Page MenuHomeDevCentral

Let's encrypt web server configuration checker
ClosedPublic

Authored by dereckson on Jun 5 2016, 22:17.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 8, 15:00
Unknown Object (File)
Wed, Dec 4, 05:25
Unknown Object (File)
Sat, Nov 30, 01:27
Unknown Object (File)
Nov 16 2024, 07:49
Unknown Object (File)
Nov 16 2024, 06:46
Unknown Object (File)
Nov 16 2024, 05:04
Unknown Object (File)
Nov 7 2024, 14:03
Unknown Object (File)
Nov 2 2024, 09:54
Subscribers
None

Details

Summary

This script allows to check on a machine the nginx (or any other
web server) configuration: do we serve correctly the acme challenge
at http://<domain>/.well-known/acme-challenge?

It checks the page is 200 and with the challenge content. If not,
it prints the domain, the error code (or "DOES NOT MATCH" if 200)
to stdout.

It's written in Python 2, not 3, so it runs without any dependency
on Dwellers, our Docker host under CentOS 7, where Python 3 isn't
installed.

Fixes T854.

Test Plan

Linters: pep8, flake8

Test run:

Ysul
$ ./check-letsencrypt-certificates
cloud.dereckson.be 404
commons.nasqueron.org 403
$ bash
$ time ./check-letsencrypt-certificates
[…]
real    0m0.733s
user    0m0.300s
sys     0m0.215s

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
check-letsencrypt-certificates
Build Status
Buildable 540
Build 655: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to Let's encrypt web server configuration checker.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: Sandlayth.
dereckson added inline comments.
scripts/byTasks/HTTP/check-letsencrypt-certificates
88

On Dwellers, dir is /www, inside a letsencrypt container.

This is mapped using -v /data/letsencrypt/www:/www in the containter launcher script.

dereckson requested a review of this revision.Jun 5 2016, 22:26
dereckson marked an inline comment as done.
dereckson added inline comments.
scripts/byTasks/HTTP/check-letsencrypt-certificates
88

Well that's a configuration issue, better addressed on the server: we can run the checker script in a Docker container too or we can -v /data/letsencrypt/www /www.

Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Jun 9 2016, 08:39
This revision was automatically updated to reflect the committed changes.
dereckson marked an inline comment as done.