Current CI caches DKIM and ACME setup, so we don't really test them. With #886, we would only test self-signed certs in the CI; but the code path of getting ACME + DKIM keys is not tested currently.
A good way to do that would be nightly tests, running on some internal host:
- get VPSs from Hetzner via https://github.com/chatmail/hetzner-relay
- deploy current main branch on two VPSs, once with cmdeploy, once with docker, maybe another one with madmail
- use a new domain every time; with the correct SSH key, hetzner-relay can set DNS records on ns.testrun.org.
- run chatmail tests with those VPSs, use each other as
CHATMAIL_DOMAIN2
- run core tests with those VPSs, use each other as
CHATMAIL_DOMAIN2
We need to be careful not to run into one of Let's Encrypt's limits: https://letsencrypt.org/docs/rate-limits/, maybe 3 times a week is better, e.g. Tuesday, Wednesday, and Thursday night.
Current CI caches DKIM and ACME setup, so we don't really test them. With #886, we would only test self-signed certs in the CI; but the code path of getting ACME + DKIM keys is not tested currently.
A good way to do that would be nightly tests, running on some internal host:
CHATMAIL_DOMAIN2CHATMAIL_DOMAIN2We need to be careful not to run into one of Let's Encrypt's limits: https://letsencrypt.org/docs/rate-limits/, maybe 3 times a week is better, e.g. Tuesday, Wednesday, and Thursday night.