tests: use better test domains (#2603)

2026-03-14 14:35:48 +01:00 · 2025-07-28 09:26:40 +02:00 · 2025-07-28 09:26:40 +02:00 · b4ddc1e5e2
commit b4ddc1e5e2
parent 605d49d500
8 changed files with 140 additions and 101 deletions
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@ -59,14 +59,6 @@ jobs:
      - name: Set up a Memcached server
        uses: niden/actions-memcached@v7

-      - name: Setup /etc/hosts
-        run: |
-          echo "127.0.0.1 acme.wtf" | sudo tee -a /etc/hosts
-          echo "127.0.0.1 lego.wtf" | sudo tee -a /etc/hosts
-          echo "127.0.0.1 acme.lego.wtf" | sudo tee -a /etc/hosts
-          echo "127.0.0.1 légô.wtf" | sudo tee -a /etc/hosts
-          echo "127.0.0.1 xn--lg-bja9b.wtf" | sudo tee -a /etc/hosts
-
      - name: Make
        run: |
          make
--- a/certcrypto/crypto_test.go
+++ b/certcrypto/crypto_test.go
@ -13,6 +13,13 @@ import (
 	"github.com/stretchr/testify/require"
 )

+const (
+	testDomain1 = "lego.example"
+	testDomain2 = "a.lego.example"
+	testDomain3 = "b.lego.example"
+	testDomain4 = "c.lego.example"
+)
+
 func TestGeneratePrivateKey(t *testing.T) {
 	key, err := GeneratePrivateKey(RSA2048)
 	require.NoError(t, err, "Error generating private key")
@ -39,30 +46,30 @@ func TestGenerateCSR(t *testing.T) {
 			desc:       "without SAN (nil)",
 			privateKey: privateKey,
 			opts: CSROptions{
-				Domain:     "lego.acme",
+				Domain:     testDomain1,
 				MustStaple: true,
 			},
-			expected: expected{len: 379},
+			expected: expected{len: 382},
 		},
 		{
 			desc:       "without SAN (empty)",
 			privateKey: privateKey,
 			opts: CSROptions{
-				Domain:     "lego.acme",
+				Domain:     testDomain1,
 				SAN:        []string{},
 				MustStaple: true,
 			},
-			expected: expected{len: 379},
+			expected: expected{len: 382},
 		},
 		{
 			desc:       "with SAN",
 			privateKey: privateKey,
 			opts: CSROptions{
-				Domain:     "lego.acme",
-				SAN:        []string{"a.lego.acme", "b.lego.acme", "c.lego.acme"},
+				Domain:     testDomain1,
+				SAN:        []string{testDomain2, testDomain3, testDomain4},
 				MustStaple: true,
 			},
-			expected: expected{len: 430},
+			expected: expected{len: 442},
 		},
 		{
 			desc:       "no domain",
@ -78,16 +85,16 @@ func TestGenerateCSR(t *testing.T) {
 			privateKey: privateKey,
 			opts: CSROptions{
 				Domain:     "",
-				SAN:        []string{"a.lego.acme", "b.lego.acme", "c.lego.acme"},
+				SAN:        []string{testDomain2, testDomain3, testDomain4},
 				MustStaple: true,
 			},
-			expected: expected{len: 409},
+			expected: expected{len: 419},
 		},
 		{
 			desc:       "private key nil",
 			privateKey: nil,
 			opts: CSROptions{
-				Domain:     "fizz.buzz",
+				Domain:     testDomain1,
 				MustStaple: true,
 			},
 			expected: expected{error: true},
--- a/challenge/dns01/nameserver_test.go
+++ b/challenge/dns01/nameserver_test.go
@ -52,7 +52,7 @@ func TestLookupNameserversErr(t *testing.T) {
 	}{
 		{
 			desc:  "invalid tld",
-			fqdn:  "_null.n0n0.",
+			fqdn:  "example.invalid.",
 			error: "could not find zone",
 		},
 	}
@ -106,10 +106,10 @@ var findXByFqdnTestCases = []struct {
 	},
 	{
 		desc:          "NXDOMAIN",
-		fqdn:          "test.lego.zz.",
-		zone:          "lego.zz.",
+		fqdn:          "test.lego.invalid.",
+		zone:          "lego.invalid.",
 		nameservers:   []string{"8.8.8.8:53"},
-		expectedError: "[fqdn=test.lego.zz.] could not find the start of authority for 'test.lego.zz.' [question='zz. IN  SOA', code=NXDOMAIN]",
+		expectedError: `[fqdn=test.lego.invalid.] could not find the start of authority for 'test.lego.invalid.' [question='invalid. IN  SOA', code=NXDOMAIN]`,
 	},
 	{
 		desc:        "several non existent nameservers",
@ -128,10 +128,10 @@ var findXByFqdnTestCases = []struct {
 	},
 	{
 		desc:          "no nameservers",
-		fqdn:          "test.ldez.com.",
-		zone:          "ldez.com.",
+		fqdn:          "test.example.com.",
+		zone:          "example.com.",
 		nameservers:   []string{},
-		expectedError: "[fqdn=test.ldez.com.] could not find the start of authority for 'test.ldez.com.': empty list of nameservers",
+		expectedError: "[fqdn=test.example.com.] could not find the start of authority for 'test.example.com.': empty list of nameservers",
 	},
 }

--- a/e2e/challenges_test.go
+++ b/e2e/challenges_test.go
@ -5,8 +5,10 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"os"
+	"path/filepath"
 	"testing"
 	"time"

@ -21,6 +23,18 @@ import (
 	"github.com/stretchr/testify/require"
 )

+const (
+	testDomain1 = "acme.localhost"
+	testDomain2 = "lego.localhost"
+	testDomain3 = "acme.lego.localhost"
+	testDomain4 = "légô.localhost"
+)
+
+const (
+	testEmail1 = "lego@example.com"
+	testEmail2 = "acme@example.com"
+)
+
 var load = loader.EnvLoader{
 	PebbleOptions: &loader.CmdOption{
 		HealthCheckURL: "https://localhost:14000/dir",
@ -51,10 +65,10 @@ func TestChallengeHTTP_Run(t *testing.T) {
 	loader.CleanLegoFiles()

 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "acme.wtf",
+		"-d", testDomain1,
 		"--http",
 		"--http.port", ":5002",
 		"run")
@ -67,10 +81,10 @@ func TestChallengeTLS_Run_Domains(t *testing.T) {
 	loader.CleanLegoFiles()

 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "acme.wtf",
+		"-d", testDomain1,
 		"--tls",
 		"--tls.port", ":5001",
 		"run")
@ -83,7 +97,7 @@ func TestChallengeTLS_Run_IP(t *testing.T) {
 	loader.CleanLegoFiles()

 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
 		"-d", "127.0.0.1",
@ -98,11 +112,13 @@ func TestChallengeTLS_Run_IP(t *testing.T) {
 func TestChallengeTLS_Run_CSR(t *testing.T) {
 	loader.CleanLegoFiles()

+	csrPath := createTestCSRFile(t, true)
+
 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-csr", "./fixtures/csr.raw",
+		"-csr", csrPath,
 		"--tls",
 		"--tls.port", ":5001",
 		"run")
@ -114,11 +130,13 @@ func TestChallengeTLS_Run_CSR(t *testing.T) {
 func TestChallengeTLS_Run_CSR_PEM(t *testing.T) {
 	loader.CleanLegoFiles()

+	csrPath := createTestCSRFile(t, false)
+
 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-csr", "./fixtures/csr.cert",
+		"-csr", csrPath,
 		"--tls",
 		"--tls.port", ":5001",
 		"run")
@ -131,11 +149,11 @@ func TestChallengeTLS_Run_Revoke(t *testing.T) {
 	loader.CleanLegoFiles()

 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "lego.wtf",
-		"-d", "acme.lego.wtf",
+		"-d", testDomain2,
+		"-d", testDomain3,
 		"--tls",
 		"--tls.port", ":5001",
 		"run")
@ -144,10 +162,10 @@ func TestChallengeTLS_Run_Revoke(t *testing.T) {
 	}

 	err = load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "lego.wtf",
+		"-d", testDomain2,
 		"--tls",
 		"--tls.port", ":5001",
 		"revoke")
@ -160,10 +178,10 @@ func TestChallengeTLS_Run_Revoke_Non_ASCII(t *testing.T) {
 	loader.CleanLegoFiles()

 	err := load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "légô.wtf",
+		"-d", testDomain4,
 		"--tls",
 		"--tls.port", ":5001",
 		"run")
@ -172,10 +190,10 @@ func TestChallengeTLS_Run_Revoke_Non_ASCII(t *testing.T) {
 	}

 	err = load.RunLego(
-		"-m", "hubert@hubert.com",
+		"-m", testEmail1,
 		"--accept-tos",
 		"-s", "https://localhost:14000/dir",
-		"-d", "légô.wtf",
+		"-d", testDomain4,
 		"--tls",
 		"--tls.port", ":5001",
 		"revoke")
@ -207,14 +225,14 @@ func TestChallengeHTTP_Client_Obtain(t *testing.T) {
 	user.registration = reg

 	request := certificate.ObtainRequest{
-		Domains: []string{"acme.wtf"},
+		Domains: []string{testDomain1},
 		Bundle:  true,
 	}
 	resource, err := client.Certificate.Obtain(request)
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -245,7 +263,7 @@ func TestChallengeHTTP_Client_Obtain_profile(t *testing.T) {
 	user.registration = reg

 	request := certificate.ObtainRequest{
-		Domains: []string{"acme.wtf"},
+		Domains: []string{testDomain1},
 		Bundle:  true,
 		Profile: "shortlived",
 	}
@ -253,7 +271,7 @@ func TestChallengeHTTP_Client_Obtain_profile(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -284,15 +302,15 @@ func TestChallengeHTTP_Client_Obtain_emails_csr(t *testing.T) {
 	user.registration = reg

 	request := certificate.ObtainRequest{
-		Domains:        []string{"acme.wtf"},
+		Domains:        []string{testDomain1},
 		Bundle:         true,
-		EmailAddresses: []string{"foo@example.com"},
+		EmailAddresses: []string{testEmail1},
 	}
 	resource, err := client.Certificate.Obtain(request)
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -325,7 +343,7 @@ func TestChallengeHTTP_Client_Obtain_notBefore_notAfter(t *testing.T) {
 	now := time.Now().UTC()

 	request := certificate.ObtainRequest{
-		Domains:   []string{"acme.wtf"},
+		Domains:   []string{testDomain1},
 		NotBefore: now.Add(1 * time.Hour),
 		NotAfter:  now.Add(2 * time.Hour),
 		Bundle:    true,
@ -334,7 +352,7 @@ func TestChallengeHTTP_Client_Obtain_notBefore_notAfter(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -406,7 +424,7 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
 	require.NoError(t, err, "Could not generate test key")

 	request := certificate.ObtainRequest{
-		Domains:    []string{"acme.wtf"},
+		Domains:    []string{testDomain1},
 		Bundle:     true,
 		PrivateKey: privateKeyCSR,
 	}
@ -414,7 +432,7 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -444,10 +462,7 @@ func TestChallengeTLS_Client_ObtainForCSR(t *testing.T) {
 	require.NoError(t, err)
 	user.registration = reg

-	csrRaw, err := os.ReadFile("./fixtures/csr.raw")
-	require.NoError(t, err)
-
-	csr, err := x509.ParseCertificateRequest(csrRaw)
+	csr, err := x509.ParseCertificateRequest(createTestCSR(t))
 	require.NoError(t, err)

 	resource, err := client.Certificate.ObtainForCSR(certificate.ObtainForCSRRequest{
@ -457,7 +472,7 @@ func TestChallengeTLS_Client_ObtainForCSR(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -487,10 +502,7 @@ func TestChallengeTLS_Client_ObtainForCSR_profile(t *testing.T) {
 	require.NoError(t, err)
 	user.registration = reg

-	csrRaw, err := os.ReadFile("./fixtures/csr.raw")
-	require.NoError(t, err)
-
-	csr, err := x509.ParseCertificateRequest(csrRaw)
+	csr, err := x509.ParseCertificateRequest(createTestCSR(t))
 	require.NoError(t, err)

 	resource, err := client.Certificate.ObtainForCSR(certificate.ObtainForCSRRequest{
@ -501,7 +513,7 @@ func TestChallengeTLS_Client_ObtainForCSR_profile(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "acme.wtf", resource.Domain)
+	assert.Equal(t, testDomain1, resource.Domain)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -519,7 +531,7 @@ func TestRegistrar_UpdateAccount(t *testing.T) {

 	user := &fakeUser{
 		privateKey: privateKey,
-		email:      "foo@example.com",
+		email:      testEmail1,
 	}
 	config := lego.NewConfig(user)
 	config.CADirURL = load.PebbleOptions.HealthCheckURL
@ -530,13 +542,13 @@ func TestRegistrar_UpdateAccount(t *testing.T) {
 	regOptions := registration.RegisterOptions{TermsOfServiceAgreed: true}
 	reg, err := client.Registration.Register(regOptions)
 	require.NoError(t, err)
-	require.Equal(t, []string{"mailto:foo@example.com"}, reg.Body.Contact)
+	require.Equal(t, []string{"mailto:" + testEmail1}, reg.Body.Contact)
 	user.registration = reg

-	user.email = "bar@example.com"
+	user.email = testEmail2
 	resource, err := client.Registration.UpdateRegistration(regOptions)
 	require.NoError(t, err)
-	require.Equal(t, []string{"mailto:bar@example.com"}, resource.Body.Contact)
+	require.Equal(t, []string{"mailto:" + testEmail2}, resource.Body.Contact)
 	require.Equal(t, reg.URI, resource.URI)
 }

@ -549,3 +561,53 @@ type fakeUser struct {
 func (f *fakeUser) GetEmail() string                        { return f.email }
 func (f *fakeUser) GetRegistration() *registration.Resource { return f.registration }
 func (f *fakeUser) GetPrivateKey() crypto.PrivateKey        { return f.privateKey }
+
+func createTestCSRFile(t *testing.T, raw bool) string {
+	t.Helper()
+
+	csr := createTestCSR(t)
+
+	if raw {
+		filename := filepath.Join(t.TempDir(), "csr.raw")
+
+		fileRaw, err := os.Create(filename)
+		require.NoError(t, err)
+
+		defer fileRaw.Close()
+
+		_, err = fileRaw.Write(csr)
+		require.NoError(t, err)
+
+		return filename
+	}
+
+	filename := filepath.Join(t.TempDir(), "csr.cert")
+
+	file, err := os.Create(filename)
+	require.NoError(t, err)
+
+	defer file.Close()
+
+	_, err = file.Write(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csr}))
+	require.NoError(t, err)
+
+	return filename
+}
+
+func createTestCSR(t *testing.T) []byte {
+	t.Helper()
+
+	privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
+	require.NoError(t, err)
+
+	csr, err := certcrypto.CreateCSR(privateKey, certcrypto.CSROptions{
+		Domain: testDomain1,
+		SAN: []string{
+			testDomain1,
+			testDomain2,
+		},
+	})
+	require.NoError(t, err)
+
+	return csr
+}
--- a/e2e/dnschallenge/dns_challenges_test.go
+++ b/e2e/dnschallenge/dns_challenges_test.go
@ -18,6 +18,11 @@ import (
 	"github.com/stretchr/testify/require"
 )

+const (
+	testDomain1 = "légo.localhost"
+	testDomain2 = "*.légo.localhost"
+)
+
 var load = loader.EnvLoader{
 	PebbleOptions: &loader.CmdOption{
 		HealthCheckURL: "https://localhost:15000/dir",
@ -59,8 +64,8 @@ func TestChallengeDNS_Run(t *testing.T) {
 		"--dns.resolvers", ":8053",
 		"--dns.disable-cp",
 		"-s", "https://localhost:15000/dir",
-		"-d", "*.légo.acme",
-		"-d", "légo.acme",
+		"-d", testDomain2,
+		"-d", testDomain1,
 		"run")
 	if err != nil {
 		t.Fatal(err)
@ -98,7 +103,7 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {
 	require.NoError(t, err)
 	user.registration = reg

-	domains := []string{"*.légo.acme", "légo.acme"}
+	domains := []string{testDomain2, testDomain1}

 	// https://github.com/letsencrypt/pebble/issues/285
 	privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
@ -113,7 +118,7 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "*.xn--lgo-bma.acme", resource.Domain)
+	assert.Equal(t, "*.xn--lgo-bma.localhost", resource.Domain)
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
@ -152,7 +157,7 @@ func TestChallengeDNS_Client_Obtain_profile(t *testing.T) {
 	require.NoError(t, err)
 	user.registration = reg

-	domains := []string{"*.légo.acme", "légo.acme"}
+	domains := []string{testDomain2, testDomain1}

 	// https://github.com/letsencrypt/pebble/issues/285
 	privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
@ -168,7 +173,7 @@ func TestChallengeDNS_Client_Obtain_profile(t *testing.T) {
 	require.NoError(t, err)

 	require.NotNil(t, resource)
-	assert.Equal(t, "*.xn--lgo-bma.acme", resource.Domain)
+	assert.Equal(t, "*.xn--lgo-bma.localhost", resource.Domain)
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertURL)
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
--- a/e2e/fixtures/csr.cert
+++ b/e2e/fixtures/csr.cert
@ -1,16 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICfjCCAWYCAQAwEzERMA8GA1UEAxMIYWNtZS53dGYwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDAhXnho1w9OPHWs4YSMahYbG4Ui1K6hsHytBZfhsz0
-09igSWzHMEFZYHZJVuSr60enuJSZRhgwDjfhQWSUgHgKItLPnlNVYM6RhVaW0WfT
-w6CpmE2AuH3WuQbrR2he1Nt0xfUJla+VWOFZuW7GhgBiV5iWBvdLv6Ztgh8eATjo
-2vG2R+KuSUzrm6h+sb3nUR28OYunZ3vESjNwnL3/D/1th2rFpe3EA3em1HArJdXN
-F4eclciun5Js17AS9tdoHEEZMMBWyViiuz3CQlh+YD2qAvqaubanWNa+r+iijMvd
-4HlDHC99LTk6TJoSKoL+E/OGKmntLqmBJ1UrCFgvnw3DAgMBAAGgJjAkBgkqhkiG
-9w0BCQ4xFzAVMBMGA1UdEQQMMAqCCGFjbWUud3RmMA0GCSqGSIb3DQEBCwUAA4IB
-AQAfBLR8njftxf15V49szNsgNaG7Y5UQFwgl8pyiIaanGvX1DE0BtU1RB/w7itzX
-wW5W/wjielEbs1XkI2uz3hkebvHVA1QpA7bbrX01WonS18xCkiRDj8ZqFEG4vEGa
-HswzGUfq2v0gCOIPpVGE+8Q2Y7In5zwEfev+5DkHox4/vgwMhyPMI+y7jKtdG/dV
-U58SFnt/F1raoSmR6vfDcAFXm/L8LXEkxqqefFbhiRHRqQar1Wr15BH//swmNzEW
-5SVCCHcyIqreSua8uPjBcJ8aYVLniX6DMRyYv4ij/PSvSQy9xJDewLqR235WfTd/
-tk4hhJaqizKDpsvB+UFod5o5
-----END CERTIFICATE REQUEST-----
--- a/e2e/fixtures/csr.raw
+++ b/e2e/fixtures/csr.raw
--- a/e2e/readme.md
+++ b/e2e/readme.md
@ -1,16 +1,5 @@
 # E2E tests

-How to run:
-
- Add the following entries to your `/etc/hosts`:
-```
-127.0.0.1	acme.wtf
-127.0.0.1	lego.wtf
-127.0.0.1	acme.lego.wtf
-127.0.0.1	légô.wtf
-127.0.0.1	xn--lg-bja9b.wtf
-```
-
 - Install [Pebble](https://github.com/letsencrypt/pebble):
 ```bash
 go install github.com/letsencrypt/pebble/v2/cmd/pebble@main