Page MenuHomeDevCentral
Differential D396

Let's encrypt web server configuration checker
ClosedPublic
Actions

Authored by dereckson on Jun 5 2016, 22:17.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 14:03
Unknown Object (File)
Sat, Nov 2, 09:54
Unknown Object (File)
Sat, Nov 2, 09:54
Unknown Object (File)
Thu, Oct 31, 20:02
Unknown Object (File)
Sat, Oct 26, 06:21
Unknown Object (File)
Fri, Oct 25, 14:03
Unknown Object (File)
Sun, Oct 20, 05:01
Unknown Object (File)
Oct 14 2024, 15:40
View All Files
Subscribers
None

Details

Reviewers
Sandlayth
Maniphest Tasks
T854: Write a Let's encrypt web server configuration checker
Commits
rOPS0aa61ca254f9: Let's encrypt web server configuration checker
Summary

This script allows to check on a machine the nginx (or any other
web server) configuration: do we serve correctly the acme challenge
at http://<domain>/.well-known/acme-challenge?

It checks the page is 200 and with the challenge content. If not,
it prints the domain, the error code (or "DOES NOT MATCH" if 200)
to stdout.

It's written in Python 2, not 3, so it runs without any dependency
on Dwellers, our Docker host under CentOS 7, where Python 3 isn't
installed.

Fixes T854.

Test Plan

Linters: pep8, flake8

Test run:

Ysul
$ ./check-letsencrypt-certificates
cloud.dereckson.be 404
commons.nasqueron.org 403
$ bash
$ time ./check-letsencrypt-certificates
[…]
real    0m0.733s
user    0m0.300s
sys     0m0.215s

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
check-letsencrypt-certificates
Build Status
Buildable 540
Build 655: arc lint + arc unit

Event Timeline

dereckson updated this revision to Diff 952.Jun 5 2016, 22:17
dereckson retitled this revision from to Let's encrypt web server configuration checker.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: Sandlayth.
dereckson added a task: T854: Write a Let's encrypt web server configuration checker.
dereckson edited the test plan for this revision. (Show Details)Jun 5 2016, 22:18
dereckson planned changes to this revision.Jun 5 2016, 22:20
dereckson added inline comments.
scripts/byTasks/HTTP/check-letsencrypt-certificates
88

On Dwellers, dir is /www, inside a letsencrypt container.

This is mapped using -v /data/letsencrypt/www:/www in the containter launcher script.

dereckson mentioned this in T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.Jun 5 2016, 22:22
dereckson requested a review of this revision.Jun 5 2016, 22:26
dereckson marked an inline comment as done.
dereckson added inline comments.
scripts/byTasks/HTTP/check-letsencrypt-certificates
88

Well that's a configuration issue, better addressed on the server: we can run the checker script in a Docker container too or we can -v /data/letsencrypt/www /www.

Sandlayth accepted this revision.Jun 9 2016, 08:39
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Jun 9 2016, 08:39
Closed by commit rOPS0aa61ca254f9: Let's encrypt web server configuration checker (authored by dereckson, committed by dereckson). · Explain WhyJun 9 2016, 10:46
This revision was automatically updated to reflect the committed changes.
dereckson marked an inline comment as done.

Revision Contents
Changeset List

PathSize
scripts/
byTasks/
HTTP/
108 lines

Diff 952

View Options

scripts/byTasks/HTTP/check-letsencrypt-certificates

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator