Move test configs into repo and apply necessary changes.

.travis.yml

@@ -15,7 +15,7 @@ before_install: >
   python-virtualenv python-dev gcc swig dialog libaugeas0 libssl-dev
 
 install: travis_retry python setup.py dev  # installs tox
-script: travis_retry tox
+script: travis_retry sudo tox
 
 env:
   - TOXENV=py${TRAVIS_PYTHON_VERSION//[.]/}

letsencrypt/client/tests/apache_configurator_test.py

@@ -12,25 +12,21 @@ import re
 import os
 import shutil
 import sys
-import tarfile
 import unittest
 
 from letsencrypt.client import apache_configurator
 from letsencrypt.client import CONFIG
 from letsencrypt.client import display
-from letsencrypt.client import le_util
 from letsencrypt.client import logger
 
 # Some of these will likely go into a letsencrypt.tests.CONFIG file
-TESTING_DIR = "/home/ubuntu/testing/"
-UBUNTU_CONFIGS = os.path.join(TESTING_DIR, "ubuntu_apache_2_4/")
+TESTING_DIR = os.path.dirname(os.path.realpath(__file__))
+UBUNTU_CONFIGS = os.path.join(TESTING_DIR, "debian_apache_2_4/")
 TEMP_DIR = os.path.join(TESTING_DIR, "temp")
 
-# This will end up going into the repo...
-CONFIG_TGZ_URL = "https://jdkasten.com/projects/config.tgz"
-
 
 def setUpModule():
+    """Run once before all unittests."""
     logger.setLogger(logger.FileLogger(sys.stdout))
     logger.setLogLevel(logger.INFO)
     display.set_display(display.NcursesDisplay())
@@ -42,12 +38,15 @@ def setUpModule():
 
 
 def tearDownModule():
+    """Run once after all unittests."""
     shutil.rmtree(TEMP_DIR)
 
 
-class TwoVhosts_80(unittest.TestCase):
+class TwoVhost80(unittest.TestCase):
+    """Standard two http vhosts that are well configured."""
 
     def setUp(self):
+        """Run before each and every tests."""
         # Final slash is currently important
         self.config_path = os.path.join(TEMP_DIR, "two_vhost_80/apache2/")
 
@@ -234,12 +233,12 @@ class TwoVhosts_80(unittest.TestCase):
 
         self.assertTrue(len(self.config.vhosts) == 5)
 
-    def _verify_redirect(self, config_path):
-        """Verifies that the vhost contains the REWRITE."""
-        with open(config_path, 'r') as config_fd:
-            conf = config_fd.read()
+    # def _verify_redirect(self, config_path):
+    #     """Verifies that the vhost contains the REWRITE."""
+    #     with open(config_path, 'r') as config_fd:
+    #         conf = config_fd.read()
 
-        return CONFIG.REWRITE_HTTPS_ARGS[1] in conf
+    #     return CONFIG.REWRITE_HTTPS_ARGS[1] in conf
 
 
 def debug_file(filepath):
@@ -249,13 +248,3 @@ def debug_file(filepath):
 
 if __name__ == '__main__':
     unittest.main()
-# def download_unpack_tests(url=CONFIG_TGZ_URL):
-#     r = requests.get(url)
-#     local_tgz_file = os.path.join(TESTING_DIR, 'ubuntu_2_4.tgz')
-#     with open(local_tgz_file, 'w') as tgz_file:
-#         tgz_file.write(r.content)
-
-#     if tarfile.is_tarfile(local_tgz_file):
-#         tar = tarfile.open(local_tgz_file)
-#         tar.extractall()
-#         tar.close()

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/apache2.conf

@@ -0,0 +1,223 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf-enabled
+#	|	`-- *.conf
+# 	`-- sites-enabled
+#	 	`-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections which can be
+#   customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+#   directories contain particular configuration snippets which manage modules,
+#   global configuration fragments, or virtual host configurations,
+#   respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+#   their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory /usr/share>
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /var/www/>
+<Directory /var/>
+	Options Indexes FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /srv/>
+#	Options Indexes FollowSymLinks
+#	AllowOverride None
+#	Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+	Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+ServerName 127.0.1.1

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-available/charset.conf

@@ -0,0 +1,8 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-available/localized-error-pages.conf

@@ -0,0 +1,81 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis.  If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+#		  SetHandler directive in a <Location /> context somewhere. Adding
+#		  the following three lines AFTER the <Location /> context should
+#		  make it work in most cases:
+#		  <Location /error/>
+#			 SetHandler none
+#		  </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+#	<IfModule mod_include.c>
+#		<IfModule mod_alias.c>
+#
+#			Alias /error/ "/usr/share/apache2/error/"
+#
+#			<Directory "/usr/share/apache2/error">
+#				Options IncludesNoExec
+#				AddOutputFilter Includes html
+#				AddHandler type-map var
+#				Order allow,deny
+#				Allow from all
+#				LanguagePriority en cs de es fr it nl sv pt-br ro
+#				ForceLanguagePriority Prefer Fallback
+#			</Directory>
+#
+#			ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#			ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#			ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#			ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#			ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#			ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#			ErrorDocument 410 /error/HTTP_GONE.html.var
+#			ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#			ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#			ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#			ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#			ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#			ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#			ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#			ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#			ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#			ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#		</IfModule>
+#	</IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-available/other-vhosts-access-log.conf

@@ -0,0 +1,4 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-available/security.conf

@@ -0,0 +1,74 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+#   AllowOverride None
+#   Order Deny,Allow
+#   Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#   Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-available/serve-cgi-bin.conf

@@ -0,0 +1,20 @@
+<IfModule mod_alias.c>
+	<IfModule mod_cgi.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfModule mod_cgid.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfDefine ENABLE_USR_LIB_CGI_BIN>
+		ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+		<Directory "/usr/lib/cgi-bin">
+			AllowOverride None
+			Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+			Require all granted
+		</Directory>
+	</IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-enabled/charset.conf

@@ -0,0 +1,8 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-enabled/localized-error-pages.conf

@@ -0,0 +1,81 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis.  If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+#		  SetHandler directive in a <Location /> context somewhere. Adding
+#		  the following three lines AFTER the <Location /> context should
+#		  make it work in most cases:
+#		  <Location /error/>
+#			 SetHandler none
+#		  </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+#	<IfModule mod_include.c>
+#		<IfModule mod_alias.c>
+#
+#			Alias /error/ "/usr/share/apache2/error/"
+#
+#			<Directory "/usr/share/apache2/error">
+#				Options IncludesNoExec
+#				AddOutputFilter Includes html
+#				AddHandler type-map var
+#				Order allow,deny
+#				Allow from all
+#				LanguagePriority en cs de es fr it nl sv pt-br ro
+#				ForceLanguagePriority Prefer Fallback
+#			</Directory>
+#
+#			ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#			ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#			ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#			ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#			ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#			ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#			ErrorDocument 410 /error/HTTP_GONE.html.var
+#			ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#			ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#			ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#			ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#			ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#			ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#			ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#			ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#			ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#			ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#		</IfModule>
+#	</IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-enabled/other-vhosts-access-log.conf

@@ -0,0 +1,4 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-enabled/security.conf

@@ -0,0 +1,74 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+#   AllowOverride None
+#   Order Deny,Allow
+#   Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#   Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/conf-enabled/serve-cgi-bin.conf

@@ -0,0 +1,20 @@
+<IfModule mod_alias.c>
+	<IfModule mod_cgi.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfModule mod_cgid.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfDefine ENABLE_USR_LIB_CGI_BIN>
+		ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+		<Directory "/usr/lib/cgi-bin">
+			AllowOverride None
+			Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+			Require all granted
+		</Directory>
+	</IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/envvars

@@ -0,0 +1,47 @@
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+	SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+	SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=www-data
+export APACHE_RUN_GROUP=www-data
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+export LANG=C
+## Uncomment the following line to use the system default locale instead:
+#. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/magic

@@ -0,0 +1,935 @@
+# Magic data for mod_mime_magic (originally for file(1) command)
+#
+# The format is 4-5 columns:
+#    Column #1: byte number to begin checking from, ">" indicates continuation
+#    Column #2: type of data to match
+#    Column #3: contents of data to match
+#    Column #4: MIME type of result
+#    Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff:  file(1) magic for locally observed files
+# Add any locally observed files here.
+
+# Real Audio (Magic .ra\0375)
+0	belong		0x2e7261fd	audio/x-pn-realaudio
+0	string		.RMF		application/vnd.rn-realmedia
+
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+#	sigh, there are many mimes for that but the above are the most common.
+
+# Taken from magic, converted to magic.mime
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+#	audio/it	.it
+#	audio/x-zipped-it	.itz
+#	audio/xm	fasttracker modules
+#	audio/x-s3m	screamtracker modules
+#	audio/s3m	screamtracker modules
+#	audio/x-zipped-mod	mdz
+#	audio/mod	mod
+#	audio/x-mod	All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0	string	MAS_UTrack_V00
+>14	string	>/0		audio/x-mod
+#audio/x-tracker-module
+
+#0	string	UN05		MikMod UNI format module sound data
+
+0	string	Extended\ Module: audio/x-mod
+#audio/x-tracker-module
+##>17	string	>\0		Title: "%s"
+
+21	string/c	\!SCREAM!	audio/x-mod
+#audio/x-screamtracker-module
+21	string	BMOD2STM	audio/x-mod
+#audio/x-screamtracker-module
+1080	string	M.K.		audio/x-mod
+#audio/x-protracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	M!K!		audio/x-mod
+#audio/x-protracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	FLT4		audio/x-mod
+#audio/x-startracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	FLT8		audio/x-mod
+#audio/x-startracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	4CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	6CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	8CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	CD81		audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	OKTA		audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0	string	>\0		Title: "%s"
+# Not good enough.
+#1082	string	CH
+#>1080	string	>/0		%.2s-channel Fasttracker "oktalyzer" module sound data
+1080	string	16CN		audio/x-mod
+#audio/x-taketracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	32CN		audio/x-mod
+#audio/x-taketracker-module
+#>0	string	>\0		Title: "%s"
+
+# Impuse tracker module (it)
+0	string		IMPM		audio/x-mod
+#>4	string		>\0		"%s"
+#>40	leshort		!0		compatible w/ITv%x
+#>42	leshort		!0		created w/ITv%x
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+# xml based formats!
+
+# svg
+
+0	string		\<?xml
+#			text/xml
+>38	string		\<\!DOCTYPE\040svg	image/svg+xml
+
+
+# xml
+0	string		\<?xml			text/xml
+
+
+#------------------------------------------------------------------------------
+# Java
+
+0	short		0xcafe
+>2	short		0xbabe		application/java
+
+#------------------------------------------------------------------------------
+# audio:  file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0	string		.snd
+>12	belong		1		audio/basic
+>12	belong		2		audio/basic
+>12	belong		3		audio/basic
+>12	belong		4		audio/basic
+>12	belong		5		audio/basic
+>12	belong		6		audio/basic
+>12	belong		7		audio/basic
+
+>12	belong		23		audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0	lelong		0x0064732E	
+>12	lelong		1		audio/x-dec-basic
+>12	lelong		2		audio/x-dec-basic
+>12	lelong		3		audio/x-dec-basic
+>12	lelong		4		audio/x-dec-basic
+>12	lelong		5		audio/x-dec-basic
+>12	lelong		6		audio/x-dec-basic
+>12	lelong		7		audio/x-dec-basic
+#                                       compressed (G.721 ADPCM)
+>12	lelong		23		audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+#					AIFF audio data
+8	string		AIFF		audio/x-aiff	
+#					AIFF-C audio data
+8	string		AIFC		audio/x-aiff	
+#					IFF/8SVX audio data
+8	string		8SVX		audio/x-aiff	
+
+
+
+# Creative Labs AUDIO stuff
+#					Standard MIDI data
+0	string	MThd			audio/unknown	
+#>9 	byte	>0			(format %d)
+#>11	byte	>1			using %d channels
+#					Creative Music (CMF) data
+0	string	CTMF			audio/unknown	
+#					SoundBlaster instrument data
+0	string	SBI			audio/unknown	
+#					Creative Labs voice data
+0	string	Creative\ Voice\ File	audio/unknown	
+## is this next line right?  it came this way...
+#>19	byte	0x1A
+#>23	byte	>0			- version %d
+#>22	byte	>0			\b.%d
+
+# [GRR 950115:  is this also Creative Labs?  Guessing that first line
+#  should be string instead of unknown-endian long...]
+#0	long		0x4e54524b	MultiTrack sound data
+#0	string		NTRK		MultiTrack sound data
+#>4	long		x		- version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
+#					Microsoft RIFF
+0	string		RIFF
+#					- WAVE format
+>8	string		WAVE		audio/x-wav
+>8	string/B	AVI		video/x-msvideo
+#
+>8 	string		CDRA		image/x-coreldraw
+
+# AAC (aka MPEG-2 NBC)
+0       beshort&0xfff6    0xfff0          audio/X-HX-AAC-ADTS
+0       string          ADIF            audio/X-HX-AAC-ADIF
+0       beshort&0xffe0  0x56e0          audio/MP4A-LATM
+0       beshort         0x4De1          audio/MP4A-LATM
+
+# MPEG Layer 3 sound files
+0       beshort&0xfffe  =0xfffa         audio/mpeg
+#MP3 with ID3 tag
+0	string		ID3		audio/mpeg
+# Ogg/Vorbis
+0	string		OggS		application/ogg
+
+#------------------------------------------------------------------------------
+# c-lang:  file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0	string		/*\ XPM		image/x-xpmi 7bit
+
+# 3DS (3d Studio files)
+#16	beshort		0x3d3d		image/x-3ds
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+#					C or REXX program text
+#0	string		/*		text/x-c
+#					C++ program text
+#0	string		//		text/x-c++
+
+#------------------------------------------------------------------------------
+# commands:  file(1) magic for various shells and interpreters
+#
+#0       string          :\ shell archive or commands for antique kernel text
+0       string          #!/bin/sh               application/x-shellscript
+0       string          #!\ /bin/sh             application/x-shellscript
+0       string          #!/bin/csh              application/x-shellscript
+0       string          #!\ /bin/csh            application/x-shellscript
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0       string          #!/bin/ksh              application/x-shellscript
+0       string          #!\ /bin/ksh            application/x-shellscript
+0       string          #!/bin/tcsh             application/x-shellscript
+0       string          #!\ /bin/tcsh           application/x-shellscript
+0       string          #!/usr/local/tcsh       application/x-shellscript
+0       string          #!\ /usr/local/tcsh     application/x-shellscript
+0       string          #!/usr/local/bin/tcsh   application/x-shellscript
+0       string          #!\ /usr/local/bin/tcsh application/x-shellscript
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0       string          #!/bin/bash     		application/x-shellscript
+0       string          #!\ /bin/bash           application/x-shellscript
+0       string          #!/usr/local/bin/bash   application/x-shellscript
+0       string          #!\ /usr/local/bin/bash application/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0       string          #!/bin/zsh	        application/x-shellscript
+0       string          #!/usr/bin/zsh	        application/x-shellscript
+0       string          #!/usr/local/bin/zsh    application/x-shellscript
+0       string          #!\ /usr/local/bin/zsh  application/x-shellscript
+0       string          #!/usr/local/bin/ash    application/x-shellscript
+0       string          #!\ /usr/local/bin/ash  application/x-shellscript
+#0       string          #!/usr/local/bin/ae     Neil Brown's ae
+#0       string          #!\ /usr/local/bin/ae   Neil Brown's ae
+0       string          #!/bin/nawk             application/x-nawk
+0       string          #!\ /bin/nawk           application/x-nawk
+0       string          #!/usr/bin/nawk         application/x-nawk
+0       string          #!\ /usr/bin/nawk       application/x-nawk
+0       string          #!/usr/local/bin/nawk   application/x-nawk
+0       string          #!\ /usr/local/bin/nawk application/x-nawk
+0       string          #!/bin/gawk             application/x-gawk
+0       string          #!\ /bin/gawk           application/x-gawk
+0       string          #!/usr/bin/gawk         application/x-gawk
+0       string          #!\ /usr/bin/gawk       application/x-gawk
+0       string          #!/usr/local/bin/gawk   application/x-gawk
+0       string          #!\ /usr/local/bin/gawk application/x-gawk
+#
+0       string          #!/bin/awk              application/x-awk
+0       string          #!\ /bin/awk            application/x-awk
+0       string          #!/usr/bin/awk          application/x-awk
+0       string          #!\ /usr/bin/awk        application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+#0	regex		BEGIN[[:space:]]*[{]	application/x-awk
+
+# For Larry Wall's perl language.  The ``eval'' line recognizes an
+# outrageously clever hack for USG systems.
+#                               Keith Waclena <keith@cerberus.uchicago.edu>
+0       string          #!/bin/perl                     application/x-perl
+0       string          #!\ /bin/perl                   application/x-perl
+0       string          eval\ "exec\ /bin/perl          application/x-perl
+0       string          #!/usr/bin/perl                 application/x-perl
+0       string          #!\ /usr/bin/perl               application/x-perl
+0       string          eval\ "exec\ /usr/bin/perl      application/x-perl
+0       string          #!/usr/local/bin/perl           application/x-perl
+0       string          #!\ /usr/local/bin/perl         application/x-perl
+0       string          eval\ "exec\ /usr/local/bin/perl application/x-perl
+
+#------------------------------------------------------------------------------
+# compress:  file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+#0	string		\037\235	application/x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+#0       string          \037\213        application/x-gzip
+
+0		string			PK\003\004		application/x-zip
+
+# RAR archiver (Greg Roelofs, newt@uchicago.edu)
+0	string		Rar!		application/x-rar
+
+# According to gzip.h, this is the correct byte order for packed data.
+0	string		\037\036	application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0	short		017437		application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0	short		0x1fff		application/octet-stream
+0	string		\377\037	application/octet-stream
+# huf output
+0	short		0145405		application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats.  Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+#				Keith Waclena <keith@cerberus.uchicago.edu>
+#0	leshort		0x76FF		squeezed data (CP/M, DOS)
+#0	leshort		0x76FE		crunched data (CP/M, DOS)
+
+# Freeze
+#0	string		\037\237	Frozen file 2.1
+#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0	string		\037\240	LZH compressed data
+
+257	string		ustar\0		application/x-tar	posix
+257	string		ustar\040\040\0		application/x-tar	gnu
+
+0	short		070707		application/x-cpio
+0	short		0143561		application/x-cpio	swapped
+
+0	string		=<ar>		application/x-archive
+0	string		\!<arch>	application/x-archive
+>8	string		debian		application/x-debian-package
+
+#------------------------------------------------------------------------------
+#
+# RPM: file(1) magic for Red Hat Packages   Erik Troan (ewt@redhat.com)
+#
+0       beshort         0xedab
+>2      beshort         0xeedb          application/x-rpm
+
+0	lelong&0x8080ffff	0x0000081a	application/x-arc	lzw
+0	lelong&0x8080ffff	0x0000091a	application/x-arc	squashed
+0	lelong&0x8080ffff	0x0000021a	application/x-arc	uncompressed
+0	lelong&0x8080ffff	0x0000031a	application/x-arc	packed
+0	lelong&0x8080ffff	0x0000041a	application/x-arc	squeezed
+0	lelong&0x8080ffff	0x0000061a	application/x-arc	crunched
+
+0	leshort	0xea60	application/x-arj
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+2	string	-lh0-	application/x-lharc	lh0
+2	string	-lh1-	application/x-lharc	lh1
+2	string	-lz4-	application/x-lharc	lz4
+2	string	-lz5-	application/x-lharc	lz5
+#	[never seen any but the last; -lh4- reported in comp.compression:]
+2	string	-lzs-	application/x-lha	lzs
+2	string	-lh\ -	application/x-lha	lh
+2	string	-lhd-	application/x-lha	lhd
+2	string	-lh2-	application/x-lha	lh2
+2	string	-lh3-	application/x-lha	lh3
+2	string	-lh4-	application/x-lha	lh4
+2	string	-lh5-	application/x-lha	lh5
+2	string	-lh6-	application/x-lha	lh6
+2	string	-lh7-	application/x-lha	lh7
+# Shell archives
+10	string	#\ This\ is\ a\ shell\ archive	application/octet-stream	x-shell
+
+#------------------------------------------------------------------------------
+# frame:  file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0	string		\<MakerFile	application/x-frame
+0	string		\<MIFFile	application/x-frame
+0	string		\<MakerDictionary	application/x-frame
+0	string		\<MakerScreenFon	application/x-frame
+0	string		\<MML		application/x-frame
+0	string		\<Book		application/x-frame
+0	string		\<Maker		application/x-frame
+
+#------------------------------------------------------------------------------
+# html:  file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+#
+0	string/cB	\<!DOCTYPE\ html	text/html
+0	string/cb	\<head	text/html
+0	string/cb	\<title	text/html
+0       string/bc	\<html	text/html
+0	string		\<!--	text/html
+0	string/c	\<h1	text/html
+
+0	string		\<?xml			text/xml
+
+#------------------------------------------------------------------------------
+# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR:  what the hell is this doing in here?]
+#0	string		xbtoa		btoa'd file
+
+# PBMPLUS
+#					PBM file
+0	string		P1		image/x-portable-bitmap	7bit
+#					PGM file
+0	string		P2		image/x-portable-greymap	7bit
+#					PPM file
+0	string		P3		image/x-portable-pixmap	7bit
+#					PBM "rawbits" file
+0	string		P4		image/x-portable-bitmap
+#					PGM "rawbits" file
+0	string		P5		image/x-portable-greymap
+#					PPM "rawbits" file
+0	string		P6		image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR:  this *must* go before TIFF]
+0	string		IIN1		image/x-niff
+
+# TIFF and friends
+#					TIFF file, big-endian
+0	string		MM		image/tiff
+#					TIFF file, little-endian
+0	string		II		image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115:  this was mine ("Zip GIF"):
+#					ZIF image (GIF+deflate alpha)
+0	string		GIF94z		image/unknown
+#
+# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
+#					FGF image (GIF+deflate beta)
+0	string		FGF95a		image/unknown
+#
+# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#					PBF image (deflate compression)
+0	string		PBF		image/unknown
+
+# GIF
+0	string		GIF		image/gif
+
+# JPEG images
+0	beshort		0xffd8		image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
+0	string		BM		image/x-ms-bmp
+#>14	byte		12		(OS/2 1.x format)
+#>14	byte		64		(OS/2 2.x format)
+#>14	byte		40		(Windows 3.x format)
+#0	string		IC		icon
+#0	string		PI		pointer
+#0	string		CI		color icon
+#0	string		CP		color pointer
+#0	string		BA		bitmap array
+
+# CDROM Filesystems
+32769    string    CD001     application/x-iso9660
+
+# Newer StuffIt archives (grant@netbsd.org)
+0	string		StuffIt			application/x-stuffit
+#>162	string		>0			: %s
+
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+11	string	must\ be\ converted\ with\ BinHex\ 4	application/mac-binhex40
+##>41	string	x					\b, version %.3s
+
+
+#------------------------------------------------------------------------------
+# lisp:  file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string	;;			text/plain	8bit
+# Emacs 18 - this is always correct, but not very magical.
+0	string	\012(			application/x-elc
+# Emacs 19
+0	string	;ELC\023\000\000\000	application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news:  file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0	string		Relay-Version: 	message/rfc822	7bit
+0	string		#!\ rnews	message/rfc822	7bit
+0	string		N#!\ rnews	message/rfc822	7bit
+0	string		Forward\ to 	message/rfc822	7bit
+0	string		Pipe\ to 	message/rfc822	7bit
+0	string		Return-Path:	message/rfc822	7bit
+0	string		Received:	message/rfc822
+0	string		Path:		message/news	8bit
+0	string		Xref:		message/news	8bit
+0	string		From:		message/rfc822	7bit
+0	string		Article 	message/news	8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0	string		\376\067\0\043			application/msword
+0	string		\320\317\021\340\241\261	application/msword
+0	string		\333\245-\0\0\0			application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer:  file(1) magic for printer-formatted files
+#
+
+# PostScript
+0	string		%!		application/postscript
+0	string		\004%!		application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0	string		%PDF-		application/pdf
+
+#------------------------------------------------------------------------------
+# sc:  file(1) magic for "sc" spreadsheet
+#
+38	string		Spreadsheet	application/x-sc
+
+#------------------------------------------------------------------------------
+# tex:  file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0	string		\367\002	application/x-dvi
+#0	string		\367\203	TeX generic font data
+#0	string		\367\131	TeX packed font data
+#0	string		\367\312	TeX virtual font data
+#0	string		This\ is\ TeX,	TeX transcript text	
+#0	string		This\ is\ METAFONT,	METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data.  The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2	string		\000\021	application/x-tex-tfm
+2	string		\000\022	application/x-tex-tfm
+#>34	string		>\0		(%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string		\\input\ texinfo		text/x-texinfo
+0	string		This\ is\ Info\ file	text/x-info
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0	leshort		0x02f7		application/x-dvi
+
+# RTF - Rich Text Format
+0	string		{\\rtf		text/rtf
+
+#------------------------------------------------------------------------------
+# animation:  file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+#						MPEG file
+# MPEG sequences
+0       belong             0x000001BA
+>4      byte               &0x40          video/mp2p
+>4      byte               ^0x40          video/mpeg
+0       belong             0x000001BB     video/mpeg
+0       belong             0x000001B0     video/mp4v-es
+0       belong             0x000001B5     video/mp4v-es
+0       belong             0x000001B3     video/mpv
+0       belong&0xFF5FFF1F  0x47400010     video/mp2t
+0       belong             0x00000001
+>4      byte&0x1F          0x07           video/h264
+
+# FLI animation format
+0	leshort		0xAF11				video/fli
+# FLC animation format
+0	leshort		0xAF12				video/flc
+#
+# SGI and Apple formats
+# Added ISO mimes
+0	string		MOVI	      video/sgi
+4	string		moov	      video/quicktime
+4	string		mdat	      video/quicktime
+4	string		wide	      video/quicktime
+4	string		skip	      video/quicktime
+4	string		free	      video/quicktime
+4	string		idsc	      image/x-quicktime
+4	string		idat	      image/x-quicktime
+4	string		pckg	      application/x-quicktime
+4	string/B	jP	      image/jp2
+4	string		ftyp
+>8	string		isom	      video/mp4
+>8	string		mp41	      video/mp4
+>8	string		mp42	      video/mp4
+>8	string/B	jp2	      image/jp2
+>8	string		3gp	      video/3gpp
+>8      string          avc1          video/3gpp
+>8	string		mmp4	      video/mp4
+>8	string/B	M4A	      audio/mp4
+>8	string/B	qt	      video/quicktime
+# The contributor claims:
+#   I couldn't find a real magic number for these, however, this
+#   -appears- to work.  Note that it might catch other files, too,
+#   so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+#						DL file version 1 , medium format (160x100, 4 images/screen)
+0	byte		1			video/unknown
+0	byte		2			video/unknown
+#
+# Databases
+#
+# GDBM magic numbers
+#  Will be maintained as part of the GDBM distribution in the future.
+#  <downsj@teeny.org>
+0       belong  0x13579ace      application/x-gdbm
+0       lelong  0x13579ace      application/x-gdbm
+0       string  GDBM            application/x-gdbm
+#
+0       belong  0x061561        application/x-dbm
+#
+# Executables
+#
+0	string		\177ELF 
+>16	leshort		0		application/octet-stream
+>16	leshort		1		application/x-object
+>16	leshort		2		application/x-executable
+>16	leshort		3		application/x-sharedlib
+>16	leshort		4		application/x-coredump
+>16	beshort		0		application/octet-stream
+>16	beshort		1		application/x-object
+>16	beshort		2		application/x-executable
+>16	beshort		3		application/x-sharedlib
+>16	beshort		4		application/x-coredump
+#
+# DOS
+0		string			MZ				application/x-dosexec
+#
+# KDE
+0		string	[KDE\ Desktop\ Entry]	application/x-kdelnk
+0		string	\#\ KDE\ Config\ File	application/x-kdelnk
+# xmcd database file for kscd
+0		string	\#\ xmcd                text/xmcd
+
+#------------------------------------------------------------------------------
+# pkgadd:  file(1) magic for SysV R4 PKG Datastreams
+#
+0       string          #\ PaCkAgE\ DaTaStReAm  application/x-svr4-package
+
+#PNG Image Format
+0	string		\x89PNG			image/png
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0	string		\x8aMNG			video/x-mng
+0	string		\x8aJNG			video/x-jng
+
+#------------------------------------------------------------------------------
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+#Hierarchical Data Format (version 4) data
+0	belong		0x0e031301		application/x-hdf
+#Hierarchical Data Format (version 5) data
+0	string		\211HDF\r\n\032		application/x-hdf
+
+# Adobe Photoshop
+0	string		8BPS			image/x-photoshop
+
+# Felix von Leitner <felix-file@fefe.de>
+0	string		d8:announce		application/x-bittorrent
+
+
+# lotus 1-2-3 document
+0	belong	0x00001a00	application/x-123
+0	belong	0x00000200 	application/x-123
+
+# MS Access database
+4	string	Standard\ Jet\ DB	application/msaccess
+
+## magic for XBase files
+#0      byte       0x02	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x03	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x04	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x05	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x30
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x43
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x7b
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x83	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x8b
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x8e	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0xb3
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0xf5
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0	leshort		0x0006		application/x-dbt
+
+# Debian has entries for the old PGP formats:
+# pgp:  file(1) magic for Pretty Good Privacy
+# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#text/PGP key public ring
+0	beshort		0x9900			application/pgp
+#text/PGP key security ring
+0	beshort		0x9501			application/pgp
+#text/PGP key security ring
+0	beshort		0x9500			application/pgp
+#text/PGP encrypted data
+0	beshort		0xa600			application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2	string	---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK-	application/pgp-keys
+0	string	-----BEGIN\040PGP\40MESSAGE-			application/pgp
+0	string	-----BEGIN\040PGP\40SIGNATURE-			application/pgp-signature
+#
+# GnuPG Magic:
+# 
+#
+#text/GnuPG key public ring
+0	beshort		0x9901			application/pgp
+#text/OpenPGP data
+0	beshort		0x8501			application/pgp-encrypted	
+
+# flash:        file(1) magic for Macromedia Flash file format
+#
+# See
+#
+#       http://www.macromedia.com/software/flash/open/
+#
+0	string		FWS             
+>3	byte		x			application/x-shockwave-flash
+
+# The following paramaters are created for Namazu.
+# <http://www.namazu.org/>
+#
+# 1999/08/13
+#0	string		\<!--\ MHonArc		text/html; x-type=mhonarc
+0	string		BZh			application/x-bzip2
+
+# 1999/09/09
+# VRML (suggested by Masao Takaku)
+0	string		#VRML\ V1.0\ ascii	model/vrml
+0	string		#VRML\ V2.0\ utf8	model/vrml
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0	string		DOC
+>43	byte		0x14		application/ichitaro4
+>144	string	JDASH		application/ichitaro4
+
+0	string		DOC
+>43	byte		0x15		application/ichitaro5
+
+0	string		DOC
+>43	byte		0x16		application/ichitaro6
+
+#------------------------------------------------------------------------------
+# office97: file(1) magic for MicroSoft Office files
+#
+# Contributor kenzo-:
+# Reversed-engineered MS Office magic numbers
+#
+
+#0       string          \320\317\021\340\241\261\032\341
+#>48     byte            0x1B            application/excel
+
+2080	string	Microsoft\ Excel\ 5.0\ Worksheet	application/excel
+2114	string	Biff5					application/excel
+
+0       string	\224\246\056		application/msword
+
+0	belong	0x31be0000		application/msword
+
+0	string	PO^Q`			application/msword
+
+0	string	\320\317\021\340\241\261\032\341
+>546	string	bjbj			application/msword
+>546	string	jbjb			application/msword
+
+512	string	R\0o\0o\0t\0\ \0E\0n\0t\0r\0y	application/msword
+
+2080	string	Microsoft\ Word\ 6.0\ Document	application/msword
+2080	string	Documento\ Microsoft\ Word\ 6	application/msword
+2112	string	MSWordDoc			application/msword
+
+#0	string	\320\317\021\340\241\261\032\341	application/powerpoint
+0	string	\320\317\021\340\241\261\032\341	application/msword
+
+0       string  #\ PaCkAgE\ DaTaStReAm  application/x-svr4-package
+
+
+# WinNT/WinCE PE files (Warner Losh, imp@village.org)
+#
+128		string	PE\000\000	application/octet-stream
+0		string	PE\000\000	application/octet-stream
+
+# miscellaneous formats
+0		string	LZ		application/octet-stream
+
+
+# .EXE formats (Greg Roelofs, newt@uchicago.edu)
+#
+0		string	MZ
+>24		string	@		application/octet-stream
+
+0		string	MZ
+>30		string	Copyright\ 1989-1990\ PKWARE\ Inc.	application/x-zip
+
+0		string	MZ
+>30		string	PKLITE\ Copr.	application/x-zip
+
+0		string	MZ
+>36		string	LHa's\ SFX	application/x-lha
+
+0		string	MZ		application/octet-stream
+
+# LHA archiver
+2		string	-lh
+>6		string	-		application/x-lha
+
+
+# Zoo archiver
+20		lelong	0xfdc4a7dc	application/x-zoo
+
+# ARC archiver
+0       	lelong&0x8080ffff	0x0000081a	application/x-arc
+0		lelong&0x8080ffff	0x0000091a	application/x-arc
+0		lelong&0x8080ffff	0x0000021a	application/x-arc
+0		lelong&0x8080ffff	0x0000031a	application/x-arc
+0		lelong&0x8080ffff	0x0000041a	application/x-arc
+0		lelong&0x8080ffff	0x0000061a	application/x-arc
+
+# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
+0		lelong	0x223e9f78	application/ms-tnef
+
+# From: stephane.loeuillet@tiscali.f
+# http://www.djvuzone.org/
+0	string		AT&TFORM	image/x.djvu
+
+# Danny Milosavljevic <danny.milo@gmx.net>
+# this are adrift (adventure game standard) game files, extension .taf
+# depending on version magic continues with 0x93453E6139FA (V 4.0)
+# 0x9445376139FA (V 3.90)
+# 0x9445366139FA (V 3.80)
+# this is from source (http://www.adrift.org.uk/) and I have some taf
+# files, and checked them.
+#0	belong	0x3C423FC9
+#>4	belong	0x6A87C2CF	application/x-adrift
+#0	string	\000\000\001\000	image/x-ico
+
+# Quark Xpress 3 Files:
+# (made the mimetype up) 
+0	string	\0\0MMXPR3\0	application/x-quark-xpress-3
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0	belong	0x1ee7ff00	application/x-eet
+
+# From: Denis Knauf, via gentoo.
+0	string	fLaC		audio/x-flac
+0	string	CWS		application/x-shockwave-flash
+
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39      string          =<gmr:Workbook           application/x-gnumeric
+

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/mods-available/ssl.conf

@@ -0,0 +1,89 @@
+<IfModule mod_ssl.c>
+
+	# Pseudo Random Number Generator (PRNG):
+	# Configure one or more sources to seed the PRNG of the SSL library.
+	# The seed data should be of good random quality.
+	# WARNING! On some platforms /dev/random blocks if not enough entropy
+	# is available. This means you then cannot use the /dev/random device
+	# because it would lead to very long connection times (as long as
+	# it requires to make more entropy available). But usually those
+	# platforms additionally provide a /dev/urandom device which doesn't
+	# block. So, if available, use this one instead. Read the mod_ssl User
+	# Manual for more details.
+	#
+	SSLRandomSeed startup builtin
+	SSLRandomSeed startup file:/dev/urandom 512
+	SSLRandomSeed connect builtin
+	SSLRandomSeed connect file:/dev/urandom 512
+
+	##
+	##  SSL Global Context
+	##
+	##  All SSL configuration in this context applies both to
+	##  the main server and all SSL-enabled virtual hosts.
+	##
+
+	#
+	#   Some MIME-types for downloading Certificates and CRLs
+	#
+	AddType application/x-x509-ca-cert .crt
+	AddType application/x-pkcs7-crl	.crl
+
+	#   Pass Phrase Dialog:
+	#   Configure the pass phrase gathering process.
+	#   The filtering dialog program (`builtin' is a internal
+	#   terminal dialog) has to provide the pass phrase on stdout.
+	SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+
+	#   Inter-Process Session Cache:
+	#   Configure the SSL Session Cache: First the mechanism 
+	#   to use and second the expiring timeout (in seconds).
+	#   (The mechanism dbm has known memory leaks and should not be used).
+	#SSLSessionCache		 dbm:${APACHE_RUN_DIR}/ssl_scache
+	SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+	SSLSessionCacheTimeout  300
+
+	#   Semaphore:
+	#   Configure the path to the mutual exclusion semaphore the
+	#   SSL engine uses internally for inter-process synchronization. 
+	#   (Disabled by default, the global Mutex directive consolidates by default
+	#   this)
+	#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+
+
+	#   SSL Cipher Suite:
+	#   List the ciphers that the client is permitted to negotiate. See the
+	#   ciphers(1) man page from the openssl package for list of all available
+	#   options.
+	#   Enable only secure ciphers:
+	SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+	#   Speed-optimized SSL Cipher configuration:
+	#   If speed is your main concern (on busy HTTPS servers e.g.),
+	#   you might want to force clients to specific, performance
+	#   optimized ciphers. In this case, prepend those ciphers
+	#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+	#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+	#   (as in the example below), most connections will no longer
+	#   have perfect forward secrecy - if the server's key is
+	#   compromised, captures of past or future traffic must be
+	#   considered compromised, too.
+	#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+	#SSLHonorCipherOrder on
+
+	#   The protocols to enable.
+	#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+	#   SSL v2  is no longer supported
+	SSLProtocol all
+
+	#   Allow insecure renegotiation with clients which do not yet support the
+	#   secure renegotiation protocol. Default: Off
+	#SSLInsecureRenegotiation on
+
+	#   Whether to forbid non-SNI clients to access name based virtual hosts.
+	#   Default: Off
+	#SSLStrictSNIVHostCheck On
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/mods-available/ssl.load

@@ -0,0 +1,2 @@
+# Depends: setenvif mime socache_shmcb
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/ports.conf

@@ -0,0 +1,20 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+
+NameVirtualHost *:80
+
+<IfModule ssl_module>
+	Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<IfModule mod_ssl.c>
+NameVirtualHost *:443
+</IfModule>

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/sites-available/000-default.conf

@@ -0,0 +1,32 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerName default.com
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/sites-available/default-ssl.conf

@@ -0,0 +1,136 @@
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerAdmin webmaster@localhost
+
+		DocumentRoot /var/www/html
+
+		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+		# error, crit, alert, emerg.
+		# It is also possible to configure the loglevel for particular
+		# modules, e.g.
+		#LogLevel info ssl:warn
+
+		ErrorLog ${APACHE_LOG_DIR}/error.log
+		CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+		# For most configuration files from conf-available/, which are
+		# enabled or disabled at a global level, it is possible to
+		# include a line for only one particular virtual host. For example the
+		# following line enables the CGI configuration for this host only
+		# after it has been globally disabled with "a2disconf".
+		#Include conf-available/serve-cgi-bin.conf
+
+		#   SSL Engine Switch:
+		#   Enable/Disable SSL for this virtual host.
+		SSLEngine on
+
+		#   A self-signed (snakeoil) certificate can be created by installing
+		#   the ssl-cert package. See
+		#   /usr/share/doc/apache2/README.Debian.gz for more info.
+		#   If both key and certificate are stored in the same file, only the
+		#   SSLCertificateFile directive is needed.
+		SSLCertificateFile	/etc/apache2/certs/letsencrypt-cert_5.pem
+		SSLCertificateKeyFile /etc/apache2/ssl/key-letsencrypt_15.pem
+
+		#   Server Certificate Chain:
+		#   Point SSLCertificateChainFile at a file containing the
+		#   concatenation of PEM encoded CA certificates which form the
+		#   certificate chain for the server certificate. Alternatively
+		#   the referenced file can be the same as SSLCertificateFile
+		#   when the CA certificates are directly appended to the server
+		#   certificate for convinience.
+		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+		#   Certificate Authority (CA):
+		#   Set the CA certificate verification path where to find CA
+		#   certificates for client authentication or alternatively one
+		#   huge file containing all of them (file must be PEM encoded)
+		#   Note: Inside SSLCACertificatePath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCACertificatePath /etc/ssl/certs/
+		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+		#   Certificate Revocation Lists (CRL):
+		#   Set the CA revocation path where to find CA CRLs for client
+		#   authentication or alternatively one huge file containing all
+		#   of them (file must be PEM encoded)
+		#   Note: Inside SSLCARevocationPath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCARevocationPath /etc/apache2/ssl.crl/
+		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+		#   Client Authentication (Type):
+		#   Client certificate verification type and depth.  Types are
+		#   none, optional, require and optional_no_ca.  Depth is a
+		#   number which specifies how deeply to verify the certificate
+		#   issuer chain before deciding the certificate is not valid.
+		#SSLVerifyClient require
+		#SSLVerifyDepth  10
+
+		#   SSL Engine Options:
+		#   Set various options for the SSL engine.
+		#   o FakeBasicAuth:
+		#	 Translate the client X.509 into a Basic Authorisation.  This means that
+		#	 the standard Auth/DBMAuth methods can be used for access control.  The
+		#	 user name is the `one line' version of the client's X.509 certificate.
+		#	 Note that no password is obtained from the user. Every entry in the user
+		#	 file needs this password: `xxj31ZMTZzkVA'.
+		#   o ExportCertData:
+		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
+		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+		#	 server (always existing) and the client (only existing when client
+		#	 authentication is used). This can be used to import the certificates
+		#	 into CGI scripts.
+		#   o StdEnvVars:
+		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
+		#	 Per default this exportation is switched off for performance reasons,
+		#	 because the extraction step is an expensive operation and is usually
+		#	 useless for serving static content. So one usually enables the
+		#	 exportation for CGI and SSI requests only.
+		#   o OptRenegotiate:
+		#	 This enables optimized SSL connection renegotiation handling when SSL
+		#	 directives are used in per-directory context.
+		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+		<FilesMatch "\.(cgi|shtml|phtml|php)$">
+				SSLOptions +StdEnvVars
+		</FilesMatch>
+		<Directory /usr/lib/cgi-bin>
+				SSLOptions +StdEnvVars
+		</Directory>
+
+		#   SSL Protocol Adjustments:
+		#   The safe and default but still SSL/TLS standard compliant shutdown
+		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+		#   the close notify alert from client. When you need a different shutdown
+		#   approach you can use one of the following variables:
+		#   o ssl-unclean-shutdown:
+		#	 This forces an unclean shutdown when the connection is closed, i.e. no
+		#	 SSL close notify alert is send or allowed to received.  This violates
+		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
+		#	 this when you receive I/O errors because of the standard approach where
+		#	 mod_ssl sends the close notify alert.
+		#   o ssl-accurate-shutdown:
+		#	 This forces an accurate shutdown when the connection is closed, i.e. a
+		#	 SSL close notify alert is send and mod_ssl waits for the close notify
+		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
+		#	 practice often causes hanging connections with brain-dead browsers. Use
+		#	 this only for browsers where you know that their SSL implementation
+		#	 works correctly.
+		#   Notice: Most problems of broken clients are also related to the HTTP
+		#   keep-alive facility, so you usually additionally want to disable
+		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+		#   "force-response-1.0" for this.
+		BrowserMatch "MSIE [2-6]" \
+				nokeepalive ssl-unclean-shutdown \
+				downgrade-1.0 force-response-1.0
+		# MSIE 7 and newer should be able to use keepalive
+		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/default_vhost/apache2/sites-enabled/000-default.conf

@@ -0,0 +1 @@
+../sites-available/000-default.conf

letsencrypt/client/tests/debian_apache_2_4/default_vhost/sites

@@ -0,0 +1 @@
+sites-available/000-default.conf, default.com 

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/apache2.conf

@@ -0,0 +1,223 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf-enabled
+#	|	`-- *.conf
+# 	`-- sites-enabled
+#	 	`-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections which can be
+#   customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+#   directories contain particular configuration snippets which manage modules,
+#   global configuration fragments, or virtual host configurations,
+#   respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+#   their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory /usr/share>
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /var/www/>
+<Directory /var/>
+	Options Indexes FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /srv/>
+#	Options Indexes FollowSymLinks
+#	AllowOverride None
+#	Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+	Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+ServerName 127.0.1.1

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-available/charset.conf

@@ -0,0 +1,8 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-available/localized-error-pages.conf

@@ -0,0 +1,81 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis.  If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+#		  SetHandler directive in a <Location /> context somewhere. Adding
+#		  the following three lines AFTER the <Location /> context should
+#		  make it work in most cases:
+#		  <Location /error/>
+#			 SetHandler none
+#		  </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+#	<IfModule mod_include.c>
+#		<IfModule mod_alias.c>
+#
+#			Alias /error/ "/usr/share/apache2/error/"
+#
+#			<Directory "/usr/share/apache2/error">
+#				Options IncludesNoExec
+#				AddOutputFilter Includes html
+#				AddHandler type-map var
+#				Order allow,deny
+#				Allow from all
+#				LanguagePriority en cs de es fr it nl sv pt-br ro
+#				ForceLanguagePriority Prefer Fallback
+#			</Directory>
+#
+#			ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#			ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#			ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#			ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#			ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#			ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#			ErrorDocument 410 /error/HTTP_GONE.html.var
+#			ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#			ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#			ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#			ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#			ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#			ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#			ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#			ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#			ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#			ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#		</IfModule>
+#	</IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-available/other-vhosts-access-log.conf

@@ -0,0 +1,4 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-available/security.conf

@@ -0,0 +1,74 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+#   AllowOverride None
+#   Order Deny,Allow
+#   Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#   Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-available/serve-cgi-bin.conf

@@ -0,0 +1,20 @@
+<IfModule mod_alias.c>
+	<IfModule mod_cgi.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfModule mod_cgid.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfDefine ENABLE_USR_LIB_CGI_BIN>
+		ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+		<Directory "/usr/lib/cgi-bin">
+			AllowOverride None
+			Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+			Require all granted
+		</Directory>
+	</IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-enabled/charset.conf

@@ -0,0 +1,8 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-enabled/localized-error-pages.conf

@@ -0,0 +1,81 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis.  If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+#		  SetHandler directive in a <Location /> context somewhere. Adding
+#		  the following three lines AFTER the <Location /> context should
+#		  make it work in most cases:
+#		  <Location /error/>
+#			 SetHandler none
+#		  </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+#	<IfModule mod_include.c>
+#		<IfModule mod_alias.c>
+#
+#			Alias /error/ "/usr/share/apache2/error/"
+#
+#			<Directory "/usr/share/apache2/error">
+#				Options IncludesNoExec
+#				AddOutputFilter Includes html
+#				AddHandler type-map var
+#				Order allow,deny
+#				Allow from all
+#				LanguagePriority en cs de es fr it nl sv pt-br ro
+#				ForceLanguagePriority Prefer Fallback
+#			</Directory>
+#
+#			ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#			ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#			ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#			ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#			ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#			ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#			ErrorDocument 410 /error/HTTP_GONE.html.var
+#			ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#			ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#			ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#			ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#			ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#			ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#			ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#			ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#			ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#			ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#		</IfModule>
+#	</IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-enabled/other-vhosts-access-log.conf

@@ -0,0 +1,4 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-enabled/security.conf

@@ -0,0 +1,74 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+#   AllowOverride None
+#   Order Deny,Allow
+#   Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#   Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/conf-enabled/serve-cgi-bin.conf

@@ -0,0 +1,20 @@
+<IfModule mod_alias.c>
+	<IfModule mod_cgi.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfModule mod_cgid.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfDefine ENABLE_USR_LIB_CGI_BIN>
+		ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+		<Directory "/usr/lib/cgi-bin">
+			AllowOverride None
+			Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+			Require all granted
+		</Directory>
+	</IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/envvars

@@ -0,0 +1,47 @@
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+	SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+	SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=www-data
+export APACHE_RUN_GROUP=www-data
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+export LANG=C
+## Uncomment the following line to use the system default locale instead:
+#. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/magic

@@ -0,0 +1,935 @@
+# Magic data for mod_mime_magic (originally for file(1) command)
+#
+# The format is 4-5 columns:
+#    Column #1: byte number to begin checking from, ">" indicates continuation
+#    Column #2: type of data to match
+#    Column #3: contents of data to match
+#    Column #4: MIME type of result
+#    Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff:  file(1) magic for locally observed files
+# Add any locally observed files here.
+
+# Real Audio (Magic .ra\0375)
+0	belong		0x2e7261fd	audio/x-pn-realaudio
+0	string		.RMF		application/vnd.rn-realmedia
+
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+#	sigh, there are many mimes for that but the above are the most common.
+
+# Taken from magic, converted to magic.mime
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+#	audio/it	.it
+#	audio/x-zipped-it	.itz
+#	audio/xm	fasttracker modules
+#	audio/x-s3m	screamtracker modules
+#	audio/s3m	screamtracker modules
+#	audio/x-zipped-mod	mdz
+#	audio/mod	mod
+#	audio/x-mod	All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0	string	MAS_UTrack_V00
+>14	string	>/0		audio/x-mod
+#audio/x-tracker-module
+
+#0	string	UN05		MikMod UNI format module sound data
+
+0	string	Extended\ Module: audio/x-mod
+#audio/x-tracker-module
+##>17	string	>\0		Title: "%s"
+
+21	string/c	\!SCREAM!	audio/x-mod
+#audio/x-screamtracker-module
+21	string	BMOD2STM	audio/x-mod
+#audio/x-screamtracker-module
+1080	string	M.K.		audio/x-mod
+#audio/x-protracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	M!K!		audio/x-mod
+#audio/x-protracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	FLT4		audio/x-mod
+#audio/x-startracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	FLT8		audio/x-mod
+#audio/x-startracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	4CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	6CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	8CHN		audio/x-mod
+#audio/x-fasttracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	CD81		audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	OKTA		audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0	string	>\0		Title: "%s"
+# Not good enough.
+#1082	string	CH
+#>1080	string	>/0		%.2s-channel Fasttracker "oktalyzer" module sound data
+1080	string	16CN		audio/x-mod
+#audio/x-taketracker-module
+#>0	string	>\0		Title: "%s"
+1080	string	32CN		audio/x-mod
+#audio/x-taketracker-module
+#>0	string	>\0		Title: "%s"
+
+# Impuse tracker module (it)
+0	string		IMPM		audio/x-mod
+#>4	string		>\0		"%s"
+#>40	leshort		!0		compatible w/ITv%x
+#>42	leshort		!0		created w/ITv%x
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+# xml based formats!
+
+# svg
+
+0	string		\<?xml
+#			text/xml
+>38	string		\<\!DOCTYPE\040svg	image/svg+xml
+
+
+# xml
+0	string		\<?xml			text/xml
+
+
+#------------------------------------------------------------------------------
+# Java
+
+0	short		0xcafe
+>2	short		0xbabe		application/java
+
+#------------------------------------------------------------------------------
+# audio:  file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0	string		.snd
+>12	belong		1		audio/basic
+>12	belong		2		audio/basic
+>12	belong		3		audio/basic
+>12	belong		4		audio/basic
+>12	belong		5		audio/basic
+>12	belong		6		audio/basic
+>12	belong		7		audio/basic
+
+>12	belong		23		audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0	lelong		0x0064732E	
+>12	lelong		1		audio/x-dec-basic
+>12	lelong		2		audio/x-dec-basic
+>12	lelong		3		audio/x-dec-basic
+>12	lelong		4		audio/x-dec-basic
+>12	lelong		5		audio/x-dec-basic
+>12	lelong		6		audio/x-dec-basic
+>12	lelong		7		audio/x-dec-basic
+#                                       compressed (G.721 ADPCM)
+>12	lelong		23		audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+#					AIFF audio data
+8	string		AIFF		audio/x-aiff	
+#					AIFF-C audio data
+8	string		AIFC		audio/x-aiff	
+#					IFF/8SVX audio data
+8	string		8SVX		audio/x-aiff	
+
+
+
+# Creative Labs AUDIO stuff
+#					Standard MIDI data
+0	string	MThd			audio/unknown	
+#>9 	byte	>0			(format %d)
+#>11	byte	>1			using %d channels
+#					Creative Music (CMF) data
+0	string	CTMF			audio/unknown	
+#					SoundBlaster instrument data
+0	string	SBI			audio/unknown	
+#					Creative Labs voice data
+0	string	Creative\ Voice\ File	audio/unknown	
+## is this next line right?  it came this way...
+#>19	byte	0x1A
+#>23	byte	>0			- version %d
+#>22	byte	>0			\b.%d
+
+# [GRR 950115:  is this also Creative Labs?  Guessing that first line
+#  should be string instead of unknown-endian long...]
+#0	long		0x4e54524b	MultiTrack sound data
+#0	string		NTRK		MultiTrack sound data
+#>4	long		x		- version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
+#					Microsoft RIFF
+0	string		RIFF
+#					- WAVE format
+>8	string		WAVE		audio/x-wav
+>8	string/B	AVI		video/x-msvideo
+#
+>8 	string		CDRA		image/x-coreldraw
+
+# AAC (aka MPEG-2 NBC)
+0       beshort&0xfff6    0xfff0          audio/X-HX-AAC-ADTS
+0       string          ADIF            audio/X-HX-AAC-ADIF
+0       beshort&0xffe0  0x56e0          audio/MP4A-LATM
+0       beshort         0x4De1          audio/MP4A-LATM
+
+# MPEG Layer 3 sound files
+0       beshort&0xfffe  =0xfffa         audio/mpeg
+#MP3 with ID3 tag
+0	string		ID3		audio/mpeg
+# Ogg/Vorbis
+0	string		OggS		application/ogg
+
+#------------------------------------------------------------------------------
+# c-lang:  file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0	string		/*\ XPM		image/x-xpmi 7bit
+
+# 3DS (3d Studio files)
+#16	beshort		0x3d3d		image/x-3ds
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+#					C or REXX program text
+#0	string		/*		text/x-c
+#					C++ program text
+#0	string		//		text/x-c++
+
+#------------------------------------------------------------------------------
+# commands:  file(1) magic for various shells and interpreters
+#
+#0       string          :\ shell archive or commands for antique kernel text
+0       string          #!/bin/sh               application/x-shellscript
+0       string          #!\ /bin/sh             application/x-shellscript
+0       string          #!/bin/csh              application/x-shellscript
+0       string          #!\ /bin/csh            application/x-shellscript
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0       string          #!/bin/ksh              application/x-shellscript
+0       string          #!\ /bin/ksh            application/x-shellscript
+0       string          #!/bin/tcsh             application/x-shellscript
+0       string          #!\ /bin/tcsh           application/x-shellscript
+0       string          #!/usr/local/tcsh       application/x-shellscript
+0       string          #!\ /usr/local/tcsh     application/x-shellscript
+0       string          #!/usr/local/bin/tcsh   application/x-shellscript
+0       string          #!\ /usr/local/bin/tcsh application/x-shellscript
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0       string          #!/bin/bash     		application/x-shellscript
+0       string          #!\ /bin/bash           application/x-shellscript
+0       string          #!/usr/local/bin/bash   application/x-shellscript
+0       string          #!\ /usr/local/bin/bash application/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0       string          #!/bin/zsh	        application/x-shellscript
+0       string          #!/usr/bin/zsh	        application/x-shellscript
+0       string          #!/usr/local/bin/zsh    application/x-shellscript
+0       string          #!\ /usr/local/bin/zsh  application/x-shellscript
+0       string          #!/usr/local/bin/ash    application/x-shellscript
+0       string          #!\ /usr/local/bin/ash  application/x-shellscript
+#0       string          #!/usr/local/bin/ae     Neil Brown's ae
+#0       string          #!\ /usr/local/bin/ae   Neil Brown's ae
+0       string          #!/bin/nawk             application/x-nawk
+0       string          #!\ /bin/nawk           application/x-nawk
+0       string          #!/usr/bin/nawk         application/x-nawk
+0       string          #!\ /usr/bin/nawk       application/x-nawk
+0       string          #!/usr/local/bin/nawk   application/x-nawk
+0       string          #!\ /usr/local/bin/nawk application/x-nawk
+0       string          #!/bin/gawk             application/x-gawk
+0       string          #!\ /bin/gawk           application/x-gawk
+0       string          #!/usr/bin/gawk         application/x-gawk
+0       string          #!\ /usr/bin/gawk       application/x-gawk
+0       string          #!/usr/local/bin/gawk   application/x-gawk
+0       string          #!\ /usr/local/bin/gawk application/x-gawk
+#
+0       string          #!/bin/awk              application/x-awk
+0       string          #!\ /bin/awk            application/x-awk
+0       string          #!/usr/bin/awk          application/x-awk
+0       string          #!\ /usr/bin/awk        application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+#0	regex		BEGIN[[:space:]]*[{]	application/x-awk
+
+# For Larry Wall's perl language.  The ``eval'' line recognizes an
+# outrageously clever hack for USG systems.
+#                               Keith Waclena <keith@cerberus.uchicago.edu>
+0       string          #!/bin/perl                     application/x-perl
+0       string          #!\ /bin/perl                   application/x-perl
+0       string          eval\ "exec\ /bin/perl          application/x-perl
+0       string          #!/usr/bin/perl                 application/x-perl
+0       string          #!\ /usr/bin/perl               application/x-perl
+0       string          eval\ "exec\ /usr/bin/perl      application/x-perl
+0       string          #!/usr/local/bin/perl           application/x-perl
+0       string          #!\ /usr/local/bin/perl         application/x-perl
+0       string          eval\ "exec\ /usr/local/bin/perl application/x-perl
+
+#------------------------------------------------------------------------------
+# compress:  file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+#0	string		\037\235	application/x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+#0       string          \037\213        application/x-gzip
+
+0		string			PK\003\004		application/x-zip
+
+# RAR archiver (Greg Roelofs, newt@uchicago.edu)
+0	string		Rar!		application/x-rar
+
+# According to gzip.h, this is the correct byte order for packed data.
+0	string		\037\036	application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0	short		017437		application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0	short		0x1fff		application/octet-stream
+0	string		\377\037	application/octet-stream
+# huf output
+0	short		0145405		application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats.  Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+#				Keith Waclena <keith@cerberus.uchicago.edu>
+#0	leshort		0x76FF		squeezed data (CP/M, DOS)
+#0	leshort		0x76FE		crunched data (CP/M, DOS)
+
+# Freeze
+#0	string		\037\237	Frozen file 2.1
+#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0	string		\037\240	LZH compressed data
+
+257	string		ustar\0		application/x-tar	posix
+257	string		ustar\040\040\0		application/x-tar	gnu
+
+0	short		070707		application/x-cpio
+0	short		0143561		application/x-cpio	swapped
+
+0	string		=<ar>		application/x-archive
+0	string		\!<arch>	application/x-archive
+>8	string		debian		application/x-debian-package
+
+#------------------------------------------------------------------------------
+#
+# RPM: file(1) magic for Red Hat Packages   Erik Troan (ewt@redhat.com)
+#
+0       beshort         0xedab
+>2      beshort         0xeedb          application/x-rpm
+
+0	lelong&0x8080ffff	0x0000081a	application/x-arc	lzw
+0	lelong&0x8080ffff	0x0000091a	application/x-arc	squashed
+0	lelong&0x8080ffff	0x0000021a	application/x-arc	uncompressed
+0	lelong&0x8080ffff	0x0000031a	application/x-arc	packed
+0	lelong&0x8080ffff	0x0000041a	application/x-arc	squeezed
+0	lelong&0x8080ffff	0x0000061a	application/x-arc	crunched
+
+0	leshort	0xea60	application/x-arj
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+2	string	-lh0-	application/x-lharc	lh0
+2	string	-lh1-	application/x-lharc	lh1
+2	string	-lz4-	application/x-lharc	lz4
+2	string	-lz5-	application/x-lharc	lz5
+#	[never seen any but the last; -lh4- reported in comp.compression:]
+2	string	-lzs-	application/x-lha	lzs
+2	string	-lh\ -	application/x-lha	lh
+2	string	-lhd-	application/x-lha	lhd
+2	string	-lh2-	application/x-lha	lh2
+2	string	-lh3-	application/x-lha	lh3
+2	string	-lh4-	application/x-lha	lh4
+2	string	-lh5-	application/x-lha	lh5
+2	string	-lh6-	application/x-lha	lh6
+2	string	-lh7-	application/x-lha	lh7
+# Shell archives
+10	string	#\ This\ is\ a\ shell\ archive	application/octet-stream	x-shell
+
+#------------------------------------------------------------------------------
+# frame:  file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0	string		\<MakerFile	application/x-frame
+0	string		\<MIFFile	application/x-frame
+0	string		\<MakerDictionary	application/x-frame
+0	string		\<MakerScreenFon	application/x-frame
+0	string		\<MML		application/x-frame
+0	string		\<Book		application/x-frame
+0	string		\<Maker		application/x-frame
+
+#------------------------------------------------------------------------------
+# html:  file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+#
+0	string/cB	\<!DOCTYPE\ html	text/html
+0	string/cb	\<head	text/html
+0	string/cb	\<title	text/html
+0       string/bc	\<html	text/html
+0	string		\<!--	text/html
+0	string/c	\<h1	text/html
+
+0	string		\<?xml			text/xml
+
+#------------------------------------------------------------------------------
+# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR:  what the hell is this doing in here?]
+#0	string		xbtoa		btoa'd file
+
+# PBMPLUS
+#					PBM file
+0	string		P1		image/x-portable-bitmap	7bit
+#					PGM file
+0	string		P2		image/x-portable-greymap	7bit
+#					PPM file
+0	string		P3		image/x-portable-pixmap	7bit
+#					PBM "rawbits" file
+0	string		P4		image/x-portable-bitmap
+#					PGM "rawbits" file
+0	string		P5		image/x-portable-greymap
+#					PPM "rawbits" file
+0	string		P6		image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR:  this *must* go before TIFF]
+0	string		IIN1		image/x-niff
+
+# TIFF and friends
+#					TIFF file, big-endian
+0	string		MM		image/tiff
+#					TIFF file, little-endian
+0	string		II		image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115:  this was mine ("Zip GIF"):
+#					ZIF image (GIF+deflate alpha)
+0	string		GIF94z		image/unknown
+#
+# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
+#					FGF image (GIF+deflate beta)
+0	string		FGF95a		image/unknown
+#
+# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#					PBF image (deflate compression)
+0	string		PBF		image/unknown
+
+# GIF
+0	string		GIF		image/gif
+
+# JPEG images
+0	beshort		0xffd8		image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
+0	string		BM		image/x-ms-bmp
+#>14	byte		12		(OS/2 1.x format)
+#>14	byte		64		(OS/2 2.x format)
+#>14	byte		40		(Windows 3.x format)
+#0	string		IC		icon
+#0	string		PI		pointer
+#0	string		CI		color icon
+#0	string		CP		color pointer
+#0	string		BA		bitmap array
+
+# CDROM Filesystems
+32769    string    CD001     application/x-iso9660
+
+# Newer StuffIt archives (grant@netbsd.org)
+0	string		StuffIt			application/x-stuffit
+#>162	string		>0			: %s
+
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+11	string	must\ be\ converted\ with\ BinHex\ 4	application/mac-binhex40
+##>41	string	x					\b, version %.3s
+
+
+#------------------------------------------------------------------------------
+# lisp:  file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string	;;			text/plain	8bit
+# Emacs 18 - this is always correct, but not very magical.
+0	string	\012(			application/x-elc
+# Emacs 19
+0	string	;ELC\023\000\000\000	application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news:  file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0	string		Relay-Version: 	message/rfc822	7bit
+0	string		#!\ rnews	message/rfc822	7bit
+0	string		N#!\ rnews	message/rfc822	7bit
+0	string		Forward\ to 	message/rfc822	7bit
+0	string		Pipe\ to 	message/rfc822	7bit
+0	string		Return-Path:	message/rfc822	7bit
+0	string		Received:	message/rfc822
+0	string		Path:		message/news	8bit
+0	string		Xref:		message/news	8bit
+0	string		From:		message/rfc822	7bit
+0	string		Article 	message/news	8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0	string		\376\067\0\043			application/msword
+0	string		\320\317\021\340\241\261	application/msword
+0	string		\333\245-\0\0\0			application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer:  file(1) magic for printer-formatted files
+#
+
+# PostScript
+0	string		%!		application/postscript
+0	string		\004%!		application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0	string		%PDF-		application/pdf
+
+#------------------------------------------------------------------------------
+# sc:  file(1) magic for "sc" spreadsheet
+#
+38	string		Spreadsheet	application/x-sc
+
+#------------------------------------------------------------------------------
+# tex:  file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0	string		\367\002	application/x-dvi
+#0	string		\367\203	TeX generic font data
+#0	string		\367\131	TeX packed font data
+#0	string		\367\312	TeX virtual font data
+#0	string		This\ is\ TeX,	TeX transcript text	
+#0	string		This\ is\ METAFONT,	METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data.  The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2	string		\000\021	application/x-tex-tfm
+2	string		\000\022	application/x-tex-tfm
+#>34	string		>\0		(%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string		\\input\ texinfo		text/x-texinfo
+0	string		This\ is\ Info\ file	text/x-info
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0	leshort		0x02f7		application/x-dvi
+
+# RTF - Rich Text Format
+0	string		{\\rtf		text/rtf
+
+#------------------------------------------------------------------------------
+# animation:  file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+#						MPEG file
+# MPEG sequences
+0       belong             0x000001BA
+>4      byte               &0x40          video/mp2p
+>4      byte               ^0x40          video/mpeg
+0       belong             0x000001BB     video/mpeg
+0       belong             0x000001B0     video/mp4v-es
+0       belong             0x000001B5     video/mp4v-es
+0       belong             0x000001B3     video/mpv
+0       belong&0xFF5FFF1F  0x47400010     video/mp2t
+0       belong             0x00000001
+>4      byte&0x1F          0x07           video/h264
+
+# FLI animation format
+0	leshort		0xAF11				video/fli
+# FLC animation format
+0	leshort		0xAF12				video/flc
+#
+# SGI and Apple formats
+# Added ISO mimes
+0	string		MOVI	      video/sgi
+4	string		moov	      video/quicktime
+4	string		mdat	      video/quicktime
+4	string		wide	      video/quicktime
+4	string		skip	      video/quicktime
+4	string		free	      video/quicktime
+4	string		idsc	      image/x-quicktime
+4	string		idat	      image/x-quicktime
+4	string		pckg	      application/x-quicktime
+4	string/B	jP	      image/jp2
+4	string		ftyp
+>8	string		isom	      video/mp4
+>8	string		mp41	      video/mp4
+>8	string		mp42	      video/mp4
+>8	string/B	jp2	      image/jp2
+>8	string		3gp	      video/3gpp
+>8      string          avc1          video/3gpp
+>8	string		mmp4	      video/mp4
+>8	string/B	M4A	      audio/mp4
+>8	string/B	qt	      video/quicktime
+# The contributor claims:
+#   I couldn't find a real magic number for these, however, this
+#   -appears- to work.  Note that it might catch other files, too,
+#   so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+#						DL file version 1 , medium format (160x100, 4 images/screen)
+0	byte		1			video/unknown
+0	byte		2			video/unknown
+#
+# Databases
+#
+# GDBM magic numbers
+#  Will be maintained as part of the GDBM distribution in the future.
+#  <downsj@teeny.org>
+0       belong  0x13579ace      application/x-gdbm
+0       lelong  0x13579ace      application/x-gdbm
+0       string  GDBM            application/x-gdbm
+#
+0       belong  0x061561        application/x-dbm
+#
+# Executables
+#
+0	string		\177ELF 
+>16	leshort		0		application/octet-stream
+>16	leshort		1		application/x-object
+>16	leshort		2		application/x-executable
+>16	leshort		3		application/x-sharedlib
+>16	leshort		4		application/x-coredump
+>16	beshort		0		application/octet-stream
+>16	beshort		1		application/x-object
+>16	beshort		2		application/x-executable
+>16	beshort		3		application/x-sharedlib
+>16	beshort		4		application/x-coredump
+#
+# DOS
+0		string			MZ				application/x-dosexec
+#
+# KDE
+0		string	[KDE\ Desktop\ Entry]	application/x-kdelnk
+0		string	\#\ KDE\ Config\ File	application/x-kdelnk
+# xmcd database file for kscd
+0		string	\#\ xmcd                text/xmcd
+
+#------------------------------------------------------------------------------
+# pkgadd:  file(1) magic for SysV R4 PKG Datastreams
+#
+0       string          #\ PaCkAgE\ DaTaStReAm  application/x-svr4-package
+
+#PNG Image Format
+0	string		\x89PNG			image/png
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0	string		\x8aMNG			video/x-mng
+0	string		\x8aJNG			video/x-jng
+
+#------------------------------------------------------------------------------
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+#Hierarchical Data Format (version 4) data
+0	belong		0x0e031301		application/x-hdf
+#Hierarchical Data Format (version 5) data
+0	string		\211HDF\r\n\032		application/x-hdf
+
+# Adobe Photoshop
+0	string		8BPS			image/x-photoshop
+
+# Felix von Leitner <felix-file@fefe.de>
+0	string		d8:announce		application/x-bittorrent
+
+
+# lotus 1-2-3 document
+0	belong	0x00001a00	application/x-123
+0	belong	0x00000200 	application/x-123
+
+# MS Access database
+4	string	Standard\ Jet\ DB	application/msaccess
+
+## magic for XBase files
+#0      byte       0x02	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x03	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x04	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x05	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x30
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x43
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x7b
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x83	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x8b
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0x8e	
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0xb3
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0      byte       0xf5
+#>8     leshort	  >0
+#>>12   leshort    0	application/x-dbf
+#
+#0	leshort		0x0006		application/x-dbt
+
+# Debian has entries for the old PGP formats:
+# pgp:  file(1) magic for Pretty Good Privacy
+# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#text/PGP key public ring
+0	beshort		0x9900			application/pgp
+#text/PGP key security ring
+0	beshort		0x9501			application/pgp
+#text/PGP key security ring
+0	beshort		0x9500			application/pgp
+#text/PGP encrypted data
+0	beshort		0xa600			application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2	string	---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK-	application/pgp-keys
+0	string	-----BEGIN\040PGP\40MESSAGE-			application/pgp
+0	string	-----BEGIN\040PGP\40SIGNATURE-			application/pgp-signature
+#
+# GnuPG Magic:
+# 
+#
+#text/GnuPG key public ring
+0	beshort		0x9901			application/pgp
+#text/OpenPGP data
+0	beshort		0x8501			application/pgp-encrypted	
+
+# flash:        file(1) magic for Macromedia Flash file format
+#
+# See
+#
+#       http://www.macromedia.com/software/flash/open/
+#
+0	string		FWS             
+>3	byte		x			application/x-shockwave-flash
+
+# The following paramaters are created for Namazu.
+# <http://www.namazu.org/>
+#
+# 1999/08/13
+#0	string		\<!--\ MHonArc		text/html; x-type=mhonarc
+0	string		BZh			application/x-bzip2
+
+# 1999/09/09
+# VRML (suggested by Masao Takaku)
+0	string		#VRML\ V1.0\ ascii	model/vrml
+0	string		#VRML\ V2.0\ utf8	model/vrml
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0	string		DOC
+>43	byte		0x14		application/ichitaro4
+>144	string	JDASH		application/ichitaro4
+
+0	string		DOC
+>43	byte		0x15		application/ichitaro5
+
+0	string		DOC
+>43	byte		0x16		application/ichitaro6
+
+#------------------------------------------------------------------------------
+# office97: file(1) magic for MicroSoft Office files
+#
+# Contributor kenzo-:
+# Reversed-engineered MS Office magic numbers
+#
+
+#0       string          \320\317\021\340\241\261\032\341
+#>48     byte            0x1B            application/excel
+
+2080	string	Microsoft\ Excel\ 5.0\ Worksheet	application/excel
+2114	string	Biff5					application/excel
+
+0       string	\224\246\056		application/msword
+
+0	belong	0x31be0000		application/msword
+
+0	string	PO^Q`			application/msword
+
+0	string	\320\317\021\340\241\261\032\341
+>546	string	bjbj			application/msword
+>546	string	jbjb			application/msword
+
+512	string	R\0o\0o\0t\0\ \0E\0n\0t\0r\0y	application/msword
+
+2080	string	Microsoft\ Word\ 6.0\ Document	application/msword
+2080	string	Documento\ Microsoft\ Word\ 6	application/msword
+2112	string	MSWordDoc			application/msword
+
+#0	string	\320\317\021\340\241\261\032\341	application/powerpoint
+0	string	\320\317\021\340\241\261\032\341	application/msword
+
+0       string  #\ PaCkAgE\ DaTaStReAm  application/x-svr4-package
+
+
+# WinNT/WinCE PE files (Warner Losh, imp@village.org)
+#
+128		string	PE\000\000	application/octet-stream
+0		string	PE\000\000	application/octet-stream
+
+# miscellaneous formats
+0		string	LZ		application/octet-stream
+
+
+# .EXE formats (Greg Roelofs, newt@uchicago.edu)
+#
+0		string	MZ
+>24		string	@		application/octet-stream
+
+0		string	MZ
+>30		string	Copyright\ 1989-1990\ PKWARE\ Inc.	application/x-zip
+
+0		string	MZ
+>30		string	PKLITE\ Copr.	application/x-zip
+
+0		string	MZ
+>36		string	LHa's\ SFX	application/x-lha
+
+0		string	MZ		application/octet-stream
+
+# LHA archiver
+2		string	-lh
+>6		string	-		application/x-lha
+
+
+# Zoo archiver
+20		lelong	0xfdc4a7dc	application/x-zoo
+
+# ARC archiver
+0       	lelong&0x8080ffff	0x0000081a	application/x-arc
+0		lelong&0x8080ffff	0x0000091a	application/x-arc
+0		lelong&0x8080ffff	0x0000021a	application/x-arc
+0		lelong&0x8080ffff	0x0000031a	application/x-arc
+0		lelong&0x8080ffff	0x0000041a	application/x-arc
+0		lelong&0x8080ffff	0x0000061a	application/x-arc
+
+# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
+0		lelong	0x223e9f78	application/ms-tnef
+
+# From: stephane.loeuillet@tiscali.f
+# http://www.djvuzone.org/
+0	string		AT&TFORM	image/x.djvu
+
+# Danny Milosavljevic <danny.milo@gmx.net>
+# this are adrift (adventure game standard) game files, extension .taf
+# depending on version magic continues with 0x93453E6139FA (V 4.0)
+# 0x9445376139FA (V 3.90)
+# 0x9445366139FA (V 3.80)
+# this is from source (http://www.adrift.org.uk/) and I have some taf
+# files, and checked them.
+#0	belong	0x3C423FC9
+#>4	belong	0x6A87C2CF	application/x-adrift
+#0	string	\000\000\001\000	image/x-ico
+
+# Quark Xpress 3 Files:
+# (made the mimetype up) 
+0	string	\0\0MMXPR3\0	application/x-quark-xpress-3
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0	belong	0x1ee7ff00	application/x-eet
+
+# From: Denis Knauf, via gentoo.
+0	string	fLaC		audio/x-flac
+0	string	CWS		application/x-shockwave-flash
+
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39      string          =<gmr:Workbook           application/x-gnumeric
+

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/mods-available/ssl.conf

@@ -0,0 +1,89 @@
+<IfModule mod_ssl.c>
+
+	# Pseudo Random Number Generator (PRNG):
+	# Configure one or more sources to seed the PRNG of the SSL library.
+	# The seed data should be of good random quality.
+	# WARNING! On some platforms /dev/random blocks if not enough entropy
+	# is available. This means you then cannot use the /dev/random device
+	# because it would lead to very long connection times (as long as
+	# it requires to make more entropy available). But usually those
+	# platforms additionally provide a /dev/urandom device which doesn't
+	# block. So, if available, use this one instead. Read the mod_ssl User
+	# Manual for more details.
+	#
+	SSLRandomSeed startup builtin
+	SSLRandomSeed startup file:/dev/urandom 512
+	SSLRandomSeed connect builtin
+	SSLRandomSeed connect file:/dev/urandom 512
+
+	##
+	##  SSL Global Context
+	##
+	##  All SSL configuration in this context applies both to
+	##  the main server and all SSL-enabled virtual hosts.
+	##
+
+	#
+	#   Some MIME-types for downloading Certificates and CRLs
+	#
+	AddType application/x-x509-ca-cert .crt
+	AddType application/x-pkcs7-crl	.crl
+
+	#   Pass Phrase Dialog:
+	#   Configure the pass phrase gathering process.
+	#   The filtering dialog program (`builtin' is a internal
+	#   terminal dialog) has to provide the pass phrase on stdout.
+	SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+
+	#   Inter-Process Session Cache:
+	#   Configure the SSL Session Cache: First the mechanism 
+	#   to use and second the expiring timeout (in seconds).
+	#   (The mechanism dbm has known memory leaks and should not be used).
+	#SSLSessionCache		 dbm:${APACHE_RUN_DIR}/ssl_scache
+	SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+	SSLSessionCacheTimeout  300
+
+	#   Semaphore:
+	#   Configure the path to the mutual exclusion semaphore the
+	#   SSL engine uses internally for inter-process synchronization. 
+	#   (Disabled by default, the global Mutex directive consolidates by default
+	#   this)
+	#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+
+
+	#   SSL Cipher Suite:
+	#   List the ciphers that the client is permitted to negotiate. See the
+	#   ciphers(1) man page from the openssl package for list of all available
+	#   options.
+	#   Enable only secure ciphers:
+	SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+	#   Speed-optimized SSL Cipher configuration:
+	#   If speed is your main concern (on busy HTTPS servers e.g.),
+	#   you might want to force clients to specific, performance
+	#   optimized ciphers. In this case, prepend those ciphers
+	#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+	#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+	#   (as in the example below), most connections will no longer
+	#   have perfect forward secrecy - if the server's key is
+	#   compromised, captures of past or future traffic must be
+	#   considered compromised, too.
+	#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+	#SSLHonorCipherOrder on
+
+	#   The protocols to enable.
+	#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+	#   SSL v2  is no longer supported
+	SSLProtocol all
+
+	#   Allow insecure renegotiation with clients which do not yet support the
+	#   secure renegotiation protocol. Default: Off
+	#SSLInsecureRenegotiation on
+
+	#   Whether to forbid non-SNI clients to access name based virtual hosts.
+	#   Default: Off
+	#SSLStrictSNIVHostCheck On
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/mods-available/ssl.load

@@ -0,0 +1,2 @@
+# Depends: setenvif mime socache_shmcb
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/ports.conf

@@ -0,0 +1,15 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+
+<IfModule ssl_module>
+	Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-available/000-default.conf

@@ -0,0 +1,32 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerName ip-172-30-0-17
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-available/default-ssl.conf

@@ -0,0 +1,136 @@
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerAdmin webmaster@localhost
+
+		DocumentRoot /var/www/html
+
+		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+		# error, crit, alert, emerg.
+		# It is also possible to configure the loglevel for particular
+		# modules, e.g.
+		#LogLevel info ssl:warn
+
+		ErrorLog ${APACHE_LOG_DIR}/error.log
+		CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+		# For most configuration files from conf-available/, which are
+		# enabled or disabled at a global level, it is possible to
+		# include a line for only one particular virtual host. For example the
+		# following line enables the CGI configuration for this host only
+		# after it has been globally disabled with "a2disconf".
+		#Include conf-available/serve-cgi-bin.conf
+
+		#   SSL Engine Switch:
+		#   Enable/Disable SSL for this virtual host.
+		SSLEngine on
+
+		#   A self-signed (snakeoil) certificate can be created by installing
+		#   the ssl-cert package. See
+		#   /usr/share/doc/apache2/README.Debian.gz for more info.
+		#   If both key and certificate are stored in the same file, only the
+		#   SSLCertificateFile directive is needed.
+		SSLCertificateFile	/etc/apache2/certs/letsencrypt-cert_5.pem
+		SSLCertificateKeyFile /etc/apache2/ssl/key-letsencrypt_15.pem
+
+		#   Server Certificate Chain:
+		#   Point SSLCertificateChainFile at a file containing the
+		#   concatenation of PEM encoded CA certificates which form the
+		#   certificate chain for the server certificate. Alternatively
+		#   the referenced file can be the same as SSLCertificateFile
+		#   when the CA certificates are directly appended to the server
+		#   certificate for convinience.
+		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+		#   Certificate Authority (CA):
+		#   Set the CA certificate verification path where to find CA
+		#   certificates for client authentication or alternatively one
+		#   huge file containing all of them (file must be PEM encoded)
+		#   Note: Inside SSLCACertificatePath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCACertificatePath /etc/ssl/certs/
+		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+		#   Certificate Revocation Lists (CRL):
+		#   Set the CA revocation path where to find CA CRLs for client
+		#   authentication or alternatively one huge file containing all
+		#   of them (file must be PEM encoded)
+		#   Note: Inside SSLCARevocationPath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCARevocationPath /etc/apache2/ssl.crl/
+		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+		#   Client Authentication (Type):
+		#   Client certificate verification type and depth.  Types are
+		#   none, optional, require and optional_no_ca.  Depth is a
+		#   number which specifies how deeply to verify the certificate
+		#   issuer chain before deciding the certificate is not valid.
+		#SSLVerifyClient require
+		#SSLVerifyDepth  10
+
+		#   SSL Engine Options:
+		#   Set various options for the SSL engine.
+		#   o FakeBasicAuth:
+		#	 Translate the client X.509 into a Basic Authorisation.  This means that
+		#	 the standard Auth/DBMAuth methods can be used for access control.  The
+		#	 user name is the `one line' version of the client's X.509 certificate.
+		#	 Note that no password is obtained from the user. Every entry in the user
+		#	 file needs this password: `xxj31ZMTZzkVA'.
+		#   o ExportCertData:
+		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
+		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+		#	 server (always existing) and the client (only existing when client
+		#	 authentication is used). This can be used to import the certificates
+		#	 into CGI scripts.
+		#   o StdEnvVars:
+		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
+		#	 Per default this exportation is switched off for performance reasons,
+		#	 because the extraction step is an expensive operation and is usually
+		#	 useless for serving static content. So one usually enables the
+		#	 exportation for CGI and SSI requests only.
+		#   o OptRenegotiate:
+		#	 This enables optimized SSL connection renegotiation handling when SSL
+		#	 directives are used in per-directory context.
+		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+		<FilesMatch "\.(cgi|shtml|phtml|php)$">
+				SSLOptions +StdEnvVars
+		</FilesMatch>
+		<Directory /usr/lib/cgi-bin>
+				SSLOptions +StdEnvVars
+		</Directory>
+
+		#   SSL Protocol Adjustments:
+		#   The safe and default but still SSL/TLS standard compliant shutdown
+		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+		#   the close notify alert from client. When you need a different shutdown
+		#   approach you can use one of the following variables:
+		#   o ssl-unclean-shutdown:
+		#	 This forces an unclean shutdown when the connection is closed, i.e. no
+		#	 SSL close notify alert is send or allowed to received.  This violates
+		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
+		#	 this when you receive I/O errors because of the standard approach where
+		#	 mod_ssl sends the close notify alert.
+		#   o ssl-accurate-shutdown:
+		#	 This forces an accurate shutdown when the connection is closed, i.e. a
+		#	 SSL close notify alert is send and mod_ssl waits for the close notify
+		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
+		#	 practice often causes hanging connections with brain-dead browsers. Use
+		#	 this only for browsers where you know that their SSL implementation
+		#	 works correctly.
+		#   Notice: Most problems of broken clients are also related to the HTTP
+		#   keep-alive facility, so you usually additionally want to disable
+		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+		#   "force-response-1.0" for this.
+		BrowserMatch "MSIE [2-6]" \
+				nokeepalive ssl-unclean-shutdown \
+				downgrade-1.0 force-response-1.0
+		# MSIE 7 and newer should be able to use keepalive
+		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-available/encryption-example.conf

@@ -0,0 +1,42 @@
+<VirtualHost *:80>
+	      ServerName encryption-example.demo
+	      ServerAdmin webmaster@localhost
+
+	      DocumentRoot /var/www-encryption-example/static/
+	      <Directory />
+	      Options FollowSymLinks
+	      AllowOverride None
+	      </Directory>
+	      <Directory /var/www/>
+	      Options Indexes FollowSymLinks MultiViews
+	      AllowOverride None
+	      Order allow,deny
+	      allow from all
+	      </Directory>
+
+	      ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+	      <Directory "/usr/lib/cgi-bin">
+	      AllowOverride None
+	      Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	      Order allow,deny
+	      Allow from all
+	      </Directory>
+
+	      ErrorLog ${APACHE_LOG_DIR}/error.log
+
+	      # Possible values include: debug, info, notice, warn, error, crit,
+	      # alert, emerg.
+	      LogLevel warn
+
+	      CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    Alias /doc/ "/usr/share/doc/"
+    <Directory "/usr/share/doc/">
+        Options Indexes MultiViews FollowSymLinks
+        AllowOverride None
+        Order deny,allow
+        Deny from all
+	      Allow from 127.0.0.0/255.0.0.0 ::1/128
+    </Directory>
+
+</VirtualHost>

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-available/letsencrypt.conf

@@ -0,0 +1,42 @@
+<VirtualHost *:80>
+ServerName letsencrypt.demo
+ServerAdmin webmaster@localhost
+
+DocumentRoot /var/www-letsencrypt-reworld/static/
+<Directory />
+Options FollowSymLinks
+AllowOverride None
+</Directory>
+<Directory /var/www/>
+Options Indexes FollowSymLinks MultiViews
+AllowOverride None
+Order allow,deny
+allow from all
+</Directory>
+
+ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+<Directory "/usr/lib/cgi-bin">
+AllowOverride None
+Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+Order allow,deny
+Allow from all
+</Directory>
+
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+
+CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+Alias /doc/ "/usr/share/doc/"
+<Directory "/usr/share/doc/">
+Options Indexes MultiViews FollowSymLinks
+AllowOverride None
+Order deny,allow
+Deny from all
+Allow from 127.0.0.0/255.0.0.0 ::1/128
+</Directory>
+
+</VirtualHost>

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-enabled/000-default.conf

@@ -0,0 +1 @@
+../sites-available/000-default.conf

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-enabled/encryption-example.conf

@@ -0,0 +1 @@
+../sites-available/encryption-example.conf

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/apache2/sites-enabled/letsencrypt.conf

@@ -0,0 +1 @@
+../sites-available/letsencrypt.conf

letsencrypt/client/tests/debian_apache_2_4/two_vhost_80/sites

@@ -0,0 +1,2 @@
+sites-available/letsencrypt.conf, letencrypt.demo
+sites-available/encryption-example.conf, encryption-example.demo