boulder
boulder copied to clipboard
Published
20 hours ago •
letsencrypt
letsencrypt
feat: add dns-account-01 integration test in chisel
This change adds preliminary dns-account-01 challenge support to the Python-based integration test suite.
Implemented tests:
- test_dns_account_challenge_multidomain
- test_dns_account_challenge_wildcardmultidomain
The certbot/acme library support for dns-account-01 is a prerequisite; see https://github.com/certbot/certbot/pull/9887.
Tested with initial Boulder support in 0b6192c (#7303).
Assuming you have the above certbot in the boulder directory, the following works:
docker compose -f docker-compose.yml -f docker-compose.next.yml run boulder bash -c \
'pip install -e certbot/acme && ./test.sh -i -f test_dns_account_challenge'
Combined test output is:
pebble-challtestsrv - 2024/02/12 19:37:21 Added DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.af70283b.xyz." - Value "En_vsg9nRCOt-UrVtN3bI2QCB-R4WekJmMv-MN6B_bg"
pebble-challtestsrv - 2024/02/12 19:37:21 Added DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.bab2cb70.xyz." - Value "KOH2QugY2slM6TjeIuUxDVADGbkUaMS0B4C3D8jCsKk"
19:37:21.577070 6 boulder-va 9NTnLAA [AUDIT] Checked CAA records for rand.af70283b.xyz, [Present: false, Account ID: 154, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:21.579650 6 boulder-va r5q3wA8 [AUDIT] Validation result JSON={"ID":"197","Requester":154,"Hostname":"rand.af70283b.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"qCcmr70OxhyZ9P6R7axJKvFqMy33X_n4Ie-PTHJ0Ftw","keyAuthorization":"qCcmr70OxhyZ9P6R7axJKvFqMy33X_n4Ie-PTHJ0Ftw.gXUtWpMz1F-lLUtGxFr8Tw1np_NlrVl8vzbZbvTgy-g","validationRecord":[{"hostname":"rand.af70283b.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.009}
19:37:21.583988 6 boulder-va uNf2UQA [AUDIT] Checked CAA records for rand.bab2cb70.xyz, [Present: false, Account ID: 154, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:21.584272 6 boulder-va h9XT0wM [AUDIT] Validation result JSON={"ID":"198","Requester":154,"Hostname":"rand.bab2cb70.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"MykKq_5cS1SAWTsB1xhCO9DFKbFk8deNEA6jy_D2Z-E","keyAuthorization":"MykKq_5cS1SAWTsB1xhCO9DFKbFk8deNEA6jy_D2Z-E.gXUtWpMz1F-lLUtGxFr8Tw1np_NlrVl8vzbZbvTgy-g","validationRecord":[{"hostname":"rand.bab2cb70.xyz","resolverAddrs":["10.77.77.77:8343"]}]},"ValidationLatency":0.005}
19:37:22.629805 6 boulder-ra -9uYZgA FinalizationCaaCheck JSON={"Requester":154,"Reused":2}
19:37:22.676705 6 boulder-ra w9nB8Qg [AUDIT] Certificate request - successful JSON={"ID":"jUQO5pqbdzx_uDL426sN5eXYUPhMHNKk4RnElf_BxYk","Requester":154,"OrderID":140,"SerialNumber":"7f7c4a64221f02c5e35e23ad21f48401f265","VerifiedFields":["subject.commonName","subjectAltName"],"CommonName":"rand.bab2cb70.xyz","Names":["rand.af70283b.xyz","rand.bab2cb70.xyz"],"NotBefore":"2024-02-12T18:37:22Z","NotAfter":"2024-05-12T18:37:21Z","RequestTime":"2024-02-12T19:37:22.624606228Z","ResponseTime":"2024-02-12T19:37:22.676618721Z","Authorizations":{"rand.af70283b.xyz":{"ID":"197","ChallengeType":"dns-account-01"},"rand.bab2cb70.xyz":{"ID":"198","ChallengeType":"dns-account-01"}}}
pebble-challtestsrv - 2024/02/12 19:37:23 Removed DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.af70283b.xyz"
pebble-challtestsrv - 2024/02/12 19:37:23 Removed DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.bab2cb70.xyz"
pebble-challtestsrv - 2024/02/12 19:37:23 Added DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.3ff22dda.xyz." - Value "KdiD-Vbe3bPLWsE2XyyPugx2sVkd_uCOkPwTuNHCKto"
pebble-challtestsrv - 2024/02/12 19:37:23 Added DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.cf45eed4.xyz." - Value "IRstkGJ3xxTBgayqeVOgaUlnnlb2FRODArggAUTUciI"
19:37:23.843814 6 boulder-va majk8AE [AUDIT] Checked CAA records for *.rand.3ff22dda.xyz, [Present: false, Account ID: 155, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:23.845242 6 boulder-va i5GFsQ0 [AUDIT] Validation result JSON={"ID":"199","Requester":155,"Hostname":"*.rand.3ff22dda.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"GCXplv8333LwKOqOmwUlqxWA-8mfV0rqTVtN5Fr7FyQ","keyAuthorization":"GCXplv8333LwKOqOmwUlqxWA-8mfV0rqTVtN5Fr7FyQ.7rCalkEJGRHq27gOWpUeoIcZZcxwm2r561u6W_46cRs","validationRecord":[{"hostname":"rand.3ff22dda.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.006}
19:37:23.851623 6 boulder-va 3ISrjAo [AUDIT] Checked CAA records for rand.cf45eed4.xyz, [Present: false, Account ID: 155, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:23.851749 6 boulder-va reOm_gU [AUDIT] Validation result JSON={"ID":"200","Requester":155,"Hostname":"rand.cf45eed4.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"NUZZBYny-KI4CilPeXZ0C_xaLQc0_zqXY25AInc7tyU","keyAuthorization":"NUZZBYny-KI4CilPeXZ0C_xaLQc0_zqXY25AInc7tyU.7rCalkEJGRHq27gOWpUeoIcZZcxwm2r561u6W_46cRs","validationRecord":[{"hostname":"rand.cf45eed4.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.006}
19:37:24.896026 6 boulder-ra _ujDig0 FinalizationCaaCheck JSON={"Requester":155,"Reused":2}
19:37:24.935591 6 boulder-ra l4Ssnwg [AUDIT] Certificate request - successful JSON={"ID":"9go0UlDwWnei-vuAB85MnImfWwjQcJQKodjyzOX4Gag","Requester":155,"OrderID":141,"SerialNumber":"7f0e8fea93319bc76873f0bbf33130ddf704","VerifiedFields":["subject.commonName","subjectAltName"],"CommonName":"rand.cf45eed4.xyz","Names":["*.rand.3ff22dda.xyz","rand.cf45eed4.xyz"],"NotBefore":"2024-02-12T18:37:24Z","NotAfter":"2024-05-12T18:37:23Z","RequestTime":"2024-02-12T19:37:24.890982663Z","ResponseTime":"2024-02-12T19:37:24.935507509Z","Authorizations":{"*.rand.3ff22dda.xyz":{"ID":"199","ChallengeType":"dns-account-01"},"rand.cf45eed4.xyz":{"ID":"200","ChallengeType":"dns-account-01"}}}
pebble-challtestsrv - 2024/02/12 19:37:25 Removed DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.3ff22dda.xyz"
pebble-challtestsrv - 2024/02/12 19:37:25 Removed DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.cf45eed4.xyz"
