
|
||||
if [[ "$(uname)" == 'Darwin' ]]; then
|
||||
# Set Standard Ports
|
||||
sed -i '' 's/ 5002/ 80/g' test/config/va.json
|
||||
sed -i '' 's/ 5001/ 443/g' test/config/va.json
|
||||
# Set certificate lifetime to 88 days
|
||||
sed -i '' 's/2160h/2112h/g' test/config/ca-a.json
|
||||
sed -i '' 's/2160h/2112h/g' test/config/ca-b.json
|
||||
# Modify custom rate limit
|
||||
sed -i '' 's/le.wtf,le1.wtf/le1.wtf,le2.wtf,le3.wtf/g' test/rate-limit-policies.yml
|
||||
else
|
||||
# Set Standard Ports
|
||||
sed --in-place 's/ 5002/ 80/g' test/config/va.json
|
||||
sed --in-place 's/ 5001/ 443/g' test/config/va.json
|
||||
# Set certificate lifetime to 88 days
|
||||
sed --in-place 's/2160h/2112h/g' test/config/ca-a.json
|
||||
sed --in-place 's/2160h/2112h/g' test/config/ca-b.json
|
||||
# Modify custom rate limit
|
||||
sed --in-place 's/le.wtf,le1.wtf/le1.wtf,le2.wtf,le3.wtf/g' test/rate-limit-policies.yml
|
||||
fi
|
||||
docker-compose build --pull
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
Started letsencrypt container for test certs_validity
|
||||
Started test web server for le1.wtf
|
||||
Started test web server for le2.wtf
|
||||
Started test web server for le3.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
Certificate for le1.wtf was not renewed.
|
||||
Certificate for le2.wtf was not renewed.
|
||||
Certificate for le3.wtf was renewed.
|
|
@ -1,93 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
## Test for the LETSENCRYPT_MIN_VALIDITY environment variable.
|
||||
|
||||
if [[ -z $TRAVIS ]]; then
|
||||
le_container_name="$(basename ${0%/*})_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
le_container_name="$(basename ${0%/*})"
|
||||
fi
|
||||
run_le_container ${1:?} "$le_container_name"
|
||||
|
||||
# Create the $domains array from comma separated domains in TEST_DOMAINS.
|
||||
IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
||||
|
||||
# Cleanup function with EXIT trap
|
||||
function cleanup {
|
||||
# Remove any remaining Nginx container(s) silently.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker rm --force "$domain" > /dev/null 2>&1
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf*'
|
||||
# Stop the LE container
|
||||
docker stop "$le_container_name" > /dev/null
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run a separate nginx container for each domain in the $domains array.
|
||||
# Default validity
|
||||
docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
|
||||
# Manual validity (same as default)
|
||||
docker run --rm -d \
|
||||
--name "${domains[1]}" \
|
||||
-e "VIRTUAL_HOST=${domains[1]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[1]}" \
|
||||
-e "LETSENCRYPT_MIN_VALIDITY=2592000" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
|
||||
# Manual validity (few seconds shy of MIN_VALIDITY_CAP=7603200)
|
||||
docker run --rm -d \
|
||||
--name "${domains[2]}" \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_MIN_VALIDITY=7603190" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
|
||||
|
||||
# Wait for a symlinks
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
# Grab the expiration times of the certificates
|
||||
first_cert_expire_1="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
|
||||
first_cert_expire_2="$(get_cert_expiration_epoch "${domains[1]}" "$le_container_name")"
|
||||
first_cert_expire_3="$(get_cert_expiration_epoch "${domains[2]}" "$le_container_name")"
|
||||
|
||||
# Wait for ${domains[2]} set certificate validity to expire
|
||||
sleep 10
|
||||
|
||||
# Manually trigger letsencrypt_service
|
||||
docker exec "$le_container_name" /bin/bash -c "source /app/letsencrypt_service --source-only; update_certs" > /dev/null 2>&1
|
||||
|
||||
# Grab the new expiration times of the certificates
|
||||
second_cert_expire_1="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
|
||||
second_cert_expire_2="$(get_cert_expiration_epoch "${domains[1]}" "$le_container_name")"
|
||||
second_cert_expire_3="$(get_cert_expiration_epoch "${domains[2]}" "$le_container_name")"
|
||||
|
||||
if [[ $second_cert_expire_1 -eq $first_cert_expire_1 ]]; then
|
||||
echo "Certificate for ${domains[0]} was not renewed."
|
||||
else
|
||||
echo "Certificate for ${domains[0]} was incorrectly renewed."
|
||||
echo "First certificate expiration epoch : $first_cert_expire_1."
|
||||
echo "Second certificate expiration epoch : $second_cert_expire_1."
|
||||
fi
|
||||
if [[ $second_cert_expire_2 -eq $first_cert_expire_2 ]]; then
|
||||
echo "Certificate for ${domains[1]} was not renewed."
|
||||
else
|
||||
echo "Certificate for ${domains[1]} was incorrectly renewed."
|
||||
echo "First certificate expiration epoch : $first_cert_expire_2."
|
||||
echo "Second certificate expiration epoch : $second_cert_expire_2."
|
||||
fi
|
||||
if [[ $second_cert_expire_3 -gt $first_cert_expire_3 ]]; then
|
||||
echo "Certificate for ${domains[2]} was renewed."
|
||||
else
|
||||
echo "Certificate for ${domains[2]} was not renewed."
|
||||
echo "First certificate expiration epoch : $first_cert_expire_3."
|
||||
echo "Second certificate expiration epoch : $second_cert_expire_3."
|
||||
fi
|
Loading…
Reference in New Issue