Tâche #25999
Scénario #31522: Corrections Let's Encrypt
Vérifier la redirection Nginx https avec les certificat Let's Encrypt
Start date:
01/20/2021
Due date:
% Done:
100%
Remaining (hours):
0.0
Description
Demande originale :
SC-T14-010 : Mise en place de certificat Let's Encrypt (2.7.0-b1)
http://squash-tm.eole.lan/squash/executions/7479
- Pas 10 : pas de redirection vers https
Les tests de redirection ont été déplacés dans le test Dans la dernière version du test, SC-T14-015 - Tester 2 domaines au travers du reverse-proxy l'un géré par Let's Encrypt et l'autre non.
Related issues
Associated revisions
interpreter revprox_le_cert comme une liste (ref #25999)
History
#1 Updated by Scrum Master almost 5 years ago
- Copied from Scénario #25190: EAD2 2.8.1rc1 : devrait utiliser le certificat Let's Encrypt added
#2 Updated by Gilles Grandgérard over 4 years ago
- Release changed from EOLE 2.7.0 to EOLE 2.7.1
#3 Updated by Joël Cuissinat about 4 years ago
- Release deleted (
EOLE 2.7.1)
#4 Updated by Joël Cuissinat over 2 years ago
- Parent task set to #31522
#5 Updated by Joël Cuissinat over 2 years ago
- Description updated (diff)
- Parent task deleted (
#31522)
#6 Updated by Joël Cuissinat over 2 years ago
- Parent task set to #31522
#7 Updated by Emmanuel GARETTE over 2 years ago
- Status changed from Nouveau to Résolu
- Assigned To set to Emmanuel GARETTE
- Start date set to 01/20/2021
- % Done changed from 0 to 100
Le test ne peux fonctionner que si opennebula fournit l'IP .15 :
$ host eole-sub.rouvray.info eole-sub.rouvray.info has address 195.221.237.15
Hors moi j'ai l'IP .2
Il faudrait un second domaine type labx-eole.ac-dijon.fr en eole-2-sub.rouvray.info pour que cela fonctionne.
#8 Updated by Daniel Dehennin over 2 years ago
- Status changed from Résolu to En cours
Les certificats additionnels ne sont pas générés :
root@eolebase:~# bash -x /usr/share/eole/postservice/00-letsencrypt reconfigure
+ . /usr/lib/eole/ihm.sh
++ TPUT=/usr/bin/tput
++ '[' '!' xterm-256color = '' ']'
++ /usr/bin/tput hpa 60
++ /usr/bin/tput setaf 1
++ FANCYTTY=1
+ MODE=reconfigure
+ '[' -z reconfigure ']'
++ CreoleGet cert_type non
+ [[ letsencrypt == \l\e\t\s\e\n\c\r\y\p\t ]]
+ PROTOC=https
++ CreoleGet le_server_addr
+ SERVER=
++ CreoleGet le_server_port
+ PORT=
++ CreoleGet le_http_01_port
+ HTTP01PORT=80
++ CreoleGet le_https_port
+ HTTPSPORT=443
++ CreoleGet le_config_dir
+ CONFDIR=/etc/ssl/letsencrypt/conf
++ CreoleGet le_work_dir
+ WOKRDIR=/tmp/letsencrypt/work
++ CreoleGet le_logs_dir
+ LOGSDIR=/var/log/letsencrypt/
++ CreoleGet le_client_mode
+ LEMODE=webroot
+ PIDFILE=
+ LECLIENT=letsencrypt
+ LEOPT=certonly
+ [[ -n '' ]]
++ CreoleGet nom_domaine_machine
+ NOMDOMAINEMACHINE=lab4.labs.eole.education
++ CreoleGet web_url ''
+ WEBURL=
+ DOMAINS=
++ CreoleGet le_extra_names
++ CreoleGet activer_revprox non
+ [[ oui == \o\u\i ]]
++ getRevProxDomains
++ names=($(CreoleGet revprox_domainname))
+++ CreoleGet revprox_domainname
++ local names
++ wildcards=($(CreoleGet revprox_domain_wildcard))
+++ CreoleGet revprox_domain_wildcard
++ local wildcards
++ cert=("$(CreoleGet revprox_le_cert 2> /dev/null)")
+++ CreoleGet revprox_le_cert
++ local cert
++ local toRet=
++ local i=0
++ local i_cert=0
++ for name in ${names[@]}
++ wildcard=non
++ [[ non == \n\o\n ]]
++ rep='oui
non'
++ [[ oui
non == \o\u\i ]]
++ (( i_cert+=1 ))
++ (( i+=1 ))
++ for name in ${names[@]}
++ wildcard=non
++ [[ non == \n\o\n ]]
++ rep=
++ [[ '' == \o\u\i ]]
++ (( i_cert+=1 ))
++ (( i+=1 ))
++ echo
++ return 0
+ DOMAINS=' '
++ awk '{ while(++i<=NF) printf (!a[$i]++) ? $i FS : ""; i=split("",a); print "" }'
+ DOMAINS=
+ '[' reconfigure = test ']'
+ GETNEWCERTIF=1
+ res=0
+ '[' '!' -d /etc/ssl/letsencrypt/conf/live/lab4.labs.eole.education ']'
+ killHttp
+ [[ -e '' ]]
+ [[ 0 -ne 0 ]]
+ '[' 1 = 0 ']'
+ exit 0
#9 Updated by Daniel Dehennin over 2 years ago
- Status changed from En cours to Fermé
- Remaining (hours) set to 0.0
Avec le dernier paquet 2.8.1-15 c’est fonctionnel.