Multi-domain doesn't seem to work anymore

[samueltardieu]

I noticed that I could not get a certificate with aliases for a new domain as the verification fails with a 404 (it looks like the wrong file is requested, no corresponding file exists in the file system), while without aliases everything went fine.

In order to check if it could be repeated, I tried to force a renewal on another system for an existing certificate which also has an alias (www.rfc1149.net) in addition to the domain name (rfc1149.net). The original multi-domain certificate was acquired through le.sh on January 13:

% FORCE=1 ./le.sh renewAll
renewAll
renew rfc1149.net
Account key exists, skip
Generating RSA private key, 2048 bit long modulus
...........................................................+++
...............................................................................+++
e is 65537 (0x10001)
Multi domain=DNS:www.rfc1149.net
Registering account
Already registered
Verify each domain
Geting token for domain=rfc1149.net
Geting token for domain=www.rfc1149.net
Verifying:rfc1149.net
rfc1149.net:Verify error:Invalid response from http://rfc1149.net/.well-known/acme-challenge/NbFnzhCqKPH64xDvAlAM69p_udAz6sFy5wLMaCnDuTo [195.154.227.159]: 404

When I check, indeed, no file with this name is present, another one is:

% ls -l $SITEROOT/.well-known/acme-challenge/
-rw------- 1 sam users 87 Jan 22 19:15 A-xLbrJyK-Zq8cIHa2iMFYXUzj4QxS9L_AphO7UeErA

Is the multi-domain certificate acquisition broken?

In addition, the umask has been honoured, which is probably not a good idea, I'll open another issue for that.

[Neilpang]

It's just fixed. Sorry, it was caused by my last checking to support DNS-01.

I'm thinking about adding some unit tests. Do you have any advices ?

[samueltardieu]

Individual features might be tested automatically quite easily, but certificate signing may be hard to automate given that LetsEncrypt puts a limit on the number of certificates it will sign for a given domain.

[Neilpang]

Yes, that's why I separated the features.

And we have a new macro: STAGE=1

When defining it, we will use letsencrypt staging server to issue dummy cert. Which has no limit.

[samueltardieu]

Nice, I hadn't noticed it.

The test-driver that comes with automake is a small (148 lines) shell script that can execute arbitrary tests (usually shell scripts) and check their exit code and log their output, and even add colors, etc. I think it could easily be used to run tests that could be written as tiny shell scripts calling le.sh with the right arguments and checking the outcome.

There probably exists tons of similar shell scripts, maybe even better, but this is the one I first thought about because I use it (through automake) in other projects.

[Neilpang]

Ok, I will take a look and let you know.

[Neilpang]

I just added a new unit test project https://github.com/Neilpang/letest.git