diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2020-09-04 23:39:22 +0100 |
---|---|---|
committer | Lucas Savva <lucas@m1cr0man.com> | 2020-09-06 01:28:19 +0100 |
commit | 34b5c5c1a408d105beb9b92b9ed5b1565135e75e (patch) | |
tree | 89be33fa334d1da2f2f3dd0013ddf5a45f19a489 /nixos/tests | |
parent | f57824c915e350a488b109427351df2757424278 (diff) |
nixos/acme: More features and fixes
- Allow for key reuse when domains are the only thing that
were changed.
- Fixed systemd service failure when preliminarySelfsigned
was set to false
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/acme.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 1c83ad3c9d83..64193ed8498c 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -297,11 +297,17 @@ in import ./make-test-python.nix ({ lib, ... }: { check_connection(client, "slow.example.com") with subtest("Can request certificate for vhost + aliases (nginx)"): + # Check the key hash before and after adding an alias. It should not change. + # The previous test reverts the ed384 change + webserver.wait_for_unit("acme-finished-a.example.test.target") + keyhash_old = webserver.succeed("md5sum /var/lib/acme/a.example.test/key.pem") switch_to(webserver, "nginx-aliases") webserver.wait_for_unit("acme-finished-a.example.test.target") check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") check_connection(client, "b.example.test") + keyhash_new = webserver.succeed("md5sum /var/lib/acme/a.example.test/key.pem") + assert keyhash_old == keyhash_new with subtest("Can request certificates for vhost + aliases (apache-httpd)"): switch_to(webserver, "httpd-aliases") |