Occasionally a network error prevents Docker from starting boulder causing
Travis tests to fail like it did at
https://travis-ci.org/certbot/certbot/jobs/282923098. This works around the
problem by using travis_retry to try to start boulder again if it fails.
This also moves the logic of waiting for boulder to start into
tests/boulder-fetch.sh so people running integration tests locally can benefit.
* Switching from old branch (issue-4109) and addressing changes requested
in last iteration of review:
80aa857fd2
Requested changes that were addressed:
- fixed outdated docstring for `cert_path_to_lineage`
- removed `full_archive_dir_from_renewal_conf` amd replaced with `full_archive_path` (and `_full_archive_path` -> `full_archive_path`)
- matching on `cert` instead of `chain` in `cert_manager.cert_path_to_lineage`
- fixed the two coding wrongs make a right issue
Requested changes which were not addressed:
- moving `cert_path_to_lineage` from `cert_manager` to `storage`,
as it would introduce a hard to resolve circular dependency.
* Update integration tests to handle default deletion after revoke.
* Swapping test domains.
* Addressing PR feedback:
- calling storage.full_archive_path with a ConfigObj instead of None
- Removing lambda x: x.chain_path as an option to match against
* Addressing PR feedback: it's expected that len(pattern) is 0, so handle that case properly.
* Testing of conflicting values of --cert-name and --cert-path non-interactive mode.
* Silly test for when neither certname nor cert-path were specified.
* Changing archive_files to a private function, because mocking nested functions seems impossible.
* Tests for storage.cert_path_for_cert_name
* Splitting out _acceptable_matches
* Some tests for cert_manager.cert_path_to_lineage
* Offerings to the Lint God
* Cleaner way of dealing with files in archive dirs
* Handling the two different use cases of match_and_check_overlaps a bit better
* late night syntax errors
* Test for when multiple lineages share an archive dir
* Tests for certbot.cert_manager.match_and_check_overlaps
* Removing unneeded nesting
* Lint errors that Travis caught that didn't show up locally
* Adding two integration tests (matching & mismatched --cert-path, --cert-name) based on feedback.
* Asking the user if they want to delete in interactive mode.
* Add hook dir constants
* Add hook dir properties to configuration
* test hook dir properties
* reuse certbot.util.is_exe
* Add certbot.hooks.list_hooks
* test list_hooks
* Run pre-hooks in directory
* Run deploy-hooks in directory
* Run post-hooks in directory
* Refactor and update certbot/tests/hook_test.py
* Add integration tests for hook directories
* Have Certbot create hook directories.
* document renewal hook directories
* Add --no-directory-hooks
* Make minor note about locale independent sorting
Up until now, this test was written incorrectly. In addition, when it has
failed, it simply prints error messages rather than reporting that the test
failed. This fixes both of these problems.
- when no credentials are passed it will try to get valid credentials
using the google metadata service
- this is a feature of the google SDK, so we don't need to handle that
explicitly
- previous behaviour with a credentials file is retained
This changes the apache plugin behaviour to only parse enabled configuration files and respecting the --apache-vhost-root CLI parameter for new SSL vhost creation. If --apache-vhost-root isn't defined, or doesn't exist, the SSL vhost will be created to originating non-SSL vhost directory.
This PR also implements actual check for vhost enabled state, and makes sure parser.parse_file() does not discard changes in Augeas DOM, by doing an autosave.
Also handles enabling the new SSL vhost, if it's on a path that's not parsed by Apache.
Fixes: #1328Fixes: #3545Fixes: #3791Fixes: #4523Fixes: #4837Fixes: #4905
* First changes
* Handle rest of the errors
* Test fixes
* Final fixes
* Make parse_files accessible and fix linter problems
* Activate vhost at later time
* Cleanup
* Add a new test case, and fix old
* Enable site later in deploy_cert
* Make apache-conf-test default dummy configuration enabled
* Remove is_sites_available as obsolete
* Cleanup
* Brought back conditional vhost_path parsing
* Parenthesis
* Fix merge leftovers
* Fix to work with the recent changes to new file creation
* Added fix and tests for non-symlink vhost in sites-enabled
* Made vhostroot parameter for ApacheParser optional, and removed extra_path
* Respect vhost-root, and add Include statements to root configuration if needed
* Fixed site enabling order to prevent apache restart error while enabling mod_ssl
* Don't exclude Ubuntu / Debian vhost-root cli argument
* Changed the SSL vhost directory selection priority
* Requested fixes for paths and vhost discovery
* Make sure the Augeas DOM is written to disk before loading new files
* Actual checking for if the file is parsed within existing Apache configuration
* Fix the order of dummy SSL directives addition and enabling modules
* Restructured site_enabled checks
* Enabling vhost correctly for non-debian systems
* fix dns-rfc2136 plugin not respecting cnames
The plugin does not work if the domain of a certificate is found to have a cname record in dns.
That is because when plugin tries to find zone boundary, it searches from the domain up for the SOA record, and each DNS response is checked for the answer being empty, assuming that empty answer means no SOA record is present and the higher level domain has to be checked, and non empty answer section means that this domain is a zone root.
However, if the initial domain, or any upper level domain except the zone root has a cname record pointing to the zone root, then the server will, instead of returning an empty answer, return one containing two records, first a cname pointing to the zone root, then the SOA record of zone root, and that will make the check fail and use a wrong domain as a zone name during update.
Fix that by replacing a check for empty answer with explicitly searching in response's answer section for a SOA record matching the domain that is being checked.
* dns-rfc2136: fix lint errors
