From 56a4bb86015677f3d1ffd593671b1d25fd7adf73 Mon Sep 17 00:00:00 2001
From: Nicolas Duchon <nicolas.duchon@gmail.com>
Date: Sun, 8 Dec 2024 20:05:42 +0100
Subject: [PATCH] tests: supplemental test for certificate selection

---
 .../cert_selection/nginx-proxy.tld.crt        | 77 +++++++++++++++++++
 .../cert_selection/nginx-proxy.tld.key        | 28 +++++++
 .../cert_selection/web1.nginx-proxy.tld.crt   | 77 +++++++++++++++++++
 .../cert_selection/web1.nginx-proxy.tld.key   | 28 +++++++
 test/test_ssl/test_cert_selection.py          | 10 +--
 test/test_ssl/test_cert_selection.yml         | 28 +++----
 6 files changed, 229 insertions(+), 19 deletions(-)
 create mode 100644 test/test_ssl/cert_selection/nginx-proxy.tld.crt
 create mode 100644 test/test_ssl/cert_selection/nginx-proxy.tld.key
 create mode 100644 test/test_ssl/cert_selection/web1.nginx-proxy.tld.crt
 create mode 100644 test/test_ssl/cert_selection/web1.nginx-proxy.tld.key

diff --git a/test/test_ssl/cert_selection/nginx-proxy.tld.crt b/test/test_ssl/cert_selection/nginx-proxy.tld.crt
new file mode 100644
index 0000000..228b6dc
--- /dev/null
+++ b/test/test_ssl/cert_selection/nginx-proxy.tld.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4096 (0x1000)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
+        Validity
+            Not Before: Dec  8 19:41:13 2024 GMT
+            Not After : Apr 25 19:41:13 2052 GMT
+        Subject: CN=nginx-proxy.tld
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:ba:fc:be:dc:b4:94:57:9f:87:07:75:d3:da:
+                    15:4d:7a:7e:01:43:05:0f:84:73:f2:69:74:41:ac:
+                    e2:d1:9c:c6:56:e6:ad:fb:b7:b6:a6:d2:94:f1:68:
+                    52:c7:09:b6:19:ef:5b:68:60:ae:77:87:6e:62:b6:
+                    5d:b6:aa:a5:8e:01:a7:8c:39:24:e0:c1:4f:29:90:
+                    53:c8:3c:5b:b3:a4:f1:ed:56:33:ed:9c:69:1a:51:
+                    60:6f:a0:b9:57:22:73:8a:78:fe:e2:7e:f2:ac:e4:
+                    78:4c:9c:65:4b:db:f9:29:ba:59:8c:de:b3:56:80:
+                    14:5b:05:e1:0e:f0:dc:ac:19:9c:76:f8:77:5e:a8:
+                    37:2c:75:79:8d:9f:37:2b:22:30:98:ce:6e:9e:b6:
+                    27:68:e9:f5:23:54:38:3b:7d:3a:d1:34:02:3f:dd:
+                    86:c7:07:22:81:ec:f3:e2:53:18:96:50:3e:2b:66:
+                    07:b4:9d:2b:bd:95:16:f6:6b:96:a3:0a:ec:13:42:
+                    03:82:d2:07:95:77:1c:57:ab:3d:ad:21:8e:85:d8:
+                    78:96:55:bd:a3:30:33:fe:8b:45:31:ff:53:82:f1:
+                    2a:da:87:4e:89:10:d4:81:9e:bd:3d:10:4e:ba:6d:
+                    07:f5:f0:e2:14:33:10:2a:a5:8c:46:c1:06:4d:35:
+                    d9:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:nginx-proxy.tld, DNS:*.nginx-proxy.tld
+            X509v3 Subject Key Identifier: 
+                FD:F3:7F:43:D7:67:61:02:8A:DF:71:BD:BA:92:2D:BC:72:ED:B7:0A
+            X509v3 Authority Key Identifier: 
+                24:BE:7D:A4:7A:26:B7:EF:1D:50:DC:6F:F0:78:2B:62:32:9F:38:0F
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        9b:19:3b:42:3f:4d:a5:30:83:06:98:32:ed:f4:81:ff:14:76:
+        a4:aa:b7:dc:ef:d0:41:ee:64:2e:d1:ab:13:b3:76:c9:c8:46:
+        59:06:c5:0a:f9:aa:ea:89:e5:cc:0b:8f:6e:f8:4a:28:a0:63:
+        04:36:13:05:c4:98:e7:a1:16:88:ea:2b:8b:c8:95:d7:e4:50:
+        0f:b7:38:15:82:06:ee:1d:18:bc:91:5c:1f:a8:c2:88:ed:a4:
+        7e:5c:38:39:6c:ab:d3:4c:14:4d:ff:e0:de:f2:74:9b:e5:58:
+        a1:a7:47:e8:c3:79:36:e0:ff:83:6d:5b:87:43:83:ed:5c:ad:
+        e1:96:3d:7a:2d:a3:ff:f0:4b:32:57:d5:c0:3f:81:c2:69:86:
+        86:9e:e4:51:f4:49:9e:c5:78:a8:49:17:06:3f:26:53:11:6b:
+        88:c3:44:e3:b1:68:81:55:02:50:21:72:03:eb:0f:72:5c:04:
+        be:65:63:b0:9b:7b:7a:e1:ef:c1:da:cc:d6:5c:e0:ae:51:be:
+        9e:b3:9f:9a:aa:63:84:98:a8:b3:77:86:26:a8:24:c0:b8:10:
+        74:b4:f6:4f:53:6d:6b:77:f5:06:a0:b7:16:14:fa:94:47:49:
+        fa:7d:80:63:8c:0b:d3:f8:72:33:94:a0:b3:21:2c:a9:5b:2f:
+        d6:93:39:de
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
+bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
+ZDAgFw0yNDEyMDgxOTQxMTNaGA8yMDUyMDQyNTE5NDExM1owGjEYMBYGA1UEAwwP
+bmdpbngtcHJveHkudGxkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+u7r8vty0lFefhwd109oVTXp+AUMFD4Rz8ml0Qazi0ZzGVuat+7e2ptKU8WhSxwm2
+Ge9baGCud4duYrZdtqqljgGnjDkk4MFPKZBTyDxbs6Tx7VYz7ZxpGlFgb6C5VyJz
+inj+4n7yrOR4TJxlS9v5KbpZjN6zVoAUWwXhDvDcrBmcdvh3Xqg3LHV5jZ83KyIw
+mM5unrYnaOn1I1Q4O3060TQCP92Gxwcigezz4lMYllA+K2YHtJ0rvZUW9muWowrs
+E0IDgtIHlXccV6s9rSGOhdh4llW9ozAz/otFMf9TgvEq2odOiRDUgZ69PRBOum0H
+9fDiFDMQKqWMRsEGTTXZGQIDAQABo3EwbzAtBgNVHREEJjAkgg9uZ2lueC1wcm94
+eS50bGSCESoubmdpbngtcHJveHkudGxkMB0GA1UdDgQWBBT9839D12dhAorfcb26
+ki28cu23CjAfBgNVHSMEGDAWgBQkvn2keia37x1Q3G/weCtiMp84DzANBgkqhkiG
+9w0BAQsFAAOCAQEAmxk7Qj9NpTCDBpgy7fSB/xR2pKq33O/QQe5kLtGrE7N2ychG
+WQbFCvmq6onlzAuPbvhKKKBjBDYTBcSY56EWiOori8iV1+RQD7c4FYIG7h0YvJFc
+H6jCiO2kflw4OWyr00wUTf/g3vJ0m+VYoadH6MN5NuD/g21bh0OD7Vyt4ZY9ei2j
+//BLMlfVwD+BwmmGhp7kUfRJnsV4qEkXBj8mUxFriMNE47FogVUCUCFyA+sPclwE
+vmVjsJt7euHvwdrM1lzgrlG+nrOfmqpjhJios3eGJqgkwLgQdLT2T1Nta3f1BqC3
+FhT6lEdJ+n2AY4wL0/hyM5SgsyEsqVsv1pM53g==
+-----END CERTIFICATE-----
diff --git a/test/test_ssl/cert_selection/nginx-proxy.tld.key b/test/test_ssl/cert_selection/nginx-proxy.tld.key
new file mode 100644
index 0000000..776478c
--- /dev/null
+++ b/test/test_ssl/cert_selection/nginx-proxy.tld.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7uvy+3LSUV5+H
+B3XT2hVNen4BQwUPhHPyaXRBrOLRnMZW5q37t7am0pTxaFLHCbYZ71toYK53h25i
+tl22qqWOAaeMOSTgwU8pkFPIPFuzpPHtVjPtnGkaUWBvoLlXInOKeP7ifvKs5HhM
+nGVL2/kpulmM3rNWgBRbBeEO8NysGZx2+HdeqDcsdXmNnzcrIjCYzm6etido6fUj
+VDg7fTrRNAI/3YbHByKB7PPiUxiWUD4rZge0nSu9lRb2a5ajCuwTQgOC0geVdxxX
+qz2tIY6F2HiWVb2jMDP+i0Ux/1OC8Srah06JENSBnr09EE66bQf18OIUMxAqpYxG
+wQZNNdkZAgMBAAECggEAHhvUU4w0TiJrjI2OwUaV6hI+SVeFZUK6EeQF6E6hJjs9
+uExRFTEW01Ss3Lb9p7yP/0LbZzcyZCtNcfmLuDNQUCFFzQCRQJbgamsidNfxYTOQ
+NZ+Avpg6ZyUsEVs2vpng7BGR16PCqiYOgUMIIA2MvbuMh0JkgvgRy7N6sBnDWrqO
+f950DN1dmE1f+HNCx0Y0quwUf42ME4kio0gWodMx6cqtNJUMFmThUTtks/2t9qlV
+l9rbYfKRJen9MgZ9qYX5oMnnOU5tUvYb7ziayBVylGSbtx+2NpiouOKwujaBW3GH
+lnoGcfw63H6gJIh6AofQnzVAC2m9QqBbzHxqfJtZ8QKBgQDfGoiMX8k8Lbc+2FKj
+CBIpp6/Oe6hJIKwOKAswMf9fL/Ei3zKWrtlMwYxDovvGhIFIQSJ9KqFW6TfQ9m6i
+EGWbTL3jQfhT6x/LdOSI/aa+XqWVkiMdDAt+t7Zn91RA3uzIt6p/TAGFnItSznyy
+yt/Ranq79otmy2Wa4D6w309iFQKBgQDXaTmVO3tITq2pNow8+uzb+cvbA1Fj/dSu
+vBbvMlcEczDTRENcu7oB7fQphzRlYAflvQyW6pQfo0KstNv2G1yWJT7ukCkDGnaE
+j167fPw+/6QWlViEIsB6TIVHsGvOz+JPL//iHR0GJt9UC6E16SBEebvfUqId1LNz
+UOzKv7bP9QKBgH7bB2lJzZJ6LAd/2Pz6SdmFj2FIzpdGDI7AFhyBUUM+b030uz8S
+jFwocSjEM4TdMuVyo7mn07UnRqV6ec2MpTl4mT/u8tREjP+Sp599GqKEDoLNZUnO
+33pd20miSDXai6hVRoy7GuJt8IpU/nJrCHh6ou7dcMYyQMOfXgYT839BAoGBAKJo
+ODz2Wq2afD4e3T7ApMH5JKRcbQnpf2e6ccQn/Qli28X9KpiJBOWdhT+mK2/fJjUl
+Ao/qDoGH8qYJuelkmbquHDN7RyCK3B53haHvyrKoxQst0E3Xca0Dcl0pey6y91pi
+wxa0goR33FseZY4i1Owrp+TpBUdebWmc8tquDmPdAoGASnKqmt2XQtaY98oX7B66
+5ILSuigzXQ/U/cJBZ1VMJKlCJnIPNF3hApCMN8xTizoposDcHYdNGx7RkjnR+f+1
+2cMJogntrablkLdh0dPU8wlS04NcC7JXoclqj6ID75YlLD3BGwsBx7BLeS4h1cQ1
+NCKinLnF0touxbwjGqF+478=
+-----END PRIVATE KEY-----
diff --git a/test/test_ssl/cert_selection/web1.nginx-proxy.tld.crt b/test/test_ssl/cert_selection/web1.nginx-proxy.tld.crt
new file mode 100644
index 0000000..76042b9
--- /dev/null
+++ b/test/test_ssl/cert_selection/web1.nginx-proxy.tld.crt
@@ -0,0 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4096 (0x1000)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
+        Validity
+            Not Before: Dec  8 19:42:32 2024 GMT
+            Not After : Apr 25 19:42:32 2052 GMT
+        Subject: CN=web1.nginx-proxy.tld
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e7:5c:7f:56:b3:eb:8f:16:81:07:05:1d:88:d4:
+                    bf:cd:3f:16:b8:3d:a5:a8:31:80:a3:c5:f0:a7:8f:
+                    29:d6:09:35:ad:48:6d:d6:20:8c:fe:78:98:50:aa:
+                    a1:03:86:ff:48:c0:e5:59:27:f8:89:13:08:99:20:
+                    c9:86:49:53:63:5a:c8:19:c5:c8:46:26:dc:3a:40:
+                    80:43:b8:86:e5:b8:73:33:1a:81:87:31:21:ea:aa:
+                    4e:9e:f9:cf:60:0a:66:06:81:dc:fc:6b:1c:72:1d:
+                    73:bc:2d:f5:eb:aa:87:cb:87:83:88:bc:a8:eb:4a:
+                    94:23:9d:56:77:cc:8b:46:0a:25:c7:27:17:45:3f:
+                    11:73:52:8d:5f:91:54:3b:b3:b2:28:cd:5b:55:79:
+                    32:88:fd:25:21:4f:f8:83:b3:f8:be:f7:ff:7f:f3:
+                    5d:b7:5b:40:ad:c5:87:e3:72:06:bf:93:22:12:f7:
+                    8d:d6:7d:49:44:1c:ac:7d:9a:02:cf:e0:e0:8d:db:
+                    aa:69:58:9e:5e:f2:00:ac:e6:8b:73:b3:aa:26:b0:
+                    50:40:ff:0a:73:d3:91:c3:1e:7c:6f:59:eb:ee:75:
+                    31:9d:71:19:ac:9e:ce:32:90:3e:bd:cb:30:fa:a4:
+                    a0:19:1f:0f:b5:91:5f:c9:3e:94:b8:52:d8:8c:6f:
+                    79:e9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:web1.nginx-proxy.tld
+            X509v3 Subject Key Identifier: 
+                F4:08:B3:4A:A1:95:69:35:6B:2C:C7:D6:BE:99:25:F6:16:3F:21:7E
+            X509v3 Authority Key Identifier: 
+                24:BE:7D:A4:7A:26:B7:EF:1D:50:DC:6F:F0:78:2B:62:32:9F:38:0F
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        84:ba:99:25:10:82:ae:3f:55:14:3c:3c:e6:aa:5e:96:a7:76:
+        df:aa:71:77:54:bd:6d:6a:e9:19:c0:d9:81:7c:36:ff:be:39:
+        2e:03:a8:f2:a2:24:cf:63:ba:d0:cc:45:a5:58:0f:36:5f:8f:
+        21:23:b7:66:a6:5a:40:93:2f:25:18:3e:1b:40:bc:9c:77:4c:
+        ec:32:36:ff:64:49:89:98:5e:6c:e8:a5:dd:28:79:8a:b6:10:
+        05:9d:b4:f5:33:4d:32:5f:6b:44:d5:27:b7:e0:fb:b7:6e:04:
+        a6:3a:2e:4a:0f:3b:14:e1:94:39:e2:cb:c3:b9:97:da:9f:db:
+        c5:f4:fe:e3:58:6f:5c:43:2c:15:3b:24:5f:18:0e:d8:7b:73:
+        0e:64:8b:64:de:44:ac:96:1d:18:7b:54:d8:4e:72:86:df:f9:
+        8e:ae:dc:0d:3a:6d:9b:88:8e:c5:ee:55:ce:f8:0e:93:b2:fe:
+        06:6d:6e:91:f4:5b:55:b3:c4:09:b3:cc:c7:a8:7f:ab:d0:f9:
+        1c:04:30:07:51:ae:bc:18:10:1b:98:db:56:32:6a:0a:59:cd:
+        25:1d:a9:83:35:85:b6:2b:51:ad:4c:8f:b2:6f:50:8f:3d:da:
+        40:9b:8c:cc:d5:1e:ad:a1:00:fd:ac:b9:ba:fc:e9:1c:e9:a2:
+        08:cd:8b:be
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
+bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
+ZDAgFw0yNDEyMDgxOTQyMzJaGA8yMDUyMDQyNTE5NDIzMlowHzEdMBsGA1UEAwwU
+d2ViMS5uZ2lueC1wcm94eS50bGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDnXH9Ws+uPFoEHBR2I1L/NPxa4PaWoMYCjxfCnjynWCTWtSG3WIIz+eJhQ
+qqEDhv9IwOVZJ/iJEwiZIMmGSVNjWsgZxchGJtw6QIBDuIbluHMzGoGHMSHqqk6e
++c9gCmYGgdz8axxyHXO8LfXrqofLh4OIvKjrSpQjnVZ3zItGCiXHJxdFPxFzUo1f
+kVQ7s7IozVtVeTKI/SUhT/iDs/i+9/9/8123W0CtxYfjcga/kyIS943WfUlEHKx9
+mgLP4OCN26ppWJ5e8gCs5otzs6omsFBA/wpz05HDHnxvWevudTGdcRmsns4ykD69
+yzD6pKAZHw+1kV/JPpS4UtiMb3npAgMBAAGjYzBhMB8GA1UdEQQYMBaCFHdlYjEu
+bmdpbngtcHJveHkudGxkMB0GA1UdDgQWBBT0CLNKoZVpNWssx9a+mSX2Fj8hfjAf
+BgNVHSMEGDAWgBQkvn2keia37x1Q3G/weCtiMp84DzANBgkqhkiG9w0BAQsFAAOC
+AQEAhLqZJRCCrj9VFDw85qpelqd236pxd1S9bWrpGcDZgXw2/745LgOo8qIkz2O6
+0MxFpVgPNl+PISO3ZqZaQJMvJRg+G0C8nHdM7DI2/2RJiZhebOil3Sh5irYQBZ20
+9TNNMl9rRNUnt+D7t24EpjouSg87FOGUOeLLw7mX2p/bxfT+41hvXEMsFTskXxgO
+2HtzDmSLZN5ErJYdGHtU2E5yht/5jq7cDTptm4iOxe5VzvgOk7L+Bm1ukfRbVbPE
+CbPMx6h/q9D5HAQwB1GuvBgQG5jbVjJqClnNJR2pgzWFtitRrUyPsm9Qjz3aQJuM
+zNUeraEA/ay5uvzpHOmiCM2Lvg==
+-----END CERTIFICATE-----
diff --git a/test/test_ssl/cert_selection/web1.nginx-proxy.tld.key b/test/test_ssl/cert_selection/web1.nginx-proxy.tld.key
new file mode 100644
index 0000000..7ee5cc5
--- /dev/null
+++ b/test/test_ssl/cert_selection/web1.nginx-proxy.tld.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDnXH9Ws+uPFoEH
+BR2I1L/NPxa4PaWoMYCjxfCnjynWCTWtSG3WIIz+eJhQqqEDhv9IwOVZJ/iJEwiZ
+IMmGSVNjWsgZxchGJtw6QIBDuIbluHMzGoGHMSHqqk6e+c9gCmYGgdz8axxyHXO8
+LfXrqofLh4OIvKjrSpQjnVZ3zItGCiXHJxdFPxFzUo1fkVQ7s7IozVtVeTKI/SUh
+T/iDs/i+9/9/8123W0CtxYfjcga/kyIS943WfUlEHKx9mgLP4OCN26ppWJ5e8gCs
+5otzs6omsFBA/wpz05HDHnxvWevudTGdcRmsns4ykD69yzD6pKAZHw+1kV/JPpS4
+UtiMb3npAgMBAAECggEASj98/i4vYnQuZDpYCBl+lDey6t2d1CROzEAxwxRGsNGz
+0DB2T0mS9fdtqjWYBrHEK2z8LWiOci8Ri1LiWZ4ejLwNi3fVle3Srz8T6qfFYuOW
+1Mek2eYCpHSTVqGE06WCqIP0j20wa87X3YRCb6cCfWa356Hj896zO9q6bSfPamIq
+/hW6x7jJcqY7T+/DnkIu5gFB135F8KTA+wcVtfkyuO1P85dqZKyAiBQ4xHDZ7dKp
+sqELryBVCT45DxXlIjY3QhuwqDas0o8em2ayoPSF372V52QqksnR4BS9tX6NIDQd
+ro10ZmEveNYJ8agKhBvpHHuDcjKQ0c5Mc4lG8qHEoQKBgQD8dF4p0DSF8uFyi42F
+vu/4tDidY738dWE5AhuHgfWtoUYlh5p7fX/bCajLjsNZJxNsEVqSQ3ubvTTepU9r
+iHZiWsbmZA60FiNB5iyYOhDY1ULYLW9K+SVzSejCOJOG+1RFciqq6Jm3PEmfhlsm
+s3fOYHad5RHes9Ewfl1RFzHwKwKBgQDqnEtmbbHSWWXucoEu0NOIqwMR+Fn25KQt
+80mpCJKpJ6BpGdogG2RXRWfNRBvbFg6p9vdFMB8hxijrk8B2EpkFQVwCx8FuT3qA
+U/QbcgbWIoxEsvCc04fLMcDOcNszZpnKisMieVzA9HS+ek93SbnaSRtZNNGnAcSp
+PkVxshdgOwKBgEXJ0YITmYFx/BrTM0NG3kXNZF02Bn404LSGvZ9/MLBYBfE4BF+g
++OhPSkdDZwNNRxQ30+bdGt2Zt3TZFBRw+/ECkTt9a4cjG4oLHEbUvnWCtuDV5o8+
+QrkVNHAEfdvxvIEaJ2tps5yw4NVlqesP782wYvoRKhh7cxfJxvg0xkxTAoGBAJGT
+rg2+32pg4qkVECfWmIvjYaJS8rAKq/1/SyPCGA8ycY0F552ooZitjn2GV6qYgzzf
+7AtYktjINzgGlJQvchgauFdZUCN82cyrS3uEQ8233kX6qucFMuvY0YTH7px0e9V8
+SR0pJW7twUs4ZfrlGpfiaT/vUHBK3pcN9tVX5r1lAoGAFss3yu7iwxZq5m/tzv53
+8lf35kq02Miia3Xu5Ahi6LHrhJmqc7OV6CV1bTaWb5ojf7R82nny5w0CTBk9qkFw
+i0hF4jYS0eEp5AF4fC0tW4nPim1Dz/Yr9EnWAfCIsS56fktqsPr12OR2OMMepnuf
+8gQm89DpS1l+hZou7msI41A=
+-----END PRIVATE KEY-----
diff --git a/test/test_ssl/test_cert_selection.py b/test/test_ssl/test_cert_selection.py
index 23c3790..78c074d 100644
--- a/test/test_ssl/test_cert_selection.py
+++ b/test/test_ssl/test_cert_selection.py
@@ -3,10 +3,10 @@ import pytest
 
 
 @pytest.mark.parametrize("host,expected_cert_ok,expected_cert", [
-    ("nginx-proxy.tld", True, "nginx-proxy.tld"),
-    ("web1.nginx-proxy.tld", True, "nginx-proxy.tld"),
-    ("sub.web1.nginx-proxy.tld", False, ""),
-    ("web2.nginx-proxy.tld", True, "web2.nginx-proxy.tld"),
+    ("https://nginx-proxy.tld", True, "nginx-proxy.tld"),
+    ("https://www.nginx-proxy.tld", True, "nginx-proxy.tld"),
+    ("http://subdomain.www.nginx-proxy.tld", False, ""),
+    ("https://web1.nginx-proxy.tld", True, "web1.nginx-proxy.tld"),
 ])
 def test_certificate_selection(
     docker_compose,
@@ -15,7 +15,7 @@ def test_certificate_selection(
     expected_cert_ok: bool,
     expected_cert: str,
 ):
-    r = nginxproxy.get(f"http://{host}/nginx-proxy-debug")
+    r = nginxproxy.get(f"{host}/nginx-proxy-debug")
     assert r.status_code == 200
     try:
         jsonResponse = json.loads(r.text)
diff --git a/test/test_ssl/test_cert_selection.yml b/test/test_ssl/test_cert_selection.yml
index 34e0b64..6b4824c 100644
--- a/test/test_ssl/test_cert_selection.yml
+++ b/test/test_ssl/test_cert_selection.yml
@@ -1,33 +1,33 @@
 services:
-  base:
+  base: 
       image: web
       environment:
         WEB_PORTS: "80"
         VIRTUAL_HOST: "nginx-proxy.tld"
 
+  www:
+      image: web
+      environment:
+        WEB_PORTS: "80"
+        VIRTUAL_HOST: "www.nginx-proxy.tld"
+  
+  sub-www:
+      image: web
+      environment:
+        WEB_PORTS: "80"
+        VIRTUAL_HOST: "subdomain.www.nginx-proxy.tld"
+
   web1:
       image: web
       environment:
         WEB_PORTS: "80"
         VIRTUAL_HOST: "web1.nginx-proxy.tld"
-  
-  sub-web1:
-      image: web
-      environment:
-        WEB_PORTS: "80"
-        VIRTUAL_HOST: "sub.web1.nginx-proxy.tld"
-
-  web2:
-      image: web
-      environment:
-        WEB_PORTS: "80"
-        VIRTUAL_HOST: "web2.nginx-proxy.tld"
 
   sut:
     image: nginxproxy/nginx-proxy:test
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./certs:/etc/nginx/certs:ro
+      - ./cert_selection:/etc/nginx/certs:ro
       - ./acme_root:/usr/share/nginx/html:ro
     environment:
       DEBUG_ENDPOINT: "true"