From b8f288a3720fda4f2f1ef56ada30f887f5b41a63 Mon Sep 17 00:00:00 2001
From: Joona Hoikkala <joona@kuori.org>
Date: Wed, 17 Jan 2018 14:08:45 +0200
Subject: [PATCH] Add include to every VirtualHost if definite one not found
 based on name

---
 certbot-apache/certbot_apache/http_01.py      | 19 ++++++++++++++-----
 .../certbot_apache/tests/http_01_test.py      | 10 ++++++++++
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/certbot-apache/certbot_apache/http_01.py b/certbot-apache/certbot_apache/http_01.py
index edcca8c9c..2b2b8e796 100644
--- a/certbot-apache/certbot_apache/http_01.py
+++ b/certbot-apache/certbot_apache/http_01.py
@@ -36,6 +36,7 @@ class ApacheHttp01(common.TLSSNI01):
         self.challenge_dir = os.path.join(
             self.configurator.config.work_dir,
             "http_challenges")
+        self.moded_vhosts = set()
 
     def perform(self):
         """Perform all HTTP-01 challenges."""
@@ -71,14 +72,16 @@ class ApacheHttp01(common.TLSSNI01):
                     self.configurator.enable_mod(mod, temp=True)
 
     def _mod_config(self):
-        moded_vhosts = set()
         for chall in self.achalls:
             vh = self.configurator.find_best_http_vhost(
                 chall.domain, filter_defaults=False,
                 port=str(self.configurator.config.http01_port))
-            if vh and vh not in moded_vhosts:
+            if vh:
                 self._set_up_include_directive(vh)
-                moded_vhosts.add(vh)
+            else:
+                for vh in self.configurator.vhosts:
+                    if not vh.ssl:
+                        self._set_up_include_directive(vh)
 
         self.configurator.reverter.register_file_creation(
             True, self.challenge_conf)
@@ -121,5 +124,11 @@ class ApacheHttp01(common.TLSSNI01):
     def _set_up_include_directive(self, vhost):
         """Includes override configuration to the beginning of VirtualHost.
         Note that this include isn't added to Augeas search tree"""
-        self.configurator.parser.add_dir_beginning(vhost.path, "Include",
-                                                   self.challenge_conf)
+
+        if vhost not in self.moded_vhosts:
+            logger.debug(
+                "Adding a temporary challenge validation Include for name: %s " +
+                "in: %s", vhost.name, vhost.filep)
+            self.configurator.parser.add_dir_beginning(
+                vhost.path, "Include", self.challenge_conf)
+            self.moded_vhosts.add(vhost)
diff --git a/certbot-apache/certbot_apache/tests/http_01_test.py b/certbot-apache/certbot_apache/tests/http_01_test.py
index 768d904e8..12f571354 100644
--- a/certbot-apache/certbot_apache/tests/http_01_test.py
+++ b/certbot-apache/certbot_apache/tests/http_01_test.py
@@ -129,6 +129,16 @@ class ApacheHttp01Test(util.ApacheTest):
         ]
         self.common_perform_test(achalls, [vhost])
 
+    def test_anonymous_vhost(self):
+        vhosts = [v for v in self.config.vhosts if not v.ssl]
+        achalls = [
+            achallenges.KeyAuthorizationAnnotatedChallenge(
+                challb=acme_util.chall_to_challb(
+                    challenges.HTTP01(token=((b'a' * 16))),
+                    "pending"),
+                domain="something.nonexistent", account_key=self.account_key)]
+        self.common_perform_test(achalls, vhosts)
+
     def common_perform_test(self, achalls, vhosts):
         """Tests perform with the given achalls."""
         challenge_dir = self.http.challenge_dir