tests fix checkpoint.

Author: alexmv

ci/certbot/compose.yaml

@@ -15,6 +15,11 @@ services:
       - ./ci/certbot/post-setup.d/:/data/post-setup.d/
     extra_hosts:
       - "zulip.example.net:172.28.5.100"
+    # We override the port mapping, because port 25 is not available in CI.
+    ports: !override
+      - "2525:25"
+      - "80:80"
+      - "443:443"
 
   database:
     networks: [zulip-backend]

ci/certbot/test.sh

@@ -36,7 +36,8 @@ if [ "${success}" = "0" ]; then
 fi
 
 ## SMTP also has the same cert
-echo | openssl s_client -showcerts -servername zulip.example.net -connect localhost:25 -starttls smtp \
+echo "EHLO localhost" | nc localhost 2525
+echo | openssl s_client -showcerts -servername zulip.example.net -connect localhost:2525 -starttls smtp \
     | openssl x509 -text -noout \
     | tee cert.pem
 if ! grep -E "Issuer: CN\s*=\s*Pebble Intermediate CA" cert.pem; then
@@ -47,14 +48,15 @@ fi
 ## Test renewing -- this should generate and deploy a new certificate
 serial=$(grep "Serial Number:" cert.pem)
 "${docker[@]:?}" exec zulip /usr/bin/certbot renew --force-renew --non-interactive --debug
+"${docker[@]:?}" exec zulip cat /var/log/letsencrypt/letsencrypt.log
 getcert | tee cert.pem
 newserial=$(grep "Serial Number:" cert.pem)
 if [ "${newserial}" = "${serial}" ]; then
     echo "Failed to renew -- same serial number?"
     exit 1
 fi
 
-echo | openssl s_client -showcerts -servername zulip.example.net -connect localhost:25 -starttls smtp \
+echo | openssl s_client -showcerts -servername zulip.example.net -connect localhost:2525 -starttls smtp \
     | openssl x509 -text -noout \
     | tee cert.pem
 smtpserial=$(grep "Serial Number:" cert.pem)