Disable ssl.com staging unit tests

The ssl.com staging server's certificate seems to be unmonitored,
causing the acme4j build chain to break from time to time when their
certificate has expired. As this is blocking development, I have
decided to disable all related unit tests, and add a corresponding
note to the documentation.

The acme4j ssl.com provider is marked as experimental now, since it
is not fully covered by unit tests anymore.

acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java

@@ -19,6 +19,7 @@ import static org.assertj.core.api.Assertions.assertThatNoException;
 import java.net.MalformedURLException;
 import java.net.URL;
 
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.shredzone.acme4j.Session;
 import org.shredzone.acme4j.connector.Resource;
@@ -67,7 +68,7 @@ public class ProviderIT {
     }
 
     /**
-     * Test ssl.com
+     * Test ssl.com, production
      */
     @Test
     public void testSslCom() throws AcmeException, MalformedURLException {
@@ -83,6 +84,18 @@ public class ProviderIT {
         assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isTrue();
         assertThat(sessionRsa.getMetadata().isAutoRenewalEnabled()).isFalse();
 
+        // If this test fails, the metadata has been fixed on server side. Then remove
+        // the patch at ZeroSSLAcmeProvider, and update the documentation.
+        var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc");
+        assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse();
+    }
+
+    /**
+     * Test ssl.com, staging server
+     */
+    @Test
+    @Disabled("Instable due to frequent certificate expiration of acme-try.ssl.com")
+    public void testSslComStaging() throws AcmeException, MalformedURLException {
         var sessionEccStage = new Session("acme://ssl.com/staging/ecc");
         assertThat(sessionEccStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
         assertThatNoException().isThrownBy(() -> sessionEccStage.resourceUrl(Resource.NEW_ACCOUNT));
@@ -95,10 +108,8 @@ public class ProviderIT {
         assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isTrue();
         assertThat(sessionRsaStage.getMetadata().isAutoRenewalEnabled()).isFalse();
 
-        // If these tests fail, the metadata have been fixed on server side. Then remove
+        // If this test fails, the metadata has been fixed on server side. Then remove
         // the patch at ZeroSSLAcmeProvider, and update the documentation.
-        var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc");
-        assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse();
         var sessionEABCheckStage = new Session("https://acme-try.ssl.com/sslcom-dv-ecc");
         assertThat(sessionEABCheckStage.getMetadata().isExternalAccountRequired()).isFalse();
     }

pom.xml

@@ -55,6 +55,7 @@
         <httpclient.version>4.5.14</httpclient.version>
         <jakarta.mail.version>2.0.1</jakarta.mail.version>
         <jose4j.version>0.9.6</jose4j.version>
+        <junit.version>5.10.2</junit.version>
         <slf4j.version>2.0.13</slf4j.version>
         <project.build.sourceEncoding>utf-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>utf-8</project.reporting.outputEncoding>
@@ -189,13 +190,19 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.10.2</version>
+            <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.10.2</version>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

src/doc/docs/ca/sslcom.md

@@ -2,7 +2,7 @@
 
 Web site: [SSL.com](https://ssl.com)
 
-Available since acme4j 3.2.0
+Available since acme4j 3.2.0. **This provider is experimental!**
 
 ## Connection URIs
 
@@ -14,6 +14,7 @@ Available since acme4j 3.2.0
 ## Note
 
 * This CA requires [External Account Binding (EAB)](../usage/account.md#external-account-binding) for account creation. However, the CA's directory resource returns `externalAccountRequired` as `false`, which is incorrect. If you use one of the `acme:` URIs above, _acme4j_ will patch the metadata transparently. If you directly connect to SSL.com via `https:` URI though, `Metadata.isExternalAccountRequired()` could return a wrong value. (As of February 2024)
+* The certificate of the ssl.com staging server seems to be unmonitored. When it expires, an `AcmeNetworkException` is thrown which is caused by a `CertificateExpiredException`. There is nothing you can do to fix this error, except to ask the ssl.com support to renew the expired certificate on their server. **Please do not open an issue at acme4j.** (As of June 2024)
 
 ## Disclaimer