Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-certbot for openSUSE:Factory
checked in at 2021-07-30 23:22:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-certbot (Old)
and /work/SRC/openSUSE:Factory/.python-certbot.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-certbot"
Fri Jul 30 23:22:06 2021 rev:36 rq:909349 version:1.17.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-certbot/python-certbot.changes
2021-06-24 18:23:04.580949639 +0200
+++ /work/SRC/openSUSE:Factory/.python-certbot.new.1899/python-certbot.changes
2021-07-30 23:22:30.563614476 +0200
@@ -1,0 +2,11 @@
+Fri Jul 30 08:40:46 UTC 2021 - Mark??ta Machov?? <mmach...@suse.com>
+
+- update to version 1.17.0
+ * We changed how dependencies are specified between Certbot packages. For
this
+ and future releases, higher level Certbot components will require that
lower
+ level components are the same version or newer. More specifically, version
X
+ of the Certbot package will now always require acme>=X and version Y of a
+ plugin package will always require acme>=Y and certbot=>Y. Specifying
+ dependencies in this way simplifies testing and development.
+
+-------------------------------------------------------------------
Old:
----
certbot-1.16.0.tar.gz
certbot-1.16.0.tar.gz.asc
New:
----
certbot-1.17.0.tar.gz
certbot-1.17.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-certbot.spec ++++++
--- /var/tmp/diff_new_pack.JL4njM/_old 2021-07-30 23:22:31.095613891 +0200
+++ /var/tmp/diff_new_pack.JL4njM/_new 2021-07-30 23:22:31.095613891 +0200
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-certbot
-Version: 1.16.0
+Version: 1.17.0
Release: 0
Summary: ACME client
License: Apache-2.0
@@ -27,7 +27,7 @@
Source0:
https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz
Source1:
https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz.asc
Source2: %{name}.keyring
-BuildRequires: %{python_module acme >= 1.8.0}
+BuildRequires: %{python_module acme >= %{version}}
BuildRequires: %{python_module configargparse >= 0.9.3}
BuildRequires: %{python_module configobj >= 5.0.6}
BuildRequires: %{python_module cryptography >= 2.1.4}
@@ -42,7 +42,7 @@
BuildRequires: %{python_module zope.interface}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
-Requires: python-acme >= 1.8.0
+Requires: python-acme >= %{version}
Requires: python-configargparse >= 0.9.3
Requires: python-configobj
Requires: python-cryptography >= 2.1.4
++++++ certbot-1.16.0.tar.gz -> certbot-1.17.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/CHANGELOG.md
new/certbot-1.17.0/CHANGELOG.md
--- old/certbot-1.16.0/CHANGELOG.md 2021-06-01 19:49:17.000000000 +0200
+++ new/certbot-1.17.0/CHANGELOG.md 2021-07-06 17:41:16.000000000 +0200
@@ -2,6 +2,33 @@
Certbot adheres to [Semantic Versioning](https://semver.org/).
+## 1.17.0 - 2021-07-06
+
+### Added
+
+* Add Void Linux overrides for certbot-apache.
+
+### Changed
+
+* We changed how dependencies are specified between Certbot packages. For this
+ and future releases, higher level Certbot components will require that lower
+ level components are the same version or newer. More specifically, version X
+ of the Certbot package will now always require acme>=X and version Y of a
+ plugin package will always require acme>=Y and certbot=>Y. Specifying
+ dependencies in this way simplifies testing and development.
+* The Apache authenticator now always configures virtual hosts which do not
have
+ an explicit `ServerName`. This should make it work more reliably with the
+ default Apache configuration in Debian-based environments.
+
+### Fixed
+
+* When we increased the logging level on our nginx "Could not parse file"
message,
+ it caused a previously-existing inability to parse empty files to become more
+ visible. We have now added the ability to correctly parse empty files, so
that
+ message should only show for more significant errors.
+
+More details about these changes can be found on our GitHub repo.
+
## 1.16.0 - 2021-06-01
### Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/PKG-INFO new/certbot-1.17.0/PKG-INFO
--- old/certbot-1.16.0/PKG-INFO 2021-06-01 19:49:18.495477000 +0200
+++ new/certbot-1.17.0/PKG-INFO 2021-07-06 17:41:18.405661800 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: certbot
-Version: 1.16.0
+Version: 1.17.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
@@ -26,8 +26,10 @@
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Python: >=3.6
+Provides-Extra: all
Provides-Extra: dev
Provides-Extra: docs
+Provides-Extra: test
License-File: LICENSE.txt
.. This file contains a series of comments that are used to include sections
of this README in other files. Do not modify these comments unless you know
what you are doing. tag:intro-begin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/__init__.py
new/certbot-1.17.0/certbot/__init__.py
--- old/certbot-1.16.0/certbot/__init__.py 2021-06-01 19:49:18.000000000
+0200
+++ new/certbot-1.17.0/certbot/__init__.py 2021-07-06 17:41:17.000000000
+0200
@@ -1,3 +1,3 @@
"""Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '1.16.0'
+__version__ = '1.17.0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/cli/__init__.py
new/certbot-1.17.0/certbot/_internal/cli/__init__.py
--- old/certbot-1.16.0/certbot/_internal/cli/__init__.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/_internal/cli/__init__.py 2021-07-06
17:41:16.000000000 +0200
@@ -71,6 +71,11 @@
default=flag_default("verbose_count"), help="This flag can be used "
"multiple times to incrementally increase the verbosity of output, "
"e.g. -vvv.")
+ # This is for developers to set the level in the cli.ini, and overrides
+ # the --verbose flag
+ helpful.add(
+ None, "--verbose-level", dest="verbose_level",
+ default=flag_default("verbose_level"), help=argparse.SUPPRESS)
helpful.add(
None, "-t", "--text", dest="text_mode", action="store_true",
default=flag_default("text_mode"), help=argparse.SUPPRESS)
@@ -449,6 +454,7 @@
plugins = plugins_disco.PluginsRegistry.find_all()
# reconstructed_args == sys.argv[1:], or whatever was passed to main()
reconstructed_args = helpful_parser.args + [helpful_parser.verb]
+
detector = set_by_cli.detector = prepare_and_parse_args( # type:
ignore
plugins, reconstructed_args, detect_defaults=True)
# propagate plugin requests: eg --standalone modifies
config.authenticator
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/client.py
new/certbot-1.17.0/certbot/_internal/client.py
--- old/certbot-1.16.0/certbot/_internal/client.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/_internal/client.py 2021-07-06
17:41:16.000000000 +0200
@@ -2,7 +2,7 @@
import datetime
import logging
import platform
-from typing import Optional
+from typing import List, Optional, Union
from cryptography.hazmat.backends import default_backend
# See https://github.com/pyca/cryptography/issues/4275
@@ -598,7 +598,8 @@
with error_handler.ErrorHandler(self._rollback_and_restart, msg):
self.installer.restart()
- def apply_enhancement(self, domains, enhancement, options=None):
+ def apply_enhancement(self, domains: List[str], enhancement: str,
+ options: Optional[Union[List[str], str]] = None) ->
None:
"""Applies an enhancement on all domains.
:param list domains: list of ssl_vhosts (as strings)
@@ -612,33 +613,28 @@
"""
- msg = f"Could not set up {enhancement} enhancement"
- with error_handler.ErrorHandler(self._recovery_routine_with_msg, msg):
+ enh_label = options if enhancement == "ensure-http-header" else
enhancement
+ with error_handler.ErrorHandler(self._recovery_routine_with_msg, None):
for dom in domains:
try:
self.installer.enhance(dom, enhancement, options)
except errors.PluginEnhancementAlreadyPresent:
- if enhancement == "ensure-http-header":
- logger.info("Enhancement %s was already set.",
- options)
- else:
- logger.info("Enhancement %s was already set.",
- enhancement)
+ logger.info("Enhancement %s was already set.", enh_label)
except errors.PluginError:
- logger.error("Unable to set enhancement %s for %s",
- enhancement, dom)
+ logger.error("Unable to set the %s enhancement for %s.",
enh_label, dom)
raise
- self.installer.save("Add enhancement %s" % (enhancement))
+ self.installer.save(f"Add enhancement {enh_label}")
- def _recovery_routine_with_msg(self, success_msg):
+ def _recovery_routine_with_msg(self, success_msg: Optional[str]) -> None:
"""Calls the installer's recovery routine and prints success_msg
:param str success_msg: message to show on successful recovery
"""
self.installer.recovery_routine()
- display_util.notify(success_msg)
+ if success_msg:
+ display_util.notify(success_msg)
def _rollback_and_restart(self, success_msg):
"""Rollback the most recent checkpoint and restart the webserver
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/constants.py
new/certbot-1.17.0/certbot/_internal/constants.py
--- old/certbot-1.16.0/certbot/_internal/constants.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/_internal/constants.py 2021-07-06
17:41:16.000000000 +0200
@@ -22,7 +22,8 @@
],
# Main parser
- verbose_count=-int(logging.WARNING / 10),
+ verbose_count=0,
+ verbose_level=None,
text_mode=False,
max_log_backups=1000,
preconfigured_renewal=False,
@@ -142,6 +143,9 @@
QUIET_LOGGING_LEVEL = logging.ERROR
"""Logging level to use in quiet mode."""
+DEFAULT_LOGGING_LEVEL = logging.WARNING
+"""Default logging level to use when not in quiet mode."""
+
RENEWER_DEFAULTS = dict(
renewer_enabled="yes",
renew_before_expiry="30 days",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/log.py
new/certbot-1.17.0/certbot/_internal/log.py
--- old/certbot-1.16.0/certbot/_internal/log.py 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/certbot/_internal/log.py 2021-07-06 17:41:16.000000000
+0200
@@ -120,8 +120,11 @@
if config.quiet:
level = constants.QUIET_LOGGING_LEVEL
+ elif config.verbose_level is not None:
+ level = constants.DEFAULT_LOGGING_LEVEL - int(config.verbose_level) *
10
else:
- level = -config.verbose_count * 10
+ level = constants.DEFAULT_LOGGING_LEVEL - config.verbose_count * 10
+
stderr_handler.setLevel(level)
logger.debug('Root logging level set at %d', level)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/main.py
new/certbot-1.17.0/certbot/_internal/main.py
--- old/certbot-1.16.0/certbot/_internal/main.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/_internal/main.py 2021-07-06
17:41:16.000000000 +0200
@@ -202,7 +202,7 @@
"--duplicate option.{br}{br}"
"For example:{br}{br}{1} --duplicate {2}".format(
existing,
- sys.argv[0], " ".join(sys.argv[1:]),
+ cli.cli_command, " ".join(sys.argv[1:]),
br=os.linesep
))
raise errors.Error(USER_CANCELLED)
@@ -507,6 +507,13 @@
"Certificates created using --csr will not be renewed
automatically by Certbot. "
"You will need to renew the certificate before it expires, by
running the same "
"Certbot command again.")
+ elif _is_interactive_only_auth(config):
+ steps.append(
+ "This certificate will not be renewed automatically.
Autorenewal of "
+ "--manual certificates requires the use of an authentication
hook script "
+ "(--manual-auth-hook) but one was not provided. To renew this
certificate, repeat "
+ f"this same {cli.cli_command} command before the certificate's
expiry date."
+ )
elif not config.preconfigured_renewal:
steps.append(
"The certificate will need to be renewed before it expires.
Certbot can "
@@ -556,6 +563,11 @@
assert cert_path and fullchain_path, "No certificates saved to report."
+ renewal_msg = ""
+ if config.preconfigured_renewal and not _is_interactive_only_auth(config):
+ renewal_msg = ("\nCertbot has set up a scheduled task to automatically
renew this "
+ "certificate in the background.")
+
display_util.notify(
("\nSuccessfully received certificate.\n"
"Certificate is saved at: {cert_path}\n{key_msg}"
@@ -564,13 +576,22 @@
cert_path=fullchain_path,
expiry=crypto_util.notAfter(cert_path).date(),
key_msg="Key is saved at: {}\n".format(key_path) if
key_path else "",
- renewal_msg="\nCertbot has set up a scheduled task to
automatically renew this "
- "certificate in the background." if
config.preconfigured_renewal else "",
+ renewal_msg=renewal_msg,
nl="\n" if config.verb == "run" else "" # Normalize spacing across
verbs
)
)
+def _is_interactive_only_auth(config: interfaces.IConfig) -> bool:
+ """ Whether the current authenticator params only support interactive
renewal.
+ """
+ # --manual without --manual-auth-hook can never autorenew
+ if config.authenticator == "manual" and config.manual_auth_hook is None:
+ return True
+
+ return False
+
+
def _csr_report_new_cert(config: interfaces.IConfig, cert_path: Optional[str],
chain_path: Optional[str], fullchain_path:
Optional[str]):
""" --csr variant of _report_new_cert.
@@ -1052,7 +1073,7 @@
if not enhancements.are_requested(config) and not oldstyle_enh:
msg = ("Please specify one or more enhancement types to configure. To
list "
"the available enhancement types, run:\n\n%s --help enhance\n")
- logger.error(msg, sys.argv[0])
+ logger.error(msg, cli.cli_command)
raise errors.MisconfigurationError("No enhancements requested,
exiting.")
try:
@@ -1398,7 +1419,7 @@
if config.csr:
cert_path, chain_path, fullchain_path = _csr_get_and_save_cert(config,
le_client)
_csr_report_new_cert(config, cert_path, chain_path, fullchain_path)
- _report_next_steps(config, None, None)
+ _report_next_steps(config, None, None, new_or_renewed_cert=not
config.dry_run)
_suggest_donation_if_appropriate(config)
eff.handle_subscription(config, le_client.account)
return
@@ -1417,7 +1438,8 @@
fullchain_path = lineage.fullchain_path if lineage else None
key_path = lineage.key_path if lineage else None
_report_new_cert(config, cert_path, fullchain_path, key_path)
- _report_next_steps(config, None, lineage,
new_or_renewed_cert=should_get_cert)
+ _report_next_steps(config, None, lineage,
+ new_or_renewed_cert=should_get_cert and not
config.dry_run)
_suggest_donation_if_appropriate(config)
eff.handle_subscription(config, le_client.account)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/certbot-1.16.0/certbot/_internal/plugins/standalone.py
new/certbot-1.17.0/certbot/_internal/plugins/standalone.py
--- old/certbot-1.16.0/certbot/_internal/plugins/standalone.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/_internal/plugins/standalone.py 2021-07-06
17:41:16.000000000 +0200
@@ -5,6 +5,7 @@
import socket
from typing import DefaultDict
from typing import Dict
+from typing import List
from typing import Set
from typing import Tuple
from typing import TYPE_CHECKING
@@ -184,6 +185,14 @@
if not self.served[servers]:
self.servers.stop(port)
+ def auth_hint(self, failed_achalls: List[achallenges.AnnotatedChallenge])
-> str:
+ port, addr = self.config.http01_port, self.config.http01_address
+ neat_addr = f"{addr}:{port}" if addr else f"port {port}"
+ return ("The Certificate Authority failed to download the challenge
files from "
+ f"the temporary standalone webserver started by Certbot on
{neat_addr}. "
+ "Ensure that the listed domains point to this machine and that
it can "
+ "accept inbound connections from the internet.")
+
def _handle_perform_error(error):
if error.socket_error.errno == errno.EACCES:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot/plugins/common.py
new/certbot-1.17.0/certbot/plugins/common.py
--- old/certbot-1.16.0/certbot/plugins/common.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/certbot/plugins/common.py 2021-07-06
17:41:16.000000000 +0200
@@ -119,7 +119,7 @@
# This is a fallback hint. Authenticators should implement their own
auth_hint that
# addresses the specific mechanics of that authenticator.
challs = " and ".join(sorted({achall.typ for achall in
failed_achalls}))
- return ("The Certificate Authority couldn't exterally verify that the
{name} plugin "
+ return ("The Certificate Authority couldn't externally verify that the
{name} plugin "
"completed the required {challs} challenges. Ensure the plugin
is configured "
"correctly and that the changes it makes are accessible from
the internet."
.format(name=self.name, challs=challs))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot.egg-info/PKG-INFO
new/certbot-1.17.0/certbot.egg-info/PKG-INFO
--- old/certbot-1.16.0/certbot.egg-info/PKG-INFO 2021-06-01
19:49:18.000000000 +0200
+++ new/certbot-1.17.0/certbot.egg-info/PKG-INFO 2021-07-06
17:41:18.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: certbot
-Version: 1.16.0
+Version: 1.17.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
@@ -26,8 +26,10 @@
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Python: >=3.6
+Provides-Extra: all
Provides-Extra: dev
Provides-Extra: docs
+Provides-Extra: test
License-File: LICENSE.txt
.. This file contains a series of comments that are used to include sections
of this README in other files. Do not modify these comments unless you know
what you are doing. tag:intro-begin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/certbot.egg-info/requires.txt
new/certbot-1.17.0/certbot.egg-info/requires.txt
--- old/certbot-1.16.0/certbot.egg-info/requires.txt 2021-06-01
19:49:18.000000000 +0200
+++ new/certbot-1.17.0/certbot.egg-info/requires.txt 2021-07-06
17:41:18.000000000 +0200
@@ -1,4 +1,4 @@
-acme>=1.8.0
+acme>=1.17.0
ConfigArgParse>=0.9.3
configobj>=5.0.6
cryptography>=2.1.4
@@ -14,19 +14,32 @@
[:sys_platform == "win32"]
pywin32>=300
-[dev]
-astroid
+[all]
azure-devops
-coverage
ipdb
-mypy
PyGithub
-poetry>=1.1.0
+pip
+poetry>=1.2.0a1
+tox
+twine
+wheel
+repoze.sphinx.autointerface
+Sphinx>=1.2
+sphinx_rtd_theme
+coverage
+mypy
pylint
pytest
pytest-cov
pytest-xdist
typing-extensions
+
+[dev]
+azure-devops
+ipdb
+PyGithub
+pip
+poetry>=1.2.0a1
tox
twine
wheel
@@ -35,3 +48,12 @@
repoze.sphinx.autointerface
Sphinx>=1.2
sphinx_rtd_theme
+
+[test]
+coverage
+mypy
+pylint
+pytest
+pytest-cov
+pytest-xdist
+typing-extensions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/docs/cli-help.txt
new/certbot-1.17.0/docs/cli-help.txt
--- old/certbot-1.16.0/docs/cli-help.txt 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/docs/cli-help.txt 2021-07-06 17:41:16.000000000
+0200
@@ -41,7 +41,7 @@
and ~/.config/letsencrypt/cli.ini)
-v, --verbose This flag can be used multiple times to incrementally
increase the verbosity of output, e.g. -vvv. (default:
- -2)
+ -3)
--max-log-backups MAX_LOG_BACKUPS
Specifies the maximum number of backup logs that
should be kept by Certbot's built in log rotation.
@@ -118,7 +118,7 @@
case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to
- "". (default: CertbotACMEClient/1.15.0 (certbot;
+ "". (default: CertbotACMEClient/1.16.0 (certbot;
OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY
(SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel).
The flags encoded in the user agent are: --duplicate,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/docs/using.rst
new/certbot-1.17.0/docs/using.rst
--- old/certbot-1.16.0/docs/using.rst 2021-06-01 19:49:17.000000000 +0200
+++ new/certbot-1.17.0/docs/using.rst 2021-07-06 17:41:16.000000000 +0200
@@ -57,10 +57,11 @@
| domain. Doing domain validation in this way is
| the only way to obtain wildcard certificates from Let's
| Encrypt.
-manual_ Y N | Helps you obtain a certificate by giving you
instructions to http-01_ (80) or
- | perform domain validation yourself. Additionally
allows you dns-01_ (53)
- | to specify scripts to automate the validation task in a
- | customized way.
+manual_ Y N | Obtain a certificate by manually following
instructions to http-01_ (80) or
+ | perform domain validation yourself. Certificates
created this dns-01_ (53)
+ | way do not support autorenewal.
+ | Autorenewal may be enabled by providing an
authentication
+ | hook script to automate the domain validation steps.
=========== ==== ====
===============================================================
=============================
.. |dns_plugs| replace:: :ref:`DNS plugins <dns_plugins>`
@@ -229,11 +230,21 @@
_acme-challenge.example.com. 300 IN TXT "gfj9Xq...Rg85nM"
+.. _manual-renewal:
-Additionally you can specify scripts to prepare for validation and
-perform the authentication procedure and/or clean up after it by using
-the ``--manual-auth-hook`` and ``--manual-cleanup-hook`` flags. This is
-described in more depth in the hooks_ section.
+**Renewal with the manual plugin**
+
+Certificates created using ``--manual`` **do not** support automatic renewal
unless
+combined with an `authentication hook script <#hooks>`_ via
``--manual-auth-hook``
+to automatically set up the required HTTP and/or TXT challenges.
+
+If you can use one of the other plugins_ which support autorenewal to create
+your certificate, doing so is highly recommended.
+
+To manually renew a certificate using ``--manual`` without hooks, repeat the
same
+``certbot --manual`` command you used to create the certificate originally. As
this
+will require you to copy and paste new HTTP files or DNS TXT records, the
command
+cannot be automated with a cron job.
.. _combination:
@@ -286,6 +297,10 @@
dns-inwx_ Y Y DNS Authentication for INWX through the XML API
dns-azure_ Y N DNS Authentication using Azure DNS
dns-godaddy_ Y N DNS Authentication using Godaddy DNS
+njalla_ Y N DNS Authentication for njalla
+DuckDNS_ Y N DNS Authentication for DuckDNS
+Porkbun_ Y N DNS Authentication for Porkbun
+Infomaniak_ Y N DNS Authentication using Infomaniak Domains API
================== ==== ====
===============================================================
.. _haproxy: https://github.com/greenhost/certbot-haproxy
@@ -302,6 +317,10 @@
.. _dns-inwx: https://github.com/oGGy990/certbot-dns-inwx/
.. _dns-azure: https://github.com/binkhq/certbot-dns-azure
.. _dns-godaddy: https://github.com/miigotu/certbot-dns-godaddy
+.. _njalla: https://github.com/chaptergy/certbot-dns-njalla
+.. _DuckDNS: https://github.com/infinityofspace/certbot_dns_duckdns
+.. _Porkbun: https://github.com/infinityofspace/certbot_dns_porkbun
+.. _Infomaniak: https://github.com/Infomaniak/certbot-dns-infomaniak
If you're interested, you can also :ref:`write your own plugin <dev-plugin>`.
@@ -522,6 +541,10 @@
.. seealso:: Most Certbot installations come with automatic
renewal out of the box. See `Automated Renewals`_ for more details.
+.. seealso:: Users of the `Manual`_ plugin should note that ``--manual``
certificates
+ will not renew automatically, unless combined with authentication hook
scripts.
+ See `Renewal with the manual plugin <#manual-renewal>`_.
+
As of version 0.10.0, Certbot supports a ``renew`` action to check
all installed certificates for impending expiry and attempt to renew
them. The simplest form is simply
@@ -710,7 +733,7 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you think you may need to set up automated renewal, follow these
instructions to set up a
-scheduled task to automatically renew your certificates in the background. If
you are unsure
+scheduled task to automatically renew your certificates in the background. If
you are unsure
whether your system has a pre-installed scheduled task for Certbot, it is safe
to follow these
instructions to create one.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/examples/dev-cli.ini
new/certbot-1.17.0/examples/dev-cli.ini
--- old/certbot-1.16.0/examples/dev-cli.ini 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/examples/dev-cli.ini 2021-07-06 17:41:16.000000000
+0200
@@ -13,8 +13,6 @@
text = True
agree-tos = True
debug = True
-# Unfortunately, it's not possible to specify "verbose" multiple times
-# (correspondingly to -vvvvvv)
-verbose = True
+verbose-level = 2 # -vv (debug)
authenticator = standalone
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/setup.py new/certbot-1.17.0/setup.py
--- old/certbot-1.16.0/setup.py 2021-06-01 19:49:17.000000000 +0200
+++ new/certbot-1.17.0/setup.py 2021-07-06 17:41:16.000000000 +0200
@@ -41,7 +41,10 @@
# here to avoid masking the more specific request requirements in acme. See
# https://github.com/pypa/pip/issues/988 for more info.
install_requires = [
- 'acme>=1.8.0',
+ # We specify the minimum acme version as the current Certbot version for
+ # simplicity. See https://github.com/certbot/certbot/issues/8761 for more
+ # info.
+ f'acme>={version}',
# We technically need ConfigArgParse 0.10.0 for Python 2.6 support, but
# saying so here causes a runtime error against our temporary fork of 0.9.3
# in which we added 2.6 support (see #2243), so we relax the requirement.
@@ -64,22 +67,13 @@
]
dev_extras = [
- 'astroid',
'azure-devops',
- 'coverage',
'ipdb',
- 'mypy',
'PyGithub',
- # 1.1.0+ is required for poetry to use the poetry-core library for the
- # build system declared in tools/pinning/pyproject.toml.
- 'poetry>=1.1.0',
- 'pylint',
- 'pytest',
- 'pytest-cov',
- 'pytest-xdist',
- # typing-extensions is required to import typing.Protocol and make the
mypy checks
- # pass (along with pylint about non-existent objects) on Python 3.6 & 3.7
- 'typing-extensions',
+ 'pip',
+ # poetry 1.2.0+ is required for it to pin pip, setuptools, and wheel. See
+ # https://github.com/python-poetry/poetry/issues/1584.
+ 'poetry>=1.2.0a1',
'tox',
'twine',
'wheel',
@@ -93,6 +87,21 @@
'sphinx_rtd_theme',
]
+test_extras = [
+ 'coverage',
+ 'mypy',
+ 'pylint',
+ 'pytest',
+ 'pytest-cov',
+ 'pytest-xdist',
+ # typing-extensions is required to import typing.Protocol and make the
mypy checks
+ # pass (along with pylint about non-existent objects) on Python 3.6 & 3.7
+ 'typing-extensions',
+]
+
+
+all_extras = dev_extras + docs_extras + test_extras
+
setup(
name='certbot',
version=version,
@@ -129,8 +138,10 @@
install_requires=install_requires,
extras_require={
+ 'all': all_extras,
'dev': dev_extras,
'docs': docs_extras,
+ 'test': test_extras,
},
entry_points={
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/tests/client_test.py
new/certbot-1.17.0/tests/client_test.py
--- old/certbot-1.16.0/tests/client_test.py 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/tests/client_test.py 2021-07-06 17:41:16.000000000
+0200
@@ -712,7 +712,7 @@
if enhance_error:
self.assertEqual(mock_logger.error.call_count, 1)
- self.assertIn('Unable to set enhancement',
mock_logger.error.call_args_list[0][0][0])
+ self.assertEqual('Unable to set the %s enhancement for %s.',
mock_logger.error.call_args_list[0][0][0])
if restart_error:
mock_logger.critical.assert_called_with(
'Rolling back to previous server configuration...')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/tests/log_test.py
new/certbot-1.17.0/tests/log_test.py
--- old/certbot-1.16.0/tests/log_test.py 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/tests/log_test.py 2021-07-06 17:41:16.000000000
+0200
@@ -122,7 +122,7 @@
if self.config.quiet:
self.assertEqual(level, constants.QUIET_LOGGING_LEVEL)
else:
- self.assertEqual(level, -self.config.verbose_count * 10)
+ self.assertEqual(level, constants.DEFAULT_LOGGING_LEVEL)
def test_debug(self):
self.config.debug = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/tests/main_test.py
new/certbot-1.17.0/tests/main_test.py
--- old/certbot-1.16.0/tests/main_test.py 2021-06-01 19:49:17.000000000
+0200
+++ new/certbot-1.17.0/tests/main_test.py 2021-07-06 17:41:16.000000000
+0200
@@ -271,6 +271,21 @@
self._call(('certonly --webroot --cert-name example.com').split())
self.assertIs(mock_choose_names.called, True)
+ @mock.patch('certbot._internal.main._report_next_steps')
+ @mock.patch('certbot._internal.main._get_and_save_cert')
+ @mock.patch('certbot._internal.main._csr_get_and_save_cert')
+ @mock.patch('certbot._internal.cert_manager.lineage_for_certname')
+ def test_dryrun_next_steps_no_cert_saved(self, mock_lineage,
mock_csr_get_cert,
+ unused_mock_get_cert,
mock_report_next_steps):
+ """certonly --dry-run shouldn't report creation of a certificate in
NEXT STEPS."""
+ mock_lineage.return_value = None
+ mock_csr_get_cert.return_value = ("/cert", "/chain", "/fullchain")
+ for flag in (f"--csr {CSR}", "-d example.com"):
+ self._call(f"certonly {flag} --webroot --cert-name example.com
--dry-run".split())
+ mock_report_next_steps.assert_called_once_with(
+ mock.ANY, mock.ANY, mock.ANY, new_or_renewed_cert=False)
+ mock_report_next_steps.reset_mock()
+
class FindDomainsOrCertnameTest(unittest.TestCase):
"""Tests for certbot._internal.main._find_domains_or_certname."""
@@ -1886,6 +1901,71 @@
'This certificate expires on 1970-01-01.'
)
+ def test_manual_no_hooks_report(self):
+ """Shouldn't get a message about autorenewal if no
--manual-auth-hook"""
+ self._call(mock.Mock(dry_run=False, authenticator='manual',
manual_auth_hook=None),
+ '/path/to/cert.pem', '/path/to/fullchain.pem',
+ '/path/to/privkey.pem')
+
+ self.mock_notify.assert_called_with(
+ '\nSuccessfully received certificate.\n'
+ 'Certificate is saved at: /path/to/fullchain.pem\n'
+ 'Key is saved at: /path/to/privkey.pem\n'
+ 'This certificate expires on 1970-01-01.\n'
+ 'These files will be updated when the certificate renews.'
+ )
+
+
+class ReportNextStepsTest(unittest.TestCase):
+ """Tests for certbot._internal.main._report_next_steps"""
+
+ def setUp(self):
+ self.config = mock.MagicMock(
+ cert_name="example.com", preconfigured_renewal=True,
+ csr=None, authenticator="nginx", manual_auth_hook=None)
+ notify_patch = mock.patch('certbot._internal.main.display_util.notify')
+ self.mock_notify = notify_patch.start()
+ self.addCleanup(notify_patch.stop)
+ self.old_stdout = sys.stdout
+ sys.stdout = io.StringIO()
+
+ def tearDown(self):
+ sys.stdout = self.old_stdout
+
+ @classmethod
+ def _call(cls, *args, **kwargs):
+ from certbot._internal.main import _report_next_steps
+ _report_next_steps(*args, **kwargs)
+
+ def _output(self) -> str:
+ self.mock_notify.assert_called_once()
+ return self.mock_notify.call_args_list[0][0][0]
+
+ def test_report(self):
+ """No steps for a normal renewal"""
+ self.config.authenticator = "manual"
+ self.config.manual_auth_hook = "/bin/true"
+ self._call(self.config, None, None)
+ self.mock_notify.assert_not_called()
+
+ def test_csr_report(self):
+ """--csr requires manual renewal"""
+ self.config.csr = "foo.csr"
+ self._call(self.config, None, None)
+ self.assertIn("--csr will not be renewed", self._output())
+
+ def test_manual_no_hook_renewal(self):
+ """--manual without a hook requires manual renewal"""
+ self.config.authenticator = "manual"
+ self._call(self.config, None, None)
+ self.assertIn("--manual certificates requires", self._output())
+
+ def test_no_preconfigured_renewal(self):
+ """No --preconfigured-renewal needs manual cron setup"""
+ self.config.preconfigured_renewal = False
+ self._call(self.config, None, None)
+ self.assertIn("https://certbot.org/renewal-setup";, self._output())
+
class UpdateAccountTest(test_util.ConfigTestCase):
"""Tests for certbot._internal.main.update_account"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/certbot-1.16.0/tests/plugins/standalone_test.py
new/certbot-1.17.0/tests/plugins/standalone_test.py
--- old/certbot-1.16.0/tests/plugins/standalone_test.py 2021-06-01
19:49:17.000000000 +0200
+++ new/certbot-1.17.0/tests/plugins/standalone_test.py 2021-07-06
17:41:16.000000000 +0200
@@ -177,6 +177,13 @@
"server1": set(), "server2": set()})
self.auth.servers.stop.assert_called_with(2)
+ def test_auth_hint(self):
+ self.config.http01_port = "80"
+ self.config.http01_address = None
+ self.assertIn("on port 80", self.auth.auth_hint([]))
+ self.config.http01_address = "127.0.0.1"
+ self.assertIn("on 127.0.0.1:80", self.auth.auth_hint([]))
+
if __name__ == "__main__":
unittest.main() # pragma: no cover
