From 8648b0c7d1f5a55feec8b0505e63246d5f27c620 Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Tue, 7 May 2019 09:24:53 +0000 Subject: [PATCH 1/6] Removed installer code Added installer hook example Make python3 compatible --- README.rst | 16 +- certbot-deploy-hook-example | 41 ++ certbot_haproxy/installer.py | 593 ------------------ certbot_haproxy/tests/test_constants.py | 20 +- certbot_haproxy/tests/test_installer.py | 206 ------ .../tests/testdata/installer/certs/ignore.pem | 49 -- .../testdata/installer/certs/le2.wtf.pem | 81 --- .../testdata/installer/certs/le3.wtf.pem | 54 -- .../testdata/installer/certs/testsite.nl.pem | 82 --- .../testdata/installer/deploy_cert/cert.pem | 27 - .../testdata/installer/deploy_cert/chain.pem | 27 - .../installer/deploy_cert/fullchain.pem | 54 -- .../installer/deploy_cert/privkey.pem | 28 - .../tests/testdata/installer/haproxy.cfg | 41 -- .../tests/testdata/installer/haproxy_bad.cfg | 31 - .../testdata/installer/haproxy_empty.cfg | 1 - docs/api/installer.rst | 5 - setup.py | 2 +- 18 files changed, 54 insertions(+), 1304 deletions(-) create mode 100755 certbot-deploy-hook-example delete mode 100644 certbot_haproxy/installer.py delete mode 100644 certbot_haproxy/tests/test_installer.py delete mode 100644 certbot_haproxy/tests/testdata/installer/certs/ignore.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/certs/le2.wtf.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/certs/le3.wtf.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/certs/testsite.nl.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/deploy_cert/cert.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/deploy_cert/chain.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/deploy_cert/fullchain.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/deploy_cert/privkey.pem delete mode 100644 certbot_haproxy/tests/testdata/installer/haproxy.cfg delete mode 100644 certbot_haproxy/tests/testdata/installer/haproxy_bad.cfg delete mode 100644 certbot_haproxy/tests/testdata/installer/haproxy_empty.cfg delete mode 100644 docs/api/installer.rst diff --git a/README.rst b/README.rst index b362260..df4f823 100644 --- a/README.rst +++ b/README.rst @@ -82,7 +82,7 @@ Now update, upgrade and install some requirements: openssl ca-certificates \ build-essential libffi-dev libssl-dev python-dev \ python python-setuptools \ - haproxy + haproxy python3-all python3-future easy_install pip pip install --upgrade setuptools @@ -308,17 +308,16 @@ may try to install a certificate now. .. code:: bash - certbot run --authenticator certbot-haproxy:haproxy-authenticator \ - --installer certbot-haproxy:haproxy-installer + certbot certonly --authenticator certbot-haproxy:haproxy-authenticator \ + --deploy-hook /path/to/your/install/script -If you want your ``certbot`` to always use our Installer and Authenticator, you +If you want your ``certbot`` to always use our Authenticator, you can add this to your configuration file: .. code:: bash cat <> $HOME/.config/letsencrypt/cli.ini authenticator=certbot-haproxy:haproxy-authenticator - installer=certbot-haproxy:haproxy-installer EOF If you need to run in unattended mode, there are a bunch of arguments you need @@ -367,7 +366,7 @@ after the server has been offline for a long time. [Service] Type=simple User=certbot - ExecStart=/usr/bin/certbot renew -q + ExecStart=/usr/bin/certbot renew -q --deploy-hook /path/to/deploy/script EOF # Enable the timer and start it, this is not necessary for the service, @@ -446,7 +445,6 @@ reasons. text=True domain=example.org authenticator=certbot-haproxy:haproxy-authenticator - installer=certbot-haproxy:haproxy-installer EOF Setuptools version conflict @@ -476,11 +474,11 @@ Run the following commands in your vagrant machine: .. code:: bash apt-file update - python setup.py sdist + python3 setup.py sdist # py2dsc has a problem with vbox mounted folders mv dist/certbot-haproxy-.tar.gz ~ cd ~ - py2dsc certbot-haproxy-.tar.gz + py2dsc --with-python3=True certbot-haproxy-.tar.gz cd deb_dist/certbot-haproxy- # NOTE: Not signed, no signed changes (with -uc and -us) # NOTE: Add the package to the ghtools repo diff --git a/certbot-deploy-hook-example b/certbot-deploy-hook-example new file mode 100755 index 0000000..5c7bf37 --- /dev/null +++ b/certbot-deploy-hook-example @@ -0,0 +1,41 @@ +#!/usr/bin/python3 + + +import os +import re +import sys + +# Get LINEAGE from Environment +lineage=os.environ.get('RENEWED_LINEAGE') + +# If Nothing renewed, exit +if not lineage: + sys.exit() + + +# Fetch domain +result = re.match(r'.*/live/(.+)$', lineage) + +# No match found +if not result: + sys.exit(1) + +domain = result.group(1) + + +# Deploy path +deploy_path="/etc/haproxy/ssl/" + domain + ".pem" +source_key = lineage + "/privkey.pem" +source_chain = lineage + "/fullchain.pem" + +deploy = open(deploy_path, "w") +key = open(source_key, "r") +chain = open(source_chain, "r") +deploy.write(key.read()) +deploy.write(chain.read()) + +chain.close() +key.close() +deploy.close() + + diff --git a/certbot_haproxy/installer.py b/certbot_haproxy/installer.py deleted file mode 100644 index 28c5fa4..0000000 --- a/certbot_haproxy/installer.py +++ /dev/null @@ -1,593 +0,0 @@ -""" - HAProxy Installer - ================= - - This installer combines the certificate files into one file and places them - in the specified directory so HAProxy can use them. The directory can be - specified in `.certbot_haproxy.constants` and has to be configured with - HAProxy using the crt option for the bind directive:: - - frontend http-in - bind *:80 - mode http - bind *:443 ssl crt /etc/ssl/crt/ - - .. note:: You need to install one (default) certificate into this - directory, otherwise HAProxy will not be able to start. - - .. note:: You need at least version 1.5 of HAProxy with OpenSSL built in. - - HAProxy is restarted by the installer with the restart_cmd from the - `.certbot_haproxy.constants`. If you do not want to run lehaproxy as root - (this is recommended), add this line to your sudoers file:: - - $USER ALL=NOPASSWD: /bin/systemctl restart haproxy - - Be sure to replace `$USER` with the user that will be running the lehaproxy - installer. -""" -from builtins import str -from past.builtins import basestring -import logging -import os -import glob -import subprocess -import re -import shlex -from distutils.version import StrictVersion -from OpenSSL import crypto - -import zope.component -import zope.interface - -from certbot import interfaces - -from certbot import errors -from certbot import util -from certbot import reverter -from certbot.plugins import common -from certbot_haproxy import constants -from certbot_haproxy.util import create_self_signed_cert - -logger = logging.getLogger(__name__) # pylint:disable=invalid-name - -HAPROXY_MIN_VERSION = "1.5" - - -@zope.interface.implementer(interfaces.IInstaller) -@zope.interface.provider(interfaces.IPluginFactory) -class HAProxyInstaller(common.Plugin): - """HAProxy Installer.""" - - description = "Certbot certificate installer for HAProxy." - - def __init__(self, *args, **kwargs): - super(HAProxyInstaller, self).__init__(*args, **kwargs) - - #: This dictionary holds the file contents of all the changed - #: certificates for HAProxy - self.crt_files = {} - #: This dictionary holds the file contents of all the new certificates - #: for HAProxy - self.new_crt_files = {} - - #: Notes to be added to each reverter checkpoint - self.save_notes = "" - - #: File extension for saved certificates - self.crt_postfix = ".pem" - - # Set up reverter - self.reverter = reverter.Reverter(self.config) - self.reverter.recovery_routine() - - #: Dict of supported enhancement functions: - self._enhance_func = {} - - @classmethod - def add_parser_arguments(cls, add): - """ - This method adds extra CLI arguments to the plugin. - The arguments can be retrieved by asking for corresponding names - in `self.conf([argument name])` - - .. note:: This is an override a method defined in the parent, we - are deliberately not calling super() because it would add - arguments that we don't support. - """ - add( - "haproxy-crt-dir", - help=( - "Override the default certificate directory that will be" - " configures in HAProxy. Default for this OS is \"{}\"".format( - constants.os_constant('crt_directory') - ) - ), - type=str, - default=constants.os_constant('crt_directory') - ) - add( - "haproxy-restart", - help=( - "Override the default command to restart haproxy." - " Default for this OS is \"{}\"".format( - constants.os_constant('restart_cmd') - ) - ), - type=str, - default=constants.os_constant('restart_cmd') - ) - add( - "haproxy-config", - help=( - "Override the default haproxy configuration file location." - " Default for this OS is \"{}\"".format( - constants.os_constant('haproxy_config') - ) - ), - type=str, - default=constants.os_constant('haproxy_config') - ) - add( - "haproxy-ca-common-name", - help=( - "The name provided by the letsencrypt CA as its common name." - " This is used to ensure that get_all_certs_keys() only" - " returns letsencrypt certificates. Defaults to the value" - " 'h2ppy h2cker fake CA' that is used by the local boulder." - ), - type=str, - default=u'Let\'s Encrypt Authority X3' - ) - add( - "no-fall-back-cert", - help=( - "HAProxy will not start without a certificate in the" - " certificate directory of the bind directive. Also, the first" - " certificate in the directory is chosen as the fall back" - " certificate automatically. Because of this, the plugin" - " creates a self-signed fall back certificate in the" - " certificate directory if it isn't already present. You can" - " disable this behaviour by supplying this argument." - ), - type=bool, - default=False - ) - - @staticmethod - def more_info(): - """ - This info string only appears in the curses UI in the plugin - selection sequence. - - :returns: More information about this module. - :rtype: str - """ - return ( - "This installer combines the certificate files into one file and" - " places them in the specified directory so HAProxy can use them." - ) - - def get_all_names(self): - """ - Returns all names that are eligible for a SSL certificate. - - The certbot Installer plugin interface defines a function that - should be implemented called - `certbot.interfaces.get_all_names()` which finds domain names for - which the plugin can request a certificate. By default this - function implements this function by scanning the HAProxy - configuration file for ACL rules that are formatted like this:: - - acl [arbitrary_name] hdr(host) -i [domainname.tld] - - This is done by applying a regular expression to every line in the - configuration file that contains `acl`, optionally prefixed by - white space characters. You can change the regular expression if - you are using a different pattern. The constant's name is - `RE_HAPROXY_DOMAIN_ACL` which can be found in - `.certbot_haproxy.constants`. - - :returns: Domain names in ACL rules in the HAProxy configuration file. - :rtype: set - """ - all_names = set() - with open(self.conf('haproxy_config'), 'r') as config: - for line in config: - # Fast check for acl content.. - if 'acl' in line: - logger.info(line) - matches = constants.RE_HAPROXY_DOMAIN_ACL.match(line) - if matches is None: - continue - else: - name = matches.group('name') - domain = matches.group('domain') - logger.info( - "Found configuration \"%s\" for domain: \"%s\"", - name, - domain - ) - all_names.add(domain) - return all_names - - def view_config_changes(self): - """Show all of the configuration changes that have taken place. - - :raises .errors.PluginError: If there is a problem while processing - the checkpoints directories. - - """ - try: - self.reverter.view_config_changes() - except errors.ReverterError as err: - raise errors.PluginError(str(err)) - - @staticmethod - def prepare(): - """ - Check if we can restart HAProxy when we are done. - - :raises .errors.NoInstallationError when no haproxy executable can - be found - :raises .errors.NoInstallationError when the default service - manager executable can't be found - :raises .errors.NotSupportedError when the installed haproxy - version is incompatible with this plugin - """ - service_mgr = constants.os_constant("service_manager") - if not util.exe_exists(service_mgr): - raise errors.NoInstallationError( - "Can't find the default service manager for your system:" - "{0}, please install it first or configure different OS" - " constants".format( - service_mgr - ) - ) - - # Check that a supported version of HAProxy is installed. - version_cmd = constants.os_constant("version_cmd") - output = subprocess.check_output(version_cmd) - matches = re.match( - r'HA-Proxy version' - r' (?P[0-9]{1,4}\.[0-9]{1,4}\.[0-9a-z]{1,10}).*', - output - ) - if matches is None: - raise errors.NoInstallationError( - "It looks like HAProxy is not installed or the version might" - " be incompatible." - ) - else: - version = matches.group('version') - if StrictVersion(version) < StrictVersion(HAPROXY_MIN_VERSION): - raise errors.NotSupportedError( - "Version {} of HAProxy is not supported by this plugin," - " you need to install {} or higher to be" - " incompatible.".format(version, HAPROXY_MIN_VERSION) - ) - - def _fall_back_cert(self): - """ - Generate a self-signed certificate as a fall-back if it is not yet - installed. - - HAProxy will not start without a certificate in the - certificate directory of the bind directive. Also, the first - certificate in the directory is chosen as the fall back - certificate automatically. Because of this, the plugin - creates a self-signed fall back certificate in the - certificate directory if it isn't already present. You can - disable this behaviour by supplying this argument. - """ - if self.conf("no_fall_back_cert"): - return - - fall_back_full_chain = os.path.join( - self.conf("haproxy-crt-dir"), "__fallback.pem" - ) - if not os.path.isfile(fall_back_full_chain): - key, cert = create_self_signed_cert() - self.save_notes += "Creating fallback cert \"{}\"".format( - fall_back_full_chain - ) - self.new_crt_files[fall_back_full_chain] = key + cert - - def recovery_routine(self): - """Revert all previously modified files. - - Reverts all modified files that have not been saved as a checkpoint - - :raises .errors.PluginError: If unable to recover the configuration - - """ - try: - self.reverter.recovery_routine() - except errors.ReverterError as err: - raise errors.PluginError(str(err)) - - def deploy_cert(self, domain, # pylint: disable=too-many-arguments - cert_path, key_path, chain_path=None, fullchain_path=None): - """Deploys the certificate to the HAProxy crt folder - - .. note:: This doesn't save the files! - - HAProxy needs the certificates and private key to be in one file. The - private key in key_path is combined with the fullchain path if one is - provided. If no fullchain path is provided, the cert_path and the - chain_path are used to create a similar document. - - These files are added to an internal dictionary. If the domain in - ``domain`` already has a file in the ``crt_directory`` from - `.certbot_haproxy.constants` it is added to self.crt_files, otherwise - it is added to self.new_crt_files. These files are saved by the `.save` - function. - - :param str domain: domain to deploy certificate file - :param str cert_path: absolute path to the certificate file - :param str key_path: absolute path to the private key file - :param str chain_path: absolute path to the certificate chain file - :param str fullchain_path: absolute path to the certificate fullchain - file (cert plus chain) - - :raises errors.PluginError: When unable to deploy certificate due to - a lack of information - """ - crt_filename = os.path.join( - self.conf("haproxy-crt-dir"), domain + self.crt_postfix - ) - - if not key_path: - raise errors.PluginError( - "The haproxy plugin requires a key path to" - " install a cert.") - - # Choose whether to make a new file or change an existing file - if os.path.isfile(crt_filename): - dic = self.crt_files - self.save_notes += "Changed" - else: - self.save_notes += "Added" - dic = self.new_crt_files - self.save_notes += " certificate for domain %s\n" % domain - - if fullchain_path: - if not os.path.isfile(fullchain_path): - raise errors.PluginError("fullchain_path is not a file") - with open(fullchain_path) as fullchain: - self.save_notes += "\t- Used fullchain path %s\n" % \ - fullchain_path - dic[crt_filename] = fullchain.read() - elif cert_path: - if not os.path.isfile(cert_path): - raise errors.PluginError("cert_path is not a file") - with open(cert_path) as cert: - self.save_notes += "\t- Used cert path %s\n" % cert_path - dic[crt_filename] = cert.read() - if chain_path: - if not os.path.isfile(chain_path): - raise errors.PluginError("chain_path is not a file") - with open(chain_path) as chain: - dic[crt_filename] += chain.read() - self.save_notes += "\t- Used chain path %s\n" % chain_path - else: - self.save_notes += "\t- No chain path provided\n" - - if not os.path.isfile(key_path): - raise errors.PluginError("key_path is not a file") - with open(key_path) as key: - self.save_notes += "\t- Used key path %s\n" % key_path - dic[crt_filename] += key.read() - - # Check that the fallback cert is installed - self._fall_back_cert() - - def supported_enhancements(self): - """Currently supported enhancements. - - Currently supports nothing. Possibilities: ['redirect', 'http-header', - 'ocsp-stapling', 'spdy'] (.certbot.constants.ENHANCEMENTS) - - :returns: List of supported enhancements. - :rtype: list - """ - return list(self._enhance_func.keys()) - - def enhance(self, domain, enhancement, options=None): - """Enhance configuration. - - :param str domain: domain to enhance - :param str enhancement: enhancement type defined in - :const:`~certbot.constants.ENHANCEMENTS` - :param options: options for the enhancement - See :const:`~certbot.constants.ENHANCEMENTS` - documentation for appropriate parameter. - - :raises .errors.PluginError: If Enhancement is not supported, or if - there is any other problem with the enhancement. - - """ - try: - func = self._enhance_func[enhancement] - except KeyError: - raise errors.PluginError( - "Unsupported enhancement: {0}".format(enhancement)) - try: - func(domain, options) - except errors.PluginError: - logger.warn("Failed %s for %s", enhancement, domain) - raise - - def save(self, title=None, temporary=False): - """Saves all changes to the configuration files. - - This saves new files and file changes to the certificate directory. - - :param str title: The title of the save. If a title is given, the - configuration will be saved as a new checkpoint and put in a - timestamped directory. - - :param bool temporary: Indicates whether the changes made will - be quickly reversed in the future (ie. challenges) - - :returns: True if successful - :rtype: bool - - :raises .errors.PluginError: If there was an error in - an attempt to save the configuration, or an error creating a - checkpoint - - """ - logger.debug("save title: %s, temporary: %s", title, temporary) - # The new files are the keys in the crt_files dictionary, their - # content are the dict content. - new_files = tuple(self.new_crt_files.keys()) - changed_files = tuple(self.crt_files.keys()) - - try: - # Create Checkpoint with changed files - logger.debug("Adding changed files %s to reverter", - changed_files) - if temporary: - self.reverter.add_to_temp_checkpoint( - changed_files, self.save_notes) - else: - self.reverter.add_to_checkpoint(changed_files, - self.save_notes) - # Add new files - if new_files: - logger.debug("Adding new files %s to reverter", new_files) - self.reverter.register_file_creation(temporary, *new_files) - except errors.ReverterError as err: - raise errors.PluginError(str(err)) - - # Reset notes - self.save_notes = "" - - # Write all new files and changes: - for filepath, contents in \ - list(self.new_crt_files.items()) + list(self.crt_files.items()): - - # Make sure directory of filepath exists - path = os.path.dirname(os.path.abspath(filepath)) - if not os.path.exists(path): - os.makedirs(path) - - with open(filepath, 'w') as cert: - cert.write(contents) - self.new_crt_files = {} - self.crt_files = {} - - # Finalize checkpoint - if title and not temporary: - try: - self.reverter.finalize_checkpoint(title) - except errors.ReverterError as err: - raise errors.PluginError(str(err)) - - return True - - def rollback_checkpoints(self, rollback=1): - """Rollback saved checkpoints. - - :param int rollback: Number of checkpoints to revert - - :raises .errors.PluginError: If there is a problem with the input or - the function is unable to correctly revert the configuration - - """ - try: - self.reverter.rollback_checkpoints(rollback) - except errors.ReverterError as err: - raise errors.PluginError(str(err)) - - def get_all_certs_keys(self): - """Find all existing keys, certs from configuration. (Not implemented) - - :returns: list of tuples with form [(cert, key, path)] - cert - str path to certificate file - key - str path to associated key file - path - File path to configuration file. - :rtype: set - """ - return list(self._get_all_certs_keys()) - - def _get_all_certs_keys(self): - """ Generator for get_all_certs_keys """ - globbed_path = glob.glob( - os.path.join( - self.conf("haproxy-crt-dir"), '*' + self.crt_postfix - ) - ) - for filepath in globbed_path: - try: - with open(filepath) as pem: - contents = pem.read() - if self._cert_key_check(contents, filepath): - yield (filepath, filepath, self.conf("haproxy-config")) - except IOError as err: - logger.error( - "Can't access \"%s\", reason:\n %s", - filepath, - err - ) - - def _cert_key_check(self, pem, filepath): - """ - Check certificate validity and that the issuer is Let's Encrypt - - :returns: True if valid LE certificate, False if not. - :rtype: bool - """ - try: - cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem) - key = crypto.load_privatekey(crypto.FILETYPE_PEM, pem) - issuer = cert.get_issuer().CN - except TypeError: - logger.warn("Could not read certificate, wrong type (not PEM)") - # Documentation says it raises "Error" - except Exception as err: # pylint: disable=broad-except - logger.error("Unexpected error! %s", err) - - if issuer == self.conf('haproxy-ca-common-name') and key.check(): - return True - else: - logger.info( - "CN %s is not %s, ignoring certificate %s", - cert.get_issuer().CN, - self.conf('haproxy-ca-common-name'), - filepath - ) - return False - - def restart(self): - """Runs a config test and restarts HAProxy. - - :raises .errors.MisconfigurationError: If either the config test - or reload fails. - - """ - self.config_test() - try: - # Read the haproxy-restart command. Per default this is an array - # if it is overwritten by the user, it is a string, so we have to - # split it over spaces. - cmd = self.conf('haproxy-restart') - if isinstance(cmd, basestring): - cmd = shlex.split(cmd) - util.run_script(cmd) - except errors.SubprocessError as err: - raise errors.MisconfigurationError(str(err)) - - def config_test(self): # pylint: disable=no-self-use - """Check the configuration of HAProxy for errors. - - :raises .errors.MisconfigurationError: If config_test fails - - """ - test_cmd = constants.os_constant('conftest_cmd') + \ - [self.conf('haproxy_config')] - try: - util.run_script(test_cmd) - except errors.SubprocessError as err: - raise errors.MisconfigurationError(str(err)) diff --git a/certbot_haproxy/tests/test_constants.py b/certbot_haproxy/tests/test_constants.py index 0178147..4d7eba7 100644 --- a/certbot_haproxy/tests/test_constants.py +++ b/certbot_haproxy/tests/test_constants.py @@ -12,9 +12,10 @@ class ConstantsTest(unittest.TestCase): CLI_DEFAULTS = { "debian": { '_min_version': '7', - '_max_version': '8', + '_max_version': '9', '7': 7, - '8': 8 + '8': 8, + '9': 9 }, "ubuntu": { '_min_version': '14.04', @@ -37,13 +38,13 @@ def test_os_analyse_supported(self, *mocks): ) @patch('certbot_haproxy.constants.CLI_DEFAULTS', new=CLI_DEFAULTS) - @patch('certbot.util.get_os_info', return_value=['debian', '9']) + @patch('certbot.util.get_os_info', return_value=['debian', '10']) @patch('certbot_haproxy.constants.logger') def test_os_analyse_unsupported_new(self, m_logger, *mocks): """ Test an unsupported, too new version.. """ self.assertEqual( constants.os_analyse(caching_disabled=True), - ('debian', '8') + ('debian', '9') ) m_logger.warn.assert_called_once() @@ -61,17 +62,6 @@ def test_os_analyse_unsupported_distro(self, *mocks): with self.assertRaises(NotSupportedError): constants.os_analyse(caching_disabled=True) - @patch('certbot_haproxy.constants.CLI_DEFAULTS', new=CLI_DEFAULTS) - @patch('certbot.util.get_os_info', return_value=['ubuntu', '15.06']) - @patch('certbot_haproxy.constants.logger') - def test_os_analyse_between_versions(self, m_logger, *mocks): - """ Test a version in between our supported version numbers.. """ - self.assertEqual( - constants.os_analyse(caching_disabled=True), - ('ubuntu', '15.04') - ) - m_logger.warn.assert_called_once() - if __name__ == '__main__': unittest.main() diff --git a/certbot_haproxy/tests/test_installer.py b/certbot_haproxy/tests/test_installer.py deleted file mode 100644 index b609686..0000000 --- a/certbot_haproxy/tests/test_installer.py +++ /dev/null @@ -1,206 +0,0 @@ -"""Test installer functions""" -from past.builtins import basestring -import unittest -import mock -import os - -from certbot import errors -from certbot.plugins import common -from certbot_haproxy.installer import HAProxyInstaller - - -def _conf(self, var): - """Don't append names to attributes in the config.""" - return getattr(self.config, var.replace("-", "_")) - - -@mock.patch("certbot_haproxy.installer.HAProxyInstaller.conf", new=_conf) -class TestInstaller(unittest.TestCase): - - test_domain = 'le.wtf' - - """Test the relevant functions of the certbot_haproxy installer""" - - def setUp(self): - self.test_dir = "installer" - self.temp_dir, config_dir, work_dir = common.dir_setup( - test_dir=self.test_dir, - pkg="certbot_haproxy.tests") - backups = os.path.join(work_dir, "backups") - mock_le_config = mock.MagicMock( - temp_checkpoint_dir=os.path.join( - work_dir, "temp_checkpoints"), - in_progress_dir=os.path.join(backups, "IN_PROGRESS"), - work_dir=work_dir, - config_dir=config_dir, - temp_dir=self.temp_dir, - backup_dir=backups, - haproxy_config=os.path.join( - self.temp_dir, self.test_dir, "haproxy.cfg"), - haproxy_crt_dir=os.path.join( - self.temp_dir, self.test_dir, "certs"), - haproxy_ca_common_name=u'h2ppy h2cker fake CA', - no_fall_back_cert=False, - ) - - self.installer = HAProxyInstaller( - config=mock_le_config, name="installer") - self.installer.prepare() - - def test_get_all_certs_keys(self): - """Test if get_all_certs_keys returns all the LE certificates""" - all_certs_keys = self.installer.get_all_certs_keys() - self.assertEqual(len(all_certs_keys), 3) - self.assertIsInstance(all_certs_keys, list) - for item in all_certs_keys: - self.assertIsInstance(item, tuple) - - @mock.patch("certbot_haproxy.installer.logger") - @mock.patch("certbot.util.logger") - def test_add_parser_arguments(self, util_logger, certbot_logger): - """Weak test taken from apache plugin tests""" - self.installer.add_parser_arguments(mock.MagicMock()) - self.assertEqual(certbot_logger.error.call_count, 0) - self.assertEqual(util_logger.error.call_count, 0) - - def test_get_all_names(self): - """Tests if get_all_Names reads le1.wtf and le2.wtf from the test - haproxy config file - """ - names = self.installer.get_all_names() - self.assertEqual(names, set(['le1.wtf', 'le2.wtf'])) - - def test_fall_back_cert(self, *mocks): - """Test if a certificate is generated and added to new_crt_files""" - # Should maybe use another library than OpenSSL, if that's possible - from OpenSSL import crypto - self.installer.new_crt_files = {} - self.installer._fall_back_cert() - key = list(self.installer.new_crt_files.keys())[0] - cert = self.installer.new_crt_files[key] - self.assertIsInstance(key, str) - self.assertIsInstance(cert, str) - privkey = crypto.load_privatekey(crypto.FILETYPE_PEM, cert) - certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert) - self.assertTrue(privkey.check()) - - def test_deploy_cert_save(self): - """Deploy and save a certificate and rollback after that""" - # Variables for test: - crt_dir = os.path.join(self.temp_dir, self.test_dir, "deploy_test") - base = os.path.join(self.temp_dir, self.test_dir, "deploy_cert") - key_path = os.path.join(base, "privkey.pem") - cert_path = os.path.join(base, "cert.pem") - chain_path = os.path.join(base, "chain.pem") - fullchain_path = os.path.join(base, "fullchain.pem") - - # Prepare installer - self.installer.config.no_fall_back_cert = True - self.installer.config.haproxy_crt_dir = crt_dir - - # Try with files that don't exist, should raise PluginError: - self.assertRaises( - errors.PluginError, - self.installer.deploy_cert, - self.test_domain, 'no-cert', 'no-key') - - # Arguments for several tests - all_args = [ - (self.test_domain, cert_path, key_path), - (self.test_domain, cert_path, key_path, chain_path), - (self.test_domain, None, key_path, None, fullchain_path), - ] - - # Run deploy and save with all types of args - for args in all_args: - # Deploy with only key and cert - self.installer.deploy_cert(*args) - - try: - self.installer.view_config_changes() - except ReverterError: - self.fail("Reverter failed") - except PluginError: - self.fail("Reverter failed with PluginError") - - self.installer.save() - # Check if le.wtf.pem is created - pem = os.path.join(crt_dir, self.test_domain) \ - + self.installer.crt_postfix - self.assertTrue(os.path.isfile(pem)) - # Roll back pem creation - self.installer.rollback_checkpoints() - # Check if file was removed again - self.assertFalse(os.path.isfile(pem)) - - # Try to revert: - try: - self.installer.recovery_routine() - except PluginError: - self.fail("Recovery routine didn't work") - - # fail without key - self.assertRaises( - errors.PluginError, - self.installer.deploy_cert, - self.test_domain, cert_path, None) - - # Run twice (should update instead of create) - args = (self.test_domain, cert_path, key_path) - self.installer.deploy_cert(*args) - self.installer.save() - self.installer.deploy_cert(*args) - self.installer.save() - - - def test_enhancement(self): - """ Currently no enhancements are supported, we should see that """ - self.assertRaises( - errors.PluginError, - self.installer.enhance, - self.test_domain, - "non-existent-enhancement") - - - @mock.patch("certbot_haproxy.installer.logger") - @mock.patch("certbot.util.logger") - def test_config_test(self, util_logger, certbot_logger): - """Test config_test function with a faulty and a valid cfg file""" - # Check with bad config file - self.installer.config.haproxy_config = os.path.join( - self.temp_dir, self.test_dir, "haproxy_bad.cfg") - self.assertRaises( - errors.MisconfigurationError, - self.installer.config_test - ) - - # Check with empty config file - self.installer.config.haproxy_config = os.path.join( - self.temp_dir, self.test_dir, "haproxy_empty.cfg") - self.assertRaises( - errors.MisconfigurationError, - self.installer.config_test - ) - - def test_more_info(self): - ret = self.installer.more_info() - self.assertIsInstance(ret, basestring) - - @mock.patch('certbot.util.exe_exists', return_value=False) - def test_failed_service_command(self, mock_exe_exists): - """ Fail on service manager command """ - self.assertRaises(errors.NoInstallationError, self.installer.prepare) - mock_exe_exists.assert_called_once() - - @mock.patch('subprocess.check_output', - return_value='not-really-a-version-number') - def test_no_version_number(self, mock_check_output): - """ Fail on version command """ - self.assertRaises(errors.NoInstallationError, self.installer.prepare) - - @mock.patch('subprocess.check_output', - return_value='HA-Proxy version 1.4.8 2014/10/31') - def test_wrong_version_number(self, mock_check_output): - """ Supply a too low version number for HAproxy """ - self.assertRaises(errors.NotSupportedError, self.installer.prepare) - mock_check_output.assert_called_once() diff --git a/certbot_haproxy/tests/testdata/installer/certs/ignore.pem b/certbot_haproxy/tests/testdata/installer/certs/ignore.pem deleted file mode 100644 index fd77131..0000000 --- a/certbot_haproxy/tests/testdata/installer/certs/ignore.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHdX4LsYw2HEHC -mSWgyLkSFKHVBbtUeyWfnJk/oe62dxIJQxqPW/xaQ2TJeSvxTmoLRaTYUySn9nH2 -oJ48PNcusZF86KlY/HGajMwh/9xZOPOi9iBaxzkrgzKWc9XEff4cM5v0lKWDMQn1 -L/N7ilpdEBlpqlZOKOhHV3QVB5TK6ccH69AwUZnFatJRTs6PZGd4B0VKRQoIXXSV -CYtC4mhICa1mD9T0/A2eAUc4Ns5srtuUxpM5OWhslbM42NYLOfKCqaWZaHirjH67 -bI7t5yCbzxrqjExtniNuXR7mbyPg3p9IVhg5xBLJU7vP0zBF2DsTdoUIuu+7Jaal -rRT5nBX5AgMBAAECggEBAK0Q7GJ3FwLod8LDIZwmLjdbAaSVyZqfE+EvfuVwu3FF -VbgFqqkTlp43dd8/LXq+oFLRhhxR4C+BLhdh/Iql+8w/NM7eDfrxaB1C5+jkWixs -tzICP8aksJ1pxF45ehV5gSC1Qy/wPsDbrxk5FxptzMSNMI+3xhUhd5JXdpi8sEVz -EpvxHUJpfgel+0ZNQ64lx0KInAmuj5rzEQG8qTUY6GRJVS8JMKdig2N7zkgRMGSG -Fphu8EN6dfgpG7bkQ6QKYao0nHNuqROaaqC7/owikyB47QKSBQgadi18HJ4F+swH -/OjWo3q3LEeaLJQj6EkXWyTuyuNt3zgdMHFASBAMSwECgYEA/Sdrkd3gZsTcsBPv -jqtFWXUDOjpoyk35naPk38zIbtdi7uFxaSvoItqMKjngakHNmAeHdKg4WOaKdrw1 -7VvfJAXtPKOooz6DGLrEbT5yBqhWHNXuwGU9wVX5usLc1Z4a/3I/rJBD+E+xhGMo -I9dQJkyZuu/+ba40t0L+CXYnbNkCgYEAybOJjW1ImD1zxWHpVzRcZnDmBaPvD6Cp -xa2YB+0/e19rWmhohprqJ25VuP5bnITaQP8v33PZ5GWvF5bgwzNsDNcdXBkNfAkC -8RMEZYTvv+wLVVIHsukWDRvbn2kE/NgUTrjU8rjDbLnGSOrbxB9V/x8U8BUj8xRf -NyTFQFruviECgYActEaPMJBMNtArKueDzsm7PfhStuLA5ZyDEl1WPvsPDl8KZQed -/DuDEDLKauuWQMXWEix6vsQ82E8k7WxT8JHZnM5sjMYHVIQ63pp9JJJ7TMUO2fcL -W69n5568XXH6ysWW51Zu86CxXB/tueyIO9a7sP3RY3r+5rzVdsQlQH9x6QKBgCan -0eTY3ODQZi+d5CpiTpMTcAIEuPw1vlO0QT7DqTbrwpdBC0dAyT9lVehuVwBYNbvf -LD2W5ltvYW8T6199q2eKkoXkB0GOOJIbIuyR3aDajBF99xvCsAczH5QdfGc4wiuU -ILujzVA5CldPK28a0lBilJCufIVJkjXvRh5fTwIBAoGANCEACxXQffi5Eqsp71pW -Aa310TpVVN+Z/KcCdZsi1fE+4z7RUBg6QKX51hALO7G874/yTg+kqXg/9WJ8UprQ -KY+RLr2aKnSWyrCC+JjvjQ94Z47Ifbzx2A1fC2bY989TfqcgM/aa522nQnnY7fNw -qQu7w9gg2IIvt5PCsCkWvLk= ------END PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDezCCAmMCAgfAMA0GCSqGSIb3DQEBCwUAMIGCMRowGAYDVQQLDBFNaW5pc3Ry -eSBvZiBUcnV0aDEaMBgGA1UECgwRTWluaXN0cnkgb2YgVHJ1dGgxGDAWBgNVBAMM -D2xlaGFwcm94eS5sb2NhbDEQMA4GA1UECAwHT2NlYW5pYTELMAkGA1UEBhMCRlUx -DzANBgNVBAcMBkxvbmRvbjAeFw0xNjA4MTcxNjUzNDVaFw0yNjA4MTUxNjUzNDVa -MIGCMRowGAYDVQQLDBFNaW5pc3RyeSBvZiBUcnV0aDEaMBgGA1UECgwRTWluaXN0 -cnkgb2YgVHJ1dGgxGDAWBgNVBAMMD2xlaGFwcm94eS5sb2NhbDEQMA4GA1UECAwH -T2NlYW5pYTELMAkGA1UEBhMCRlUxDzANBgNVBAcMBkxvbmRvbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMd1fguxjDYcQcKZJaDIuRIUodUFu1R7JZ+c -mT+h7rZ3EglDGo9b/FpDZMl5K/FOagtFpNhTJKf2cfagnjw81y6xkXzoqVj8cZqM -zCH/3Fk486L2IFrHOSuDMpZz1cR9/hwzm/SUpYMxCfUv83uKWl0QGWmqVk4o6EdX -dBUHlMrpxwfr0DBRmcVq0lFOzo9kZ3gHRUpFCghddJUJi0LiaEgJrWYP1PT8DZ4B -Rzg2zmyu25TGkzk5aGyVszjY1gs58oKppZloeKuMfrtsju3nIJvPGuqMTG2eI25d -HuZvI+Den0hWGDnEEslTu8/TMEXYOxN2hQi677slpqWtFPmcFfkCAwEAATANBgkq -hkiG9w0BAQsFAAOCAQEAFBIa3FNO1ZamO1/mpaA5AcxkWDx6wXZLcnua3i/XfcBG -dtwHdzPCM+1naQ5wyJafQax6gHCvXyLPszKpc7ZIilhXZk5Af+SN7rCY3OJX5UDd -7lTXwt3jk+ovwOp50Q6pHZCXw/r78j8uydfEQ6UkvfaBrZiakjw7ukKuenwYC34l -UyrMYF8QLNCLxN7R55VJ8DGwo7gJgieCc8j0n+IoA4RzUDowP7hq3nVgkAojVQco -w750L0lGh08rNu9h+jv06RjIjrn8DyqaSAezyXgCBJj1WHVCFQ14mOImY3TIzmhw -+VOYtmzUCME/5yqeinybBcWmKFW9yKfukYIvdG2mwQ== ------END CERTIFICATE----- diff --git a/certbot_haproxy/tests/testdata/installer/certs/le2.wtf.pem b/certbot_haproxy/tests/testdata/installer/certs/le2.wtf.pem deleted file mode 100644 index 0dae46e..0000000 --- a/certbot_haproxy/tests/testdata/installer/certs/le2.wtf.pem +++ /dev/null @@ -1,81 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEeDCCA2CgAwIBAgITAP9UrVc5DIWg3kKAjAINS7ixTzANBgkqhkiG9w0BAQsF -ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTcwOTQ1 -MDBaFw0xNjExMTUwOTQ1MDBaMEExEDAOBgNVBAMTB2xlMi53dGYxLTArBgNVBAUT -JGZmNTRhZDU3MzkwYzg1YTBkZTQyODA4YzAyMGQ0YmI4YjE0ZjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAOtmtsh3vmeE+KfmvcXVF7r0yc5HFyvREvsZ -hzwgeXFoxyzcPh6dW0MYilnm5Kn5Plrd4x/wSbVg6+ndr55fEkCrgXlkQpWMfZnf -2RgrriftarqYgMK6aJ/vIUzZP9b8cDrL33FHBorl5/WOFBeEvjSixqlT2jc42pgO -kjRjEauNRzMUsBYjCQ1yFl6AgmhufAZiXzpwbTp/pSSHtpkk47G1eGSE/pWzNCAe -e+NjtP7w9v+xoiDpxhZb2jlaZ/ZLsnSdpv4z29f6uMfKMehk8nxpm9bZf2ve5+wN -LYTToUVyC3NEDlKmEbW+9R621J4Ncz2dWPOEeprUgw0UTfBVHBUCAwEAAaOCAYkw -ggGFMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgVI1yBLSaseacOnbXBMwyCpPFaow -HwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwZgYIKwYBBQUHAQEEWjBY -MCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIvMDIGCCsGAQUFBzAC -hiZodHRwOi8vMTI3LjAuMC4xOjQwMDAvYWNtZS9pc3N1ZXItY2VydDASBgNVHREE -CzAJggdsZTIud3RmMCcGA1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly9leGFtcGxlLmNv -bS9jcmwwYQYDVR0gBFowWDAIBgZngQwBAgEwTAYDKgMEMEUwIgYIKwYBBQUHAgEW -Fmh0dHA6Ly9leGFtcGxlLmNvbS9jcHMwHwYIKwYBBQUHAgIwEwwRRG8gV2hhdCBU -aG91IFdpbHQwDQYJKoZIhvcNAQELBQADggEBALuEaptDgXZh+7gweuktK/6n0Ktl -/jHBIUHMTd7gDci6Gro7dOLMncSptJS/Jgmz+op/qNSR2PkY5MBl688nmzjiq143 -528bdqnexfb28N9ddVcdHsL1o66f8nW+FD0quGrobvWdrRdsbMNP+QpUTiC1RjMZ -rKymQvqWsDI65ehdcUKnJkJBruibMJY7+HPgZmkbJY+CS2T9K0ATdTtendpe8vER -2eLO4wuE5lYUMy4DPtaeww6YBZ3tl157p1dmGZ0PJc0QtooRv2tu954H15B4YQaP -/YPOBlQGYzu6RM1uRCBy4lNUhpuA7H7knBimqMRmcH/mK1viaR6vqBWYyFc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj -a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN -MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5 -Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU -zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U -joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK -FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7 -XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC -AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC -BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw -AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB -BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh -eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN -MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6 -Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr -aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV -HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y -AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4 -idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+ -U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv -ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt -j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC -XE9ijPIcvW6y1aa3bGw= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDrZrbId75nhPin -5r3F1Re69MnORxcr0RL7GYc8IHlxaMcs3D4enVtDGIpZ5uSp+T5a3eMf8Em1YOvp -3a+eXxJAq4F5ZEKVjH2Z39kYK64n7Wq6mIDCumif7yFM2T/W/HA6y99xRwaK5ef1 -jhQXhL40osapU9o3ONqYDpI0YxGrjUczFLAWIwkNchZegIJobnwGYl86cG06f6Uk -h7aZJOOxtXhkhP6VszQgHnvjY7T+8Pb/saIg6cYWW9o5Wmf2S7J0nab+M9vX+rjH -yjHoZPJ8aZvW2X9r3ufsDS2E06FFcgtzRA5SphG1vvUettSeDXM9nVjzhHqa1IMN -FE3wVRwVAgMBAAECggEBAL/NjksjPjIs50ovORtzuIUtpSz9QcUC8rtEHquALlOY -swk7XyYkwtKVsUz1VAWmvwbc2o4QhI5ULYT9i3W4MzAcTj+x0Ir30PNKsCIAnUON -MDRfxDJmHo+KEZEDRwAN6ggOS76Jx6vvDiRHItnS4AQVSVd4qknqejoBTWGAA0rK -HwAWds7XsdJzdN0tOCj7EkEXr+5M1wcddYCIMojwd+3puQnyh1fSluz/3JCDHTme -wuVT7Pz1fs8GOgi+7arbv2hzmjr7cHiYElbjVG92PfScNCITbGfE4MuEy1Qbyrgw -R+oAsh1qVYqA0A6kIIiPIt+qdSRgnhpsLHdIFblBtFUCgYEA//B9VCR4w9YtR0VR -5nwFsFpY21w996aoPW8IrlrFQFP6dP/oE8kE4Ys4BUgMFuvmSQl6Vq/JNDkP5Pn1 -H97GIyIPbl0k4GoKzff6yUwFmG4tqg1pR+jqOeQQeiKuJwJ7YM8OgO0Y6mnqSoQv -dkE3RTpn42q++61bSL9nAlMUXtMCgYEA63T60qKB4vIfR36J2UXHoZzUoGNasJVe -UBano0xpIslfwgIGQG9PugaeBFoibaBi2tpwmhDOg99uDuG+PShWYT7WXn13/qLz -1tDWdFQfRtPCgaWUo9ytCzAtkVOa9moWkh+BcnaBhfJlKGdCg9NB2SmqXTW1yIMU -5ILIhpvZ2HcCgYBxgq1zBgHxiSnntBzQxiyXvFowX8az8Vwocvg8q9FT6GrqPR0m -uT7K8T3VSdDi0Zj+x49Upv3rhWtBOIK4scrahh6l6fWS+jT0iIjXgjnxEtx50Rzi -YbCQIFAWew8WCgnCM9LQ51bnkDXy+pE6N05WC8NLn2o4oPgdWZZL96DPNQKBgCjx -WnwuDe/ssku4UTgazi/oGYEaRbbXAmNizRu0OcP2yFPwDi4+LNroM6oGEl6FuSrd -OR9RNNfxji3AS1hPH1Yhmx0rLCZ3J3d/MQthZV7ni7cHl+U2hlCfvAy9QQEASZR3 -Lgc9XCBymeyAqCxMG/MrL5itskJ/qK5jn4LoruTZAoGBALzs8ySB957HpLFWq9MP -3cBnMoM9Wrvt5Xh/E5JBOg4oZIh+Hu0whwozhnN4JGLoVPMHupV+S2dUIKqzfTrI -wXV1BD5tS3tf2/YekQK0vErJtPi5of3PVD0QGT3ll3FuTtp6jxJAWyKaf7kB29/S -EMxv+7/vwDSX2ZPf5TKiscGH ------END PRIVATE KEY----- diff --git a/certbot_haproxy/tests/testdata/installer/certs/le3.wtf.pem b/certbot_haproxy/tests/testdata/installer/certs/le3.wtf.pem deleted file mode 100644 index 4411c5f..0000000 --- a/certbot_haproxy/tests/testdata/installer/certs/le3.wtf.pem +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEZjCCA06gAwIBAgITAP9tKQ2lajvk4JedigIqcbQe9TANBgkqhkiG9w0BAQsF -ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTcwOTQ1 -MDBaFw0xNjExMTUwOTQ1MDBaMC8xLTArBgNVBAUTJGZmNmQyOTBkYTU2YTNiZTRl -MDk3OWQ4YTAyMmE3MWI0MWVmNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANlZKKYuJcVi97ESQWC73E4DwKU1EuL7B845SPAXroz2R/yPsIkgnLYIX4uF -xiHG18deoe8JSODVOyZOVku0/nqse4tv/dISbiOueK+1bHn9vtPShmZuH5SrqdIS -qBrKET5dxY/yFs32OBszU5m8V6sDeKIh1vuYcxUteIzY6aZCy481Zr2tli0NVc5T -03i7oJQgsHMcGAyApTTx/Ctc/yI/M7WL4oGtzpf5XDZep0brV/LO+8rUGF8FpMe2 -wV+t99mIfKMM+f2rODmyHEx2t3NKDH3XEfWr7iML8hdg/FrgzhVt4G1QTWFdap03 -v6DoY7drHoOeSLlCUAQdgqY5DBMCAwEAAaOCAYkwggGFMA4GA1UdDwEB/wQEAwIF -oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd -BgNVHQ4EFgQU4FUyT95I5r0So+6CFTd3fHsAmfQwHwYDVR0jBBgwFoAU+3hPEvlg -FYMsnxd/NBmzLjbqQYkwZgYIKwYBBQUHAQEEWjBYMCIGCCsGAQUFBzABhhZodHRw -Oi8vMTI3LjAuMC4xOjQwMDIvMDIGCCsGAQUFBzAChiZodHRwOi8vMTI3LjAuMC4x -OjQwMDAvYWNtZS9pc3N1ZXItY2VydDASBgNVHREECzAJggdsZTMud3RmMCcGA1Ud -HwQgMB4wHKAaoBiGFmh0dHA6Ly9leGFtcGxlLmNvbS9jcmwwYQYDVR0gBFowWDAI -BgZngQwBAgEwTAYDKgMEMEUwIgYIKwYBBQUHAgEWFmh0dHA6Ly9leGFtcGxlLmNv -bS9jcHMwHwYIKwYBBQUHAgIwEwwRRG8gV2hhdCBUaG91IFdpbHQwDQYJKoZIhvcN -AQELBQADggEBALoYz4ElDobFhLDEkkPUWt6N2W14dmUSg4fc9DxCymQRSRcoXyww -KWDTAINSKKdmkVY4pdDu2rvAWf2erYW2vROUUrvsggRNzTe+SlGxZ9rf573uo4yW -f66q21snoriOG8vyTsJIMW4qzE65NKBDdNXaO/Iwt+3aV1XQnrDzSjxzyfwNbasY -SXqcjUljxnOa+u6WZ3B3+0Qvg1wvNCQ30BLCj3e2TY38XPgue289iC0AhX10RdP7 -am3YdfYhyPIPy0Yvva8o8Q0xqdV5W88esZGarb+FVsCiep5zTrdi6oXyCitOlGFe -lFQIlnuLL7cYssxGVs9Dk/Zup5Cid/U3lnc= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZWSimLiXFYvex -EkFgu9xOA8ClNRLi+wfOOUjwF66M9kf8j7CJIJy2CF+LhcYhxtfHXqHvCUjg1Tsm -TlZLtP56rHuLb/3SEm4jrnivtWx5/b7T0oZmbh+Uq6nSEqgayhE+XcWP8hbN9jgb -M1OZvFerA3iiIdb7mHMVLXiM2OmmQsuPNWa9rZYtDVXOU9N4u6CUILBzHBgMgKU0 -8fwrXP8iPzO1i+KBrc6X+Vw2XqdG61fyzvvK1BhfBaTHtsFfrffZiHyjDPn9qzg5 -shxMdrdzSgx91xH1q+4jC/IXYPxa4M4VbeBtUE1hXWqdN7+g6GO3ax6Dnki5QlAE -HYKmOQwTAgMBAAECggEAPqCWOewqLgoqXPdppzn6bPBf3jrAym6S/TU8cxIf1bZR -X9D3iUvAXCNlhIpzYOAu5N+7wWjnewF2Hb+M1hu9CBQTNUZ72MA+xEFNvTOFolEf -X2HWIEWzC9+6+zEtBysadOIIP0X+lDJSUGQlvrKqgDhr1ivyCmUPJBcKGWuXR7SH -TMZDj1cpJk9rI8n4MT1qGbX6X7J8cunjz3I9ETdl/FYg/JptxzeiqZKXUk+T1rA0 -xzBojTlTfCNCRr3jpX5S5wd/vVPqJX0fe16qVyUtVZ+QaqjRWJKlLrz4hpOV8xqR -WTQilXrmx8VlnOJSyLZl+4OPLoktkl/bGWCXyceTYQKBgQD6aNBZn616lx0MAj+E -L9piowNFttTgjGvuhFXryvyTm4zjGN+LakTjpOiKGniBHgv/XK+hnqJ/RMcB5NE7 -quu1hGXTxU5Fo0VtPczuhPKUireC7ObfOPTH7sF3uzsuTZMyrsLiqwjJSOJD6Rbg -HyKk41PbnR8zseSxM9HBB8zpxQKBgQDeM2NB222xAxZjrHNeJzzyXOosItybXYHj -MO8vZqkX6d+8+OtRe97+/yQc7ajKYP7bxE6IPhATr+zG3XjEZkRzK/IJKPX3vJxG -1DogodX04xVbSArEzXioRfB5Hm/spzBfifLlxOqRx015a9imGEmIJJhkAQIJNq97 -OY1ocIBz9wKBgQCV7nwRrZHpfOFfd1kghKZ1uLUU4MvFR064mXP4oqlomBJbR2FR -0Gc/BlZVmlPcu2jjlVNzqdAR89RURfUhjM1k+ckea1zaRVAkgIRbrC6y0fve4Im7 -zhaCP2qHjgt5RemExy7ZGR9BpeoUT1PrDblokNR9Ai7UfQc5MpW8xjbjIQKBgQC7 -1qEwCTlfjIae2CfnDjCdiiKEESyBQrkMwE9SuOx1RMZZT+xOQ/Mtia6Tre0kuH56 -dicVUbHxkqUNMChpjzKKUjoXuELGnPFXhw1kjKr8jAN/2RURbcl0Jzu0iCCB5Iwm -F834o1DQz7UU0jChqKJwrs8MqzV3aH1MJEkAYyqT3QKBgF8n4bVclneN9p/I9N13 -21MpLCWxAky9iRBhjR+L5gkIlCGjZWwk/piq4YTnUUi0FupDKLsplQVQVZ03UdNu -7KEsS+hlmlcOXxUudMaAd8oejnowvJ1ZLe6Kzj1yL/4IhEsi7NZTefqvgI7cWGSb -32LvEf6COaMru51kznd9rBCu ------END PRIVATE KEY----- diff --git a/certbot_haproxy/tests/testdata/installer/certs/testsite.nl.pem b/certbot_haproxy/tests/testdata/installer/certs/testsite.nl.pem deleted file mode 100644 index c0a837b..0000000 --- a/certbot_haproxy/tests/testdata/installer/certs/testsite.nl.pem +++ /dev/null @@ -1,82 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEgDCCA2igAwIBAgITAP/jQ+fjyMFngshxuNiFokjDMTANBgkqhkiG9w0BAQsF -ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTYwODI0 -MDBaFw0xNjExMTQwODI0MDBaMEUxFDASBgNVBAMTC3Rlc3RzaXRlLm5sMS0wKwYD -VQQFEyRmZmUzNDNlN2UzYzhjMTY3ODJjODcxYjhkODg1YTI0OGMzMzEwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB3wBihSFbE70jhj4V94bvyQToBMES -ywcSnvFD9iDzsBz715o6+qfO7N+/paj+Ehb3sPABTeSPUfu4/5FAyHvisvdhi54v -dIUbV/l66hUeSPRUWSGdMlSayFVTdwK7eZBDD6ejjfcF0uh2jcv7u2gnMxMwOSNZ -t/fe6+NyNwEhtXV9khEznpanftntQTDkVURQyCpmVnoJ7GclPNqSJ8ju9p+lHNS4 -5a5baVv8qT3u6FX8DVK9tGekVwFP+atT8b3Oxr0+prjiePd6cFPV7CI9xd8zMr/d -cgRmOyxv5eLP6eZApET5Vuix/b7tyGWotMOxQGqvmYxA9BnJmJ9jSSspAgMBAAGj -ggGNMIIBiTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLXliZSZfu6Ak8YabyElsZsU -uhJ4MB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGYGCCsGAQUFBwEB -BFowWDAiBggrBgEFBQcwAYYWaHR0cDovLzEyNy4wLjAuMTo0MDAyLzAyBggrBgEF -BQcwAoYmaHR0cDovLzEyNy4wLjAuMTo0MDAwL2FjbWUvaXNzdWVyLWNlcnQwFgYD -VR0RBA8wDYILdGVzdHNpdGUubmwwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL2V4 -YW1wbGUuY29tL2NybDBhBgNVHSAEWjBYMAgGBmeBDAECATBMBgMqAwQwRTAiBggr -BgEFBQcCARYWaHR0cDovL2V4YW1wbGUuY29tL2NwczAfBggrBgEFBQcCAjATDBFE -byBXaGF0IFRob3UgV2lsdDANBgkqhkiG9w0BAQsFAAOCAQEAeATnmWbps/AZpI68 -V7pbJl5uEuebVpqIeWwwYr+tXZwHKV6bSedCzm5G1Q2B1CUPHzqlMmrK4giA5HTf -4Zr6UT28X74eqkEhOj/xAKqtwMeRUQFnkd1motaferMwnP8VlR7yr/peR2Dzi7/x -/mDMdGGBFOSU1j/e1pIZ80ZEN8FJy9qL07rYOkax6nHv5OBw3CN/VP448KU+nE6s -k/ALtDcjvUO9LXArUaRuRZebRwm4kEmLdvKsJ2SKhwKwrWtN4nmMWHbAESKg+o7r -XM/R/UStudu/vXaJ5q1bGPTLIztiMBY/GI+mEbKAHiHnrs6GGVgXQX6qRhOsboQM -8kpAsQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj -a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN -MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5 -Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU -zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U -joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK -FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7 -XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC -AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC -BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw -AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB -BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh -eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN -MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6 -Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr -aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV -HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y -AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4 -idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+ -U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv -ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt -j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC -XE9ijPIcvW6y1aa3bGw= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDB3wBihSFbE70j -hj4V94bvyQToBMESywcSnvFD9iDzsBz715o6+qfO7N+/paj+Ehb3sPABTeSPUfu4 -/5FAyHvisvdhi54vdIUbV/l66hUeSPRUWSGdMlSayFVTdwK7eZBDD6ejjfcF0uh2 -jcv7u2gnMxMwOSNZt/fe6+NyNwEhtXV9khEznpanftntQTDkVURQyCpmVnoJ7Gcl -PNqSJ8ju9p+lHNS45a5baVv8qT3u6FX8DVK9tGekVwFP+atT8b3Oxr0+prjiePd6 -cFPV7CI9xd8zMr/dcgRmOyxv5eLP6eZApET5Vuix/b7tyGWotMOxQGqvmYxA9BnJ -mJ9jSSspAgMBAAECggEAIumfzh4fZaFmXDFemOIcgK34njfM9S9utKG+3PhD8t5y -OcAX3CsrcQ4jNQYGKsrjK/PHJNT8Jfsjk6siY0I3XRnRhtV3xR/8oHH1UXc6GlwU -8+OhNAfOSJlvFDrIWS6JFiqJi+CS7Y+PoVnjtA+JsBV4jSSdAxkoIBLmwLi7EXCl -tQrkwdoPwCO+dZvie4MomgUV0TrmLbEPtFisJo8/jhduy1HngGxDl7sXiqRMHyPC -xAJ5ZKlbDJ15j6dMxoHtCIeit/1bS4+imxcJQGw/MBZ+LH5sKAo0nbTPfevv/QhJ -iBCOcrPskFW0QMzOSLY/W25gpwm2oySHNwiiHFRuaQKBgQDtFThR4EFPiF5oI5XS -KI72zVTOuSrAsmBcvFpPZkmqKuXu3qyRo0exndJvxLC3hLqSF9pgu4IF1BdL3aaT -g+ydRAyLIn1MRvzvS2eKXUMuJr/0up9bYo/4zCzGU2uHhazeN4fqDG8LtPsOF0sr -/pIj+K+n7bWHlhIShkdj8W1J+wKBgQDRVx1dATk8UKMZeZ8MJXZNkx5U/RvyEs1j -RRYSPNfe4Lg25b7acFXBToP6+XXMDkwXc3blL6U4xjdVBrek8KDhUuErZNNpjPl9 -j5yKUXP97jUGCnVFXWADiNiJBKxg6J8xlp9b8HR7VCj8GHNw0G4x1xGxEexl6Za1 -aOPL+WraKwKBgQC+suHhYdvGyG7/nxgEumD8ff7oZSLRaul9zndqBGHegbD/qZbv -coHZiZPaGUD37MhReORMCKc2Xvn6KSiy4VuyyCi6xZw5faQ4KtP3BLtj5QFkLbS+ -whICUuD1CealVM3O1KX7idLMfN+v3ua1VYhhbMiF7/ujOwAAbIgCCREafwKBgH7D -VreL1yHL3oe9mu7a/IFLFfH29uYmNpLnMc9HYpzGzSYJBwH1RihxKABg8NDo03Db -7WIo8M6pULY/BBNv1qu66TjCrDZdNHKw9OTZH/jjNt56lLq1KT/arOyDlPJ1ynhX -shYVTCOmOc816ymkPSYXCtKDfPfVc/pUEqTgWrDTAoGAdRodbrI50uQdLn+BbQpa -0mz060atBqZTfRP4R69f0rn+L9mNp3R2Eggz6g5R6MVY7XoNDRFqu/28VTfwwh3t -tEKXEAAX1r/9lOrmVJDSX+IaNnhcFXi+TTo2g6BNU7sPRFU7dkkBalJXwZRq57fG -6h+IsrFTuZ97aKvbligfIyM= ------END PRIVATE KEY----- diff --git a/certbot_haproxy/tests/testdata/installer/deploy_cert/cert.pem b/certbot_haproxy/tests/testdata/installer/deploy_cert/cert.pem deleted file mode 100644 index 9bfb094..0000000 --- a/certbot_haproxy/tests/testdata/installer/deploy_cert/cert.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEjjCCA3agAwIBAgITAP8dU9EqObz3KDuVJ5zsgvHaPzANBgkqhkiG9w0BAQsF -ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTYwODI1 -MDBaFw0xNjExMTQwODI1MDBaMEUxFDASBgNVBAMTC3Rlc3RzaXRlLm5sMS0wKwYD -VQQFEyRmZjFkNTNkMTJhMzliY2Y3MjgzYjk1Mjc5Y2VjODJmMWRhM2YwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD69azKc6hhqley1TDosC1yybb4Re3o -QAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPGdjiAeQg3wYS/4D9a -9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1OYuSh5Auuo/zOpBq -1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q/KPtp29X4/9Njsi+ -Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4RtOcZbSdtkqSCcvyn -lDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnONM22bocmxAgMBAAGj -ggGbMIIBlzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMy9atItsN+uYHZrFstFAuRT -07LSMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGYGCCsGAQUFBwEB -BFowWDAiBggrBgEFBQcwAYYWaHR0cDovLzEyNy4wLjAuMTo0MDAyLzAyBggrBgEF -BQcwAoYmaHR0cDovLzEyNy4wLjAuMTo0MDAwL2FjbWUvaXNzdWVyLWNlcnQwJAYD -VR0RBB0wG4ILdGVzdHNpdGUubmyCDHRlc3RzaXRlMi5ubDAnBgNVHR8EIDAeMByg -GqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIB -MEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8G -CCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IB -AQAveccT5zxeDkkDfdfp2pap1/EkHRcYQR5wb/XheYEmBWbKDEqO7IZBl5BSAjei -D6BeTE3f9VuDGkUV5WaowVJFjpjWIhzRO/ghnGKgXF1O2CeqbF5cdWaHfMDxNy+b -fHNbyWV0YFZtAC0Ema/ceYidx7dpRc+p1/FzuSIV8MHcVExGIRllUAJwIT9wN62T -XvBVHkJMm+iwRtEpzPnEEvS5x/Tdw4eFoOlKlu+lDgLl+n5YNR0dgEP6PvzTrdJG -FhMXOXFpLYOaI+AC5oup8Sh43Eqh/ZgBr9vv0WonFI//mekinzrBQn6gxWCsPWNF -H+kn9B1TfT1J+5b/xlNRAvVe ------END CERTIFICATE----- diff --git a/certbot_haproxy/tests/testdata/installer/deploy_cert/chain.pem b/certbot_haproxy/tests/testdata/installer/deploy_cert/chain.pem deleted file mode 100644 index 267866e..0000000 --- a/certbot_haproxy/tests/testdata/installer/deploy_cert/chain.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj -a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN -MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5 -Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU -zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U -joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK -FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7 -XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC -AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC -BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw -AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB -BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh -eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN -MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6 -Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr -aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV -HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y -AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4 -idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+ -U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv -ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt -j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC -XE9ijPIcvW6y1aa3bGw= ------END CERTIFICATE----- diff --git a/certbot_haproxy/tests/testdata/installer/deploy_cert/fullchain.pem b/certbot_haproxy/tests/testdata/installer/deploy_cert/fullchain.pem deleted file mode 100644 index e6cbcad..0000000 --- a/certbot_haproxy/tests/testdata/installer/deploy_cert/fullchain.pem +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEjjCCA3agAwIBAgITAP8dU9EqObz3KDuVJ5zsgvHaPzANBgkqhkiG9w0BAQsF -ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTYwODI1 -MDBaFw0xNjExMTQwODI1MDBaMEUxFDASBgNVBAMTC3Rlc3RzaXRlLm5sMS0wKwYD -VQQFEyRmZjFkNTNkMTJhMzliY2Y3MjgzYjk1Mjc5Y2VjODJmMWRhM2YwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD69azKc6hhqley1TDosC1yybb4Re3o -QAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPGdjiAeQg3wYS/4D9a -9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1OYuSh5Auuo/zOpBq -1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q/KPtp29X4/9Njsi+ -Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4RtOcZbSdtkqSCcvyn -lDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnONM22bocmxAgMBAAGj -ggGbMIIBlzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMy9atItsN+uYHZrFstFAuRT -07LSMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGYGCCsGAQUFBwEB -BFowWDAiBggrBgEFBQcwAYYWaHR0cDovLzEyNy4wLjAuMTo0MDAyLzAyBggrBgEF -BQcwAoYmaHR0cDovLzEyNy4wLjAuMTo0MDAwL2FjbWUvaXNzdWVyLWNlcnQwJAYD -VR0RBB0wG4ILdGVzdHNpdGUubmyCDHRlc3RzaXRlMi5ubDAnBgNVHR8EIDAeMByg -GqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIB -MEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8G -CCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IB -AQAveccT5zxeDkkDfdfp2pap1/EkHRcYQR5wb/XheYEmBWbKDEqO7IZBl5BSAjei -D6BeTE3f9VuDGkUV5WaowVJFjpjWIhzRO/ghnGKgXF1O2CeqbF5cdWaHfMDxNy+b -fHNbyWV0YFZtAC0Ema/ceYidx7dpRc+p1/FzuSIV8MHcVExGIRllUAJwIT9wN62T -XvBVHkJMm+iwRtEpzPnEEvS5x/Tdw4eFoOlKlu+lDgLl+n5YNR0dgEP6PvzTrdJG -FhMXOXFpLYOaI+AC5oup8Sh43Eqh/ZgBr9vv0WonFI//mekinzrBQn6gxWCsPWNF -H+kn9B1TfT1J+5b/xlNRAvVe ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj -a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN -MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5 -Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU -zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U -joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK -FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7 -XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC -AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC -BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw -AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB -BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh -eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN -MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6 -Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr -aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV -HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y -AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4 -idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+ -U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv -ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt -j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC -XE9ijPIcvW6y1aa3bGw= ------END CERTIFICATE----- diff --git a/certbot_haproxy/tests/testdata/installer/deploy_cert/privkey.pem b/certbot_haproxy/tests/testdata/installer/deploy_cert/privkey.pem deleted file mode 100644 index 6e54fc4..0000000 --- a/certbot_haproxy/tests/testdata/installer/deploy_cert/privkey.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD69azKc6hhqley -1TDosC1yybb4Re3oQAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPG -djiAeQg3wYS/4D9a9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1 -OYuSh5Auuo/zOpBq1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q -/KPtp29X4/9Njsi+Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4R -tOcZbSdtkqSCcvynlDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnON -M22bocmxAgMBAAECggEAHTauF58hEcVvkgzJNb0UfVFH8FzLlgalr5vH/8Tyl/et -loi/OcB+SHXMFykZHTdGAiVF7NET/ngneBnY9/Oe5karul5TYbY7zJj3IuPcf48C -xwbxhY9NmKwW+ZSnNInvlA59DJzQRYTFZVM+kR8gxJ/JFApUN2u4ycgPeKbHFQp6 -lSkkK3hhIWjYdmGAnvBO2WvP15/K/aax2ohbAf+nkLTiisCcQOL1c7j/lIPGFRS8 -7lZgivfyPdfYi9pJ2eonNmER+F7ruhnCgCsEhvj7Hv57YQ8V3YsJ+0m/MfE2mDX7 -mwACytDEExWuiPmjlrcFy42vHf8X8fuYVg5YVmxH1QKBgQD/4Kis75wsJtxTPBFA -LHX3AtnIVLyiQWeZBnZhk8kRiLiUa6B84D5Ca3ED1dGXW8Gw021BAukMPREx3oyA -atUi942DJPVywVn0xf7XqmdMtaANSYOKT0JZ+j6g3vdEcEa6WPPrJJQpCGH7nGY0 -i9TePAisfdeo3UL1EWVM/+0LpwKBgQD7FGnoroUc0vGruzn0RICD0JrKqsCZVXaQ -czq9WyeziHw2YRqF77EHG03SRFFRxbnAPhYjfrTtO09G0gCKmu11TX6785nlnJMF -ZsYLEltz+GweXlW6eDwoNVOR1g7ox8ph+dqHxnA88UMql7lC+cEuPWKRhTlRg5yF -xuoiMXJK5wKBgQD+o9C46Wt99N5mZuyz9Isg2tFosAtZXcV/YBMHYE9FB87IxaLd -IzxSVSIPMwZ1nnbPRlj/zamm6E7oVhV05txdBAbscCdjoE+pbDEE5ywOBuHU10f0 -qJPbf1I8PifND/8TC9sSM0DO5Oy9vRNpT47z6sKnBkVMY4Vy5XDug/KfGQKBgQDT -kcgMwcJ5H2d1hja3lmGUsVs+G9RfYJyf6/k7RmyV5BSG3hwzcF6D1oYlAFxlw29a -hvawwjxDCw8qZhr+sL4Xck2wovyzdtSMYKXQ/o8BkfvJO0SR9G78krLw2KeHj5MC -LD/w2U4KjGJEqcT6ouodxKwiY1iBT529PHheh7v/UQKBgF32brFvPS1HUHQTSxmf -v2I56PygoO+5JwTWzDGKTF9myrKZV1hAfCD5PC1bDa31FtaBafe4Tna0n6fi927d -7ZIETyMNal9RRyrizs4ofXC73Z6lDtN+Tx9KkatSv53vg5XhGO/YvG/XoVrIsg+y -KDCtDY6AERC2OGNgGa4d4H5+ ------END PRIVATE KEY----- diff --git a/certbot_haproxy/tests/testdata/installer/haproxy.cfg b/certbot_haproxy/tests/testdata/installer/haproxy.cfg deleted file mode 100644 index 18d0d37..0000000 --- a/certbot_haproxy/tests/testdata/installer/haproxy.cfg +++ /dev/null @@ -1,41 +0,0 @@ -global - user haproxy - group haproxy - daemon - ssl-default-bind-ciphers AES128+AESGCM+EECDH:AES128+EECDH:AES128+AESGCM+DHE:AES128+EDH:AES256+AESGCM+EECDH:AES256+EECDH:AES256+AESGCM+EDH:AES256+EDH:!SHA:!MD5:!RC4:!DES:!DSS - ssl-default-bind-options no-sslv3 - tune.ssl.default-dh-param 2048 - -frontend http-in - bind *:80 - mode http - # LE HAProxy installer should combine certs and place them here.. - # Uncomment when ready.. Needs ACL to work per site. - bind *:443 ssl crt /etc/ssl/crt/ - - acl is_letsencrypt path_beg -i /.well-known/acme-challenge - use_backend letsencrypt if is_letsencrypt - acl le1-wtf hdr(host) -i le1.wtf - acl other-site hdr(host) -i le2.wtf - - # IF redirect is to be used, uncomment the next line - # redirect scheme https if !{ ssl_fc } and testsite.nl - default_backend nodes - -backend letsencrypt - log global - mode http - server letsencrypt 127.0.0.1:8000 - -backend nodes - log global - mode http - option tcplog - balance roundrobin - option forwardfor - option http-server-close - option httpclose - http-request set-header X-Forwarded-Port %[dst_port] - http-request add-header X-Forwarded-Proto https if { ssl_fc } - option httpchk HEAD / HTTP/1.1\r\nHost:localhost - server node1 127.0.0.1:8080 check diff --git a/certbot_haproxy/tests/testdata/installer/haproxy_bad.cfg b/certbot_haproxy/tests/testdata/installer/haproxy_bad.cfg deleted file mode 100644 index 685ac1f..0000000 --- a/certbot_haproxy/tests/testdata/installer/haproxy_bad.cfg +++ /dev/null @@ -1,31 +0,0 @@ -this is bad - -frontend http-in - bind *:80 - mode http - # LE HAProxy installer should combine certs and place them here.. - # Uncomment when ready.. Needs ACL to work per site. - bind *:443 ssl crt /etc/ssl/crt/ - - acl is_letsencrypt path_beg -i /.well-known/acme-challenge - use_backend letsencrypt if is_letsencrypt - acl le1-wtf hdr(host) -i le1.wtf - acl other-site hdr(host) -i le2.wtf - - # IF redirect is to be used, uncomment the next line - # redirect scheme https if !{ ssl_fc } and testsite.nl - default_backend nodes - -backend nodes - log global - mode http - option tcplog - balance roundrobin - option forwardfor - option http-server-close - option httpclose - http-request set-header X-Forwarded-Port %[dst_port] - http-request add-header X-Forwarded-Proto https if { ssl_fc } - option httpchk HEAD / HTTP/1.1\r\nHost:localhost - server node1 127.0.0.1:8080 check - diff --git a/certbot_haproxy/tests/testdata/installer/haproxy_empty.cfg b/certbot_haproxy/tests/testdata/installer/haproxy_empty.cfg deleted file mode 100644 index d1aa20c..0000000 --- a/certbot_haproxy/tests/testdata/installer/haproxy_empty.cfg +++ /dev/null @@ -1 +0,0 @@ -# Empty file to check the test_config function of the installer diff --git a/docs/api/installer.rst b/docs/api/installer.rst deleted file mode 100644 index 84fc9d5..0000000 --- a/docs/api/installer.rst +++ /dev/null @@ -1,5 +0,0 @@ -:mod:`certbot_haproxy.installer` --------------------------------------- - -.. automodule:: certbot_haproxy.installer - :members: diff --git a/setup.py b/setup.py index e299c63..6235329 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ from setuptools import setup from setuptools import find_packages -own_version = '0.1.1' +own_version = '0.2.0' certbot_version = '0.8.1' # Please update tox.ini when modifying dependency version requirements From 53eb60df57bb583a672252791da8cdcafbad05a8 Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Tue, 7 May 2019 12:50:42 +0200 Subject: [PATCH 2/6] Added more information in readme --- README.rst | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index df4f823..6d7db6b 100644 --- a/README.rst +++ b/README.rst @@ -32,6 +32,19 @@ configure HAProxy for use with the plugin. If you have a good idea on how we can implement automatic HAProxy configuration, you are welcome to create a merge request or an issue. +Dropped installer support in version 0.2.0 +------------------------------------------ + +In version 0.2.0 the installer component is dropped. Originally the installer +component made sure to place the certificates in the right directory for haproxy +by combining the key and the crt. This was done because original versions of +certbot executed the hooks after every domain renewal. + +New versions of certbot have move fine grained post install hooks. With those +hooks more flexibility is added for installation. An example script and command +is added in version 0.2.0+ + + Installing: Requirements ------------------------ @@ -302,8 +315,8 @@ together a configuration that works for you. systemctl restart haproxy -Now you can try to run Certbot with the plugin as the Authenticator and -Installer, if you already have websites configured in your HAProxy setup, you +Now you can try to run Certbot with the plugin as the Authenticator. +Iff you already have websites configured in your HAProxy setup, you may try to install a certificate now. .. code:: bash From ce702fbb10c7531958917e6ddd9cb011fb1b93bf Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Tue, 7 May 2019 12:54:55 +0200 Subject: [PATCH 3/6] extended constants and version numbers --- certbot_haproxy/constants.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/certbot_haproxy/constants.py b/certbot_haproxy/constants.py index 0b9be17..e3d4505 100644 --- a/certbot_haproxy/constants.py +++ b/certbot_haproxy/constants.py @@ -90,18 +90,25 @@ CLI_DEFAULTS = { "debian": { '_min_version': '7', - '_max_version': '8', + '_max_version': '9', '7': CLI_DEFAULTS_DEBIAN_BASED_PRE_SYSTEMD_OS, - '8': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS + '8': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '9': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS }, "ubuntu": { '_min_version': '14.04', - '_max_version': '16.04', + '_max_version': '18.04', '14.04': CLI_DEFAULTS_DEBIAN_BASED_PRE_SYSTEMD_OS, '14.10': CLI_DEFAULTS_DEBIAN_BASED_PRE_SYSTEMD_OS, '15.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, '15.10': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, - '16.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS + '16.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '16.10': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '17.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '17.10': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '18.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '18.10': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS, + '19.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS } } From 7c81911bf6296c2d099193a5eacb52f43af32a57 Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Tue, 7 May 2019 12:56:28 +0200 Subject: [PATCH 4/6] removed installer support --- setup.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup.py b/setup.py index 6235329..4e8db51 100644 --- a/setup.py +++ b/setup.py @@ -39,7 +39,6 @@ ) haproxy_authenticator = 'certbot_haproxy.authenticator:HAProxyAuthenticator' -haproxy_installer = 'certbot_haproxy.installer:HAProxyInstaller' setup( name='certbot-haproxy', @@ -77,7 +76,6 @@ entry_points={ 'certbot.plugins': [ 'haproxy-authenticator = %s' % haproxy_authenticator, - 'haproxy-installer = %s' % haproxy_installer ], }, # test_suite='certbot_haproxy', From 58afe5c8e32d9e7a9e9a99a8479536973035aa8b Mon Sep 17 00:00:00 2001 From: Mart van Santen Date: Thu, 9 May 2019 06:49:23 +0200 Subject: [PATCH 5/6] improved comments --- README.rst | 21 +++++++++-------- certbot-deploy-hook-example | 46 +++++++++++++++++++++++-------------- 2 files changed, 41 insertions(+), 26 deletions(-) diff --git a/README.rst b/README.rst index 6d7db6b..92c83d6 100644 --- a/README.rst +++ b/README.rst @@ -32,7 +32,7 @@ configure HAProxy for use with the plugin. If you have a good idea on how we can implement automatic HAProxy configuration, you are welcome to create a merge request or an issue. -Dropped installer support in version 0.2.0 +Dropped installer support in version 0.2.0+ ------------------------------------------ In version 0.2.0 the installer component is dropped. Originally the installer @@ -44,6 +44,8 @@ New versions of certbot have move fine grained post install hooks. With those hooks more flexibility is added for installation. An example script and command is added in version 0.2.0+ +The example script for deploy is `certbot-deploy-hook-example` + Installing: Requirements ------------------------ @@ -53,24 +55,25 @@ work on Ubuntu 14.04+ too. If you are running Debian Wheezy, you may need to take additional steps during the installation. Thus, the requirements are: - Debian Jessie (or higher) or Ubuntu Trusty (or higher). -- Python 2.7 (2.6 is supported by certbot and our goal is to be compatible but +- Python 3.0+ (Python 2.7 is still supported to be compatible with older + operating systems) it has not been tested yet). -- HAProxy 1.6+ (we will configure SNI, which is not strictly required) -- Certbot 0.8+ +- HAProxy 1.6+ +- Certbot 0.19+ Installing: Getting started --------------------------- -The installation below assumes you are running Debian Jessie but it should be +The installation below assumes you are running Debian Stretch but it should be almost entirely the same process on Ubuntu. -First add the backports repo for Jessie to your apt sources. +If you are still using Jessie, you have to add the backports repo for Jessie. .. note:: This will not work for Ubuntu, you will need to use another source, check which version comes with your version of Ubuntu, if it is a version - below 0.8, you need to find a back port PPA or download certbot from source. + below 0.19, you need to find a back port PPA or download certbot from source. .. code:: bash @@ -95,7 +98,7 @@ Now update, upgrade and install some requirements: openssl ca-certificates \ build-essential libffi-dev libssl-dev python-dev \ python python-setuptools \ - haproxy python3-all python3-future + haproxy python3-pip python3-setuptools easy_install pip pip install --upgrade setuptools @@ -316,7 +319,7 @@ together a configuration that works for you. systemctl restart haproxy Now you can try to run Certbot with the plugin as the Authenticator. -Iff you already have websites configured in your HAProxy setup, you +If you already have websites configured in your HAProxy setup, you may try to install a certificate now. .. code:: bash diff --git a/certbot-deploy-hook-example b/certbot-deploy-hook-example index 5c7bf37..6e08ad0 100755 --- a/certbot-deploy-hook-example +++ b/certbot-deploy-hook-example @@ -1,41 +1,53 @@ -#!/usr/bin/python3 - +#!/usr/bin/env python3 import os import re import sys -# Get LINEAGE from Environment +# Certbot sets an environment variable RENEWED_LINEAGE, which points to the +# path of the renewed certificate. We use that path to determine and find +# the files for the currently renewed certificated lineage=os.environ.get('RENEWED_LINEAGE') -# If Nothing renewed, exit +# If nothing renewed, exit if not lineage: - sys.exit() + sys.exit() -# Fetch domain +# From the linage, we strip the 'domain name', which is the last part +# of the path. result = re.match(r'.*/live/(.+)$', lineage) -# No match found +# If we can not recognize the path, we exit with 1 if not result: - sys.exit(1) + sys.exit(1) +# Extract the domain name domain = result.group(1) -# Deploy path +# Define a path for HAproxy where you want to write the .pem file. deploy_path="/etc/haproxy/ssl/" + domain + ".pem" + +# The source files can be found in below paths, constructed wuth the lineage +# path source_key = lineage + "/privkey.pem" source_chain = lineage + "/fullchain.pem" -deploy = open(deploy_path, "w") -key = open(source_key, "r") -chain = open(source_chain, "r") -deploy.write(key.read()) -deploy.write(chain.read()) +# HAproxy requires to combine the key and chain in one .pem file +with open(deploy_path, "w") as deploy, \ + open(source_key, "r") as key, \ + open(source_chain, "r") as chain: + deploy.write(key.read()) + deploy.write(chain.read()) + + + +# Here you can add your service reload command. Which will be executed after +# every renewal, which is fine if you only have a few domains. -chain.close() -key.close() -deploy.close() +# Alternative is to add the reload to the --post-hook. In that case it is only +# ran once after all renewals. That would be the use-case if you have a large +# number of different certificates served by HAproxy. From b2a251ea3bd36c6dec7d4bd1a811c36038e20d06 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Thu, 9 May 2019 09:52:47 +0000 Subject: [PATCH 6/6] fix typo in certbot-deploy-hook-example, remove some newlines --- certbot-deploy-hook-example | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/certbot-deploy-hook-example b/certbot-deploy-hook-example index 6e08ad0..7d0e4ae 100755 --- a/certbot-deploy-hook-example +++ b/certbot-deploy-hook-example @@ -13,7 +13,6 @@ lineage=os.environ.get('RENEWED_LINEAGE') if not lineage: sys.exit() - # From the linage, we strip the 'domain name', which is the last part # of the path. result = re.match(r'.*/live/(.+)$', lineage) @@ -25,11 +24,10 @@ if not result: # Extract the domain name domain = result.group(1) - # Define a path for HAproxy where you want to write the .pem file. deploy_path="/etc/haproxy/ssl/" + domain + ".pem" -# The source files can be found in below paths, constructed wuth the lineage +# The source files can be found in below paths, constructed with the lineage # path source_key = lineage + "/privkey.pem" source_chain = lineage + "/fullchain.pem" @@ -41,13 +39,11 @@ with open(deploy_path, "w") as deploy, \ deploy.write(key.read()) deploy.write(chain.read()) - - # Here you can add your service reload command. Which will be executed after # every renewal, which is fine if you only have a few domains. # Alternative is to add the reload to the --post-hook. In that case it is only -# ran once after all renewals. That would be the use-case if you have a large +# run once after all renewals. That would be the use-case if you have a large # number of different certificates served by HAproxy.