search

ericchiang / go-acme

A Let's Encrypt client for Go
Apache License 2.0
219 stars 14 forks source link

Added DNS Challenge support and travis-ci integration #17

Closed jameshartig closed 8 years ago

jameshartig commented 8 years ago

I added a .travis.yml so PRs and master can be built in Travis CI. It was pretty complicated since it has to build and start boulder but after a lot of trial and error I got it working. I couldn't test the final push since the import paths are wrong (github.com/ericchiang/letsencrypt vs github.com/levenlabs/letsencrypt) but if you turn on Travis CI support we can make sure this PR passes.

I also added DNS challenge support. This required that I included github.com/miekg/dns package in godeps so that breaks the diff :disappointed: so I moved that out into a separate commit so you can review the travis and dns commits separately.

I also added:

if chal.Type == ChallengeDNS {
    // unauthorized is the TXT value is wrong or not found
    // connection if NXDOMAIN
    if chal.Error.Typ == "urn:acme:error:unauthorized" || chal.Error.Typ == "urn:acme:error:connection" {
        time.Sleep(pollInterval)
        continue
    }
}

to the ChallengeReady loop since if you're using DNS, the old value or the non-existent value might be cached, so it will continue looping as long as the error is one of those. Let me know what you think.

Fixes #2

ericchiang commented 8 years ago

This looks terrific. I've gone ahead and activated travis for this repo. Know a way to triggering a travis check for this PR?

jameshartig commented 8 years ago

I'll just force push and that'll trigger it

jameshartig commented 8 years ago

Unfortunately it cannot on the faster travis servers (which use containers) because we need sudo to edit the hosts file. I'm looking into that and I'll make a separate PR. I think the boulder stuff runs their own DNS server that returns 127.0.0.1 for everything so we might not even need to edit the hosts file anymore.

ericchiang commented 8 years ago

Maybe something like this? https://docs.travis-ci.com/user/hosts/

jameshartig commented 8 years ago

I tried that but it didn't set them to localhost :/

jameshartig commented 8 years ago

Looks like it failed the DNS challenge in the test, let me look into it again and I'll update that version.

ericchiang commented 8 years ago

FYI take a look at https://github.com/ericchiang/travis-tests/pull/1. The hosts addon does point entries at 127.0.0.1.

jameshartig commented 8 years ago

Looks like the test is failing because listen tcp 127.0.0.1:8053: bind: address already in use. So I need to run the dns server on a different port. Hmm, I'll try the hosts keyword again but when I first tried it, the tests complained the hosts file wasn't updated.

jameshartig commented 8 years ago

It was resolving to ::1 not 127.0.0.1. I'll update the tests.

jameshartig commented 8 years ago

@ericchiang I updated it to use the built-in DNS server that boulder exposes which means I got rid of the new godep. I also updated the go version and travis seems happy now :)

jameshartig commented 8 years ago

Thanks for the quick merge @ericchiang!