Project

General

Profile

Tâche #25999

Scénario #31522: Corrections Let's Encrypt

Vérifier la redirection Nginx https avec les certificat Let's Encrypt

Added by Scrum Master over 2 years ago. Updated 4 months ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
01/20/2021
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

Demande originale :

SC-T14-010 : Mise en place de certificat Let's Encrypt (2.7.0-b1)

http://squash-tm.eole.lan/squash/executions/7479
  • Pas 10 : pas de redirection vers https

Les tests de redirection ont été déplacés dans le test Dans la dernière version du test, SC-T14-015 - Tester 2 domaines au travers du reverse-proxy l'un géré par Let's Encrypt et l'autre non.


Related issues

Copied from Distribution EOLE - Scénario #25190: EAD2 2.8.1rc1 : devrait utiliser le certificat Let's Encrypt Nouveau

Associated revisions

Revision e852f610 (diff)
Added by Emmanuel GARETTE 4 months ago

interpreter revprox_le_cert comme une liste (ref #25999)

History

#1 Updated by Scrum Master over 2 years ago

  • Copied from Scénario #25190: EAD2 2.8.1rc1 : devrait utiliser le certificat Let's Encrypt added

#2 Updated by Gilles Grandgérard over 2 years ago

  • Release changed from EOLE 2.7.0 to EOLE 2.7.1

#3 Updated by Joël Cuissinat over 1 year ago

  • Release deleted (EOLE 2.7.1)

#4 Updated by Joël Cuissinat 4 months ago

  • Parent task set to #31522

#5 Updated by Joël Cuissinat 4 months ago

  • Description updated (diff)
  • Parent task deleted (#31522)

#6 Updated by Joël Cuissinat 4 months ago

  • Parent task set to #31522

#7 Updated by Emmanuel GARETTE 4 months ago

  • Status changed from Nouveau to Résolu
  • Assigned To set to Emmanuel GARETTE
  • Start date set to 01/20/2021
  • % Done changed from 0 to 100

Le test ne peux fonctionner que si opennebula fournit l'IP .15 :

$ host eole-sub.rouvray.info
eole-sub.rouvray.info has address 195.221.237.15

Hors moi j'ai l'IP .2

Il faudrait un second domaine type labx-eole.ac-dijon.fr en eole-2-sub.rouvray.info pour que cela fonctionne.

#8 Updated by Daniel Dehennin 4 months ago

  • Status changed from Résolu to En cours

Les certificats additionnels ne sont pas générés :

root@eolebase:~# bash -x /usr/share/eole/postservice/00-letsencrypt reconfigure
+ . /usr/lib/eole/ihm.sh
++ TPUT=/usr/bin/tput
++ '[' '!' xterm-256color = '' ']'
++ /usr/bin/tput hpa 60
++ /usr/bin/tput setaf 1
++ FANCYTTY=1
+ MODE=reconfigure
+ '[' -z reconfigure ']'
++ CreoleGet cert_type non
+ [[ letsencrypt == \l\e\t\s\e\n\c\r\y\p\t ]]
+ PROTOC=https
++ CreoleGet le_server_addr
+ SERVER=
++ CreoleGet le_server_port
+ PORT=
++ CreoleGet le_http_01_port
+ HTTP01PORT=80
++ CreoleGet le_https_port
+ HTTPSPORT=443
++ CreoleGet le_config_dir
+ CONFDIR=/etc/ssl/letsencrypt/conf
++ CreoleGet le_work_dir
+ WOKRDIR=/tmp/letsencrypt/work
++ CreoleGet le_logs_dir
+ LOGSDIR=/var/log/letsencrypt/
++ CreoleGet le_client_mode
+ LEMODE=webroot
+ PIDFILE=
+ LECLIENT=letsencrypt
+ LEOPT=certonly
+ [[ -n '' ]]
++ CreoleGet nom_domaine_machine
+ NOMDOMAINEMACHINE=lab4.labs.eole.education
++ CreoleGet web_url ''
+ WEBURL=
+ DOMAINS=
++ CreoleGet le_extra_names
++ CreoleGet activer_revprox non
+ [[ oui == \o\u\i ]]
++ getRevProxDomains
++ names=($(CreoleGet revprox_domainname))
+++ CreoleGet revprox_domainname
++ local names
++ wildcards=($(CreoleGet revprox_domain_wildcard))
+++ CreoleGet revprox_domain_wildcard
++ local wildcards
++ cert=("$(CreoleGet revprox_le_cert 2> /dev/null)")
+++ CreoleGet revprox_le_cert
++ local cert
++ local toRet=
++ local i=0
++ local i_cert=0
++ for name in ${names[@]}
++ wildcard=non
++ [[ non == \n\o\n ]]
++ rep='oui
non'
++ [[ oui
non == \o\u\i ]]
++ (( i_cert+=1 ))
++ (( i+=1 ))
++ for name in ${names[@]}
++ wildcard=non
++ [[ non == \n\o\n ]]
++ rep=
++ [[ '' == \o\u\i ]]
++ (( i_cert+=1 ))
++ (( i+=1 ))
++ echo
++ return 0
+ DOMAINS=' '
++ awk '{ while(++i<=NF) printf (!a[$i]++) ? $i FS : ""; i=split("",a); print ""  }'
+ DOMAINS=
+ '[' reconfigure = test ']'
+ GETNEWCERTIF=1
+ res=0
+ '[' '!' -d /etc/ssl/letsencrypt/conf/live/lab4.labs.eole.education ']'
+ killHttp
+ [[ -e '' ]]
+ [[ 0 -ne 0 ]]
+ '[' 1 = 0 ']'
+ exit 0

#9 Updated by Daniel Dehennin 4 months ago

  • Status changed from En cours to Fermé
  • Remaining (hours) set to 0.0

Avec le dernier paquet 2.8.1-15 c’est fonctionnel.

Also available in: Atom PDF