Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-certbot for openSUSE:Factory checked in at 2021-07-30 23:22:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-certbot (Old) and /work/SRC/openSUSE:Factory/.python-certbot.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-certbot" Fri Jul 30 23:22:06 2021 rev:36 rq:909349 version:1.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-certbot/python-certbot.changes 2021-06-24 18:23:04.580949639 +0200 +++ /work/SRC/openSUSE:Factory/.python-certbot.new.1899/python-certbot.changes 2021-07-30 23:22:30.563614476 +0200 @@ -1,0 +2,11 @@ +Fri Jul 30 08:40:46 UTC 2021 - Mark??ta Machov?? <mmach...@suse.com> + +- update to version 1.17.0 + * We changed how dependencies are specified between Certbot packages. For this + and future releases, higher level Certbot components will require that lower + level components are the same version or newer. More specifically, version X + of the Certbot package will now always require acme>=X and version Y of a + plugin package will always require acme>=Y and certbot=>Y. Specifying + dependencies in this way simplifies testing and development. + +------------------------------------------------------------------- Old: ---- certbot-1.16.0.tar.gz certbot-1.16.0.tar.gz.asc New: ---- certbot-1.17.0.tar.gz certbot-1.17.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-certbot.spec ++++++ --- /var/tmp/diff_new_pack.JL4njM/_old 2021-07-30 23:22:31.095613891 +0200 +++ /var/tmp/diff_new_pack.JL4njM/_new 2021-07-30 23:22:31.095613891 +0200 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-certbot -Version: 1.16.0 +Version: 1.17.0 Release: 0 Summary: ACME client License: Apache-2.0 @@ -27,7 +27,7 @@ Source0: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz Source1: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz.asc Source2: %{name}.keyring -BuildRequires: %{python_module acme >= 1.8.0} +BuildRequires: %{python_module acme >= %{version}} BuildRequires: %{python_module configargparse >= 0.9.3} BuildRequires: %{python_module configobj >= 5.0.6} BuildRequires: %{python_module cryptography >= 2.1.4} @@ -42,7 +42,7 @@ BuildRequires: %{python_module zope.interface} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-acme >= 1.8.0 +Requires: python-acme >= %{version} Requires: python-configargparse >= 0.9.3 Requires: python-configobj Requires: python-cryptography >= 2.1.4 ++++++ certbot-1.16.0.tar.gz -> certbot-1.17.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/CHANGELOG.md new/certbot-1.17.0/CHANGELOG.md --- old/certbot-1.16.0/CHANGELOG.md 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/CHANGELOG.md 2021-07-06 17:41:16.000000000 +0200 @@ -2,6 +2,33 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). +## 1.17.0 - 2021-07-06 + +### Added + +* Add Void Linux overrides for certbot-apache. + +### Changed + +* We changed how dependencies are specified between Certbot packages. For this + and future releases, higher level Certbot components will require that lower + level components are the same version or newer. More specifically, version X + of the Certbot package will now always require acme>=X and version Y of a + plugin package will always require acme>=Y and certbot=>Y. Specifying + dependencies in this way simplifies testing and development. +* The Apache authenticator now always configures virtual hosts which do not have + an explicit `ServerName`. This should make it work more reliably with the + default Apache configuration in Debian-based environments. + +### Fixed + +* When we increased the logging level on our nginx "Could not parse file" message, + it caused a previously-existing inability to parse empty files to become more + visible. We have now added the ability to correctly parse empty files, so that + message should only show for more significant errors. + +More details about these changes can be found on our GitHub repo. + ## 1.16.0 - 2021-06-01 ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/PKG-INFO new/certbot-1.17.0/PKG-INFO --- old/certbot-1.16.0/PKG-INFO 2021-06-01 19:49:18.495477000 +0200 +++ new/certbot-1.17.0/PKG-INFO 2021-07-06 17:41:18.405661800 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: certbot -Version: 1.16.0 +Version: 1.17.0 Summary: ACME client Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project @@ -26,8 +26,10 @@ Classifier: Topic :: System :: Systems Administration Classifier: Topic :: Utilities Requires-Python: >=3.6 +Provides-Extra: all Provides-Extra: dev Provides-Extra: docs +Provides-Extra: test License-File: LICENSE.txt .. This file contains a series of comments that are used to include sections of this README in other files. Do not modify these comments unless you know what you are doing. tag:intro-begin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/__init__.py new/certbot-1.17.0/certbot/__init__.py --- old/certbot-1.16.0/certbot/__init__.py 2021-06-01 19:49:18.000000000 +0200 +++ new/certbot-1.17.0/certbot/__init__.py 2021-07-06 17:41:17.000000000 +0200 @@ -1,3 +1,3 @@ """Certbot client.""" # version number like 1.2.3a0, must have at least 2 parts, like 1.2 -__version__ = '1.16.0' +__version__ = '1.17.0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/cli/__init__.py new/certbot-1.17.0/certbot/_internal/cli/__init__.py --- old/certbot-1.16.0/certbot/_internal/cli/__init__.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/cli/__init__.py 2021-07-06 17:41:16.000000000 +0200 @@ -71,6 +71,11 @@ default=flag_default("verbose_count"), help="This flag can be used " "multiple times to incrementally increase the verbosity of output, " "e.g. -vvv.") + # This is for developers to set the level in the cli.ini, and overrides + # the --verbose flag + helpful.add( + None, "--verbose-level", dest="verbose_level", + default=flag_default("verbose_level"), help=argparse.SUPPRESS) helpful.add( None, "-t", "--text", dest="text_mode", action="store_true", default=flag_default("text_mode"), help=argparse.SUPPRESS) @@ -449,6 +454,7 @@ plugins = plugins_disco.PluginsRegistry.find_all() # reconstructed_args == sys.argv[1:], or whatever was passed to main() reconstructed_args = helpful_parser.args + [helpful_parser.verb] + detector = set_by_cli.detector = prepare_and_parse_args( # type: ignore plugins, reconstructed_args, detect_defaults=True) # propagate plugin requests: eg --standalone modifies config.authenticator diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/client.py new/certbot-1.17.0/certbot/_internal/client.py --- old/certbot-1.16.0/certbot/_internal/client.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/client.py 2021-07-06 17:41:16.000000000 +0200 @@ -2,7 +2,7 @@ import datetime import logging import platform -from typing import Optional +from typing import List, Optional, Union from cryptography.hazmat.backends import default_backend # See https://github.com/pyca/cryptography/issues/4275 @@ -598,7 +598,8 @@ with error_handler.ErrorHandler(self._rollback_and_restart, msg): self.installer.restart() - def apply_enhancement(self, domains, enhancement, options=None): + def apply_enhancement(self, domains: List[str], enhancement: str, + options: Optional[Union[List[str], str]] = None) -> None: """Applies an enhancement on all domains. :param list domains: list of ssl_vhosts (as strings) @@ -612,33 +613,28 @@ """ - msg = f"Could not set up {enhancement} enhancement" - with error_handler.ErrorHandler(self._recovery_routine_with_msg, msg): + enh_label = options if enhancement == "ensure-http-header" else enhancement + with error_handler.ErrorHandler(self._recovery_routine_with_msg, None): for dom in domains: try: self.installer.enhance(dom, enhancement, options) except errors.PluginEnhancementAlreadyPresent: - if enhancement == "ensure-http-header": - logger.info("Enhancement %s was already set.", - options) - else: - logger.info("Enhancement %s was already set.", - enhancement) + logger.info("Enhancement %s was already set.", enh_label) except errors.PluginError: - logger.error("Unable to set enhancement %s for %s", - enhancement, dom) + logger.error("Unable to set the %s enhancement for %s.", enh_label, dom) raise - self.installer.save("Add enhancement %s" % (enhancement)) + self.installer.save(f"Add enhancement {enh_label}") - def _recovery_routine_with_msg(self, success_msg): + def _recovery_routine_with_msg(self, success_msg: Optional[str]) -> None: """Calls the installer's recovery routine and prints success_msg :param str success_msg: message to show on successful recovery """ self.installer.recovery_routine() - display_util.notify(success_msg) + if success_msg: + display_util.notify(success_msg) def _rollback_and_restart(self, success_msg): """Rollback the most recent checkpoint and restart the webserver diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/constants.py new/certbot-1.17.0/certbot/_internal/constants.py --- old/certbot-1.16.0/certbot/_internal/constants.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/constants.py 2021-07-06 17:41:16.000000000 +0200 @@ -22,7 +22,8 @@ ], # Main parser - verbose_count=-int(logging.WARNING / 10), + verbose_count=0, + verbose_level=None, text_mode=False, max_log_backups=1000, preconfigured_renewal=False, @@ -142,6 +143,9 @@ QUIET_LOGGING_LEVEL = logging.ERROR """Logging level to use in quiet mode.""" +DEFAULT_LOGGING_LEVEL = logging.WARNING +"""Default logging level to use when not in quiet mode.""" + RENEWER_DEFAULTS = dict( renewer_enabled="yes", renew_before_expiry="30 days", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/log.py new/certbot-1.17.0/certbot/_internal/log.py --- old/certbot-1.16.0/certbot/_internal/log.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/log.py 2021-07-06 17:41:16.000000000 +0200 @@ -120,8 +120,11 @@ if config.quiet: level = constants.QUIET_LOGGING_LEVEL + elif config.verbose_level is not None: + level = constants.DEFAULT_LOGGING_LEVEL - int(config.verbose_level) * 10 else: - level = -config.verbose_count * 10 + level = constants.DEFAULT_LOGGING_LEVEL - config.verbose_count * 10 + stderr_handler.setLevel(level) logger.debug('Root logging level set at %d', level) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/main.py new/certbot-1.17.0/certbot/_internal/main.py --- old/certbot-1.16.0/certbot/_internal/main.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/main.py 2021-07-06 17:41:16.000000000 +0200 @@ -202,7 +202,7 @@ "--duplicate option.{br}{br}" "For example:{br}{br}{1} --duplicate {2}".format( existing, - sys.argv[0], " ".join(sys.argv[1:]), + cli.cli_command, " ".join(sys.argv[1:]), br=os.linesep )) raise errors.Error(USER_CANCELLED) @@ -507,6 +507,13 @@ "Certificates created using --csr will not be renewed automatically by Certbot. " "You will need to renew the certificate before it expires, by running the same " "Certbot command again.") + elif _is_interactive_only_auth(config): + steps.append( + "This certificate will not be renewed automatically. Autorenewal of " + "--manual certificates requires the use of an authentication hook script " + "(--manual-auth-hook) but one was not provided. To renew this certificate, repeat " + f"this same {cli.cli_command} command before the certificate's expiry date." + ) elif not config.preconfigured_renewal: steps.append( "The certificate will need to be renewed before it expires. Certbot can " @@ -556,6 +563,11 @@ assert cert_path and fullchain_path, "No certificates saved to report." + renewal_msg = "" + if config.preconfigured_renewal and not _is_interactive_only_auth(config): + renewal_msg = ("\nCertbot has set up a scheduled task to automatically renew this " + "certificate in the background.") + display_util.notify( ("\nSuccessfully received certificate.\n" "Certificate is saved at: {cert_path}\n{key_msg}" @@ -564,13 +576,22 @@ cert_path=fullchain_path, expiry=crypto_util.notAfter(cert_path).date(), key_msg="Key is saved at: {}\n".format(key_path) if key_path else "", - renewal_msg="\nCertbot has set up a scheduled task to automatically renew this " - "certificate in the background." if config.preconfigured_renewal else "", + renewal_msg=renewal_msg, nl="\n" if config.verb == "run" else "" # Normalize spacing across verbs ) ) +def _is_interactive_only_auth(config: interfaces.IConfig) -> bool: + """ Whether the current authenticator params only support interactive renewal. + """ + # --manual without --manual-auth-hook can never autorenew + if config.authenticator == "manual" and config.manual_auth_hook is None: + return True + + return False + + def _csr_report_new_cert(config: interfaces.IConfig, cert_path: Optional[str], chain_path: Optional[str], fullchain_path: Optional[str]): """ --csr variant of _report_new_cert. @@ -1052,7 +1073,7 @@ if not enhancements.are_requested(config) and not oldstyle_enh: msg = ("Please specify one or more enhancement types to configure. To list " "the available enhancement types, run:\n\n%s --help enhance\n") - logger.error(msg, sys.argv[0]) + logger.error(msg, cli.cli_command) raise errors.MisconfigurationError("No enhancements requested, exiting.") try: @@ -1398,7 +1419,7 @@ if config.csr: cert_path, chain_path, fullchain_path = _csr_get_and_save_cert(config, le_client) _csr_report_new_cert(config, cert_path, chain_path, fullchain_path) - _report_next_steps(config, None, None) + _report_next_steps(config, None, None, new_or_renewed_cert=not config.dry_run) _suggest_donation_if_appropriate(config) eff.handle_subscription(config, le_client.account) return @@ -1417,7 +1438,8 @@ fullchain_path = lineage.fullchain_path if lineage else None key_path = lineage.key_path if lineage else None _report_new_cert(config, cert_path, fullchain_path, key_path) - _report_next_steps(config, None, lineage, new_or_renewed_cert=should_get_cert) + _report_next_steps(config, None, lineage, + new_or_renewed_cert=should_get_cert and not config.dry_run) _suggest_donation_if_appropriate(config) eff.handle_subscription(config, le_client.account) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/_internal/plugins/standalone.py new/certbot-1.17.0/certbot/_internal/plugins/standalone.py --- old/certbot-1.16.0/certbot/_internal/plugins/standalone.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/_internal/plugins/standalone.py 2021-07-06 17:41:16.000000000 +0200 @@ -5,6 +5,7 @@ import socket from typing import DefaultDict from typing import Dict +from typing import List from typing import Set from typing import Tuple from typing import TYPE_CHECKING @@ -184,6 +185,14 @@ if not self.served[servers]: self.servers.stop(port) + def auth_hint(self, failed_achalls: List[achallenges.AnnotatedChallenge]) -> str: + port, addr = self.config.http01_port, self.config.http01_address + neat_addr = f"{addr}:{port}" if addr else f"port {port}" + return ("The Certificate Authority failed to download the challenge files from " + f"the temporary standalone webserver started by Certbot on {neat_addr}. " + "Ensure that the listed domains point to this machine and that it can " + "accept inbound connections from the internet.") + def _handle_perform_error(error): if error.socket_error.errno == errno.EACCES: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot/plugins/common.py new/certbot-1.17.0/certbot/plugins/common.py --- old/certbot-1.16.0/certbot/plugins/common.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/certbot/plugins/common.py 2021-07-06 17:41:16.000000000 +0200 @@ -119,7 +119,7 @@ # This is a fallback hint. Authenticators should implement their own auth_hint that # addresses the specific mechanics of that authenticator. challs = " and ".join(sorted({achall.typ for achall in failed_achalls})) - return ("The Certificate Authority couldn't exterally verify that the {name} plugin " + return ("The Certificate Authority couldn't externally verify that the {name} plugin " "completed the required {challs} challenges. Ensure the plugin is configured " "correctly and that the changes it makes are accessible from the internet." .format(name=self.name, challs=challs)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot.egg-info/PKG-INFO new/certbot-1.17.0/certbot.egg-info/PKG-INFO --- old/certbot-1.16.0/certbot.egg-info/PKG-INFO 2021-06-01 19:49:18.000000000 +0200 +++ new/certbot-1.17.0/certbot.egg-info/PKG-INFO 2021-07-06 17:41:18.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: certbot -Version: 1.16.0 +Version: 1.17.0 Summary: ACME client Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project @@ -26,8 +26,10 @@ Classifier: Topic :: System :: Systems Administration Classifier: Topic :: Utilities Requires-Python: >=3.6 +Provides-Extra: all Provides-Extra: dev Provides-Extra: docs +Provides-Extra: test License-File: LICENSE.txt .. This file contains a series of comments that are used to include sections of this README in other files. Do not modify these comments unless you know what you are doing. tag:intro-begin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/certbot.egg-info/requires.txt new/certbot-1.17.0/certbot.egg-info/requires.txt --- old/certbot-1.16.0/certbot.egg-info/requires.txt 2021-06-01 19:49:18.000000000 +0200 +++ new/certbot-1.17.0/certbot.egg-info/requires.txt 2021-07-06 17:41:18.000000000 +0200 @@ -1,4 +1,4 @@ -acme>=1.8.0 +acme>=1.17.0 ConfigArgParse>=0.9.3 configobj>=5.0.6 cryptography>=2.1.4 @@ -14,19 +14,32 @@ [:sys_platform == "win32"] pywin32>=300 -[dev] -astroid +[all] azure-devops -coverage ipdb -mypy PyGithub -poetry>=1.1.0 +pip +poetry>=1.2.0a1 +tox +twine +wheel +repoze.sphinx.autointerface +Sphinx>=1.2 +sphinx_rtd_theme +coverage +mypy pylint pytest pytest-cov pytest-xdist typing-extensions + +[dev] +azure-devops +ipdb +PyGithub +pip +poetry>=1.2.0a1 tox twine wheel @@ -35,3 +48,12 @@ repoze.sphinx.autointerface Sphinx>=1.2 sphinx_rtd_theme + +[test] +coverage +mypy +pylint +pytest +pytest-cov +pytest-xdist +typing-extensions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/docs/cli-help.txt new/certbot-1.17.0/docs/cli-help.txt --- old/certbot-1.16.0/docs/cli-help.txt 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/docs/cli-help.txt 2021-07-06 17:41:16.000000000 +0200 @@ -41,7 +41,7 @@ and ~/.config/letsencrypt/cli.ini) -v, --verbose This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: - -2) + -3) --max-log-backups MAX_LOG_BACKUPS Specifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. @@ -118,7 +118,7 @@ case, and to know when to deprecate support for past Python versions and flags. If you wish to hide this information from the Let's Encrypt server, set this to - "". (default: CertbotACMEClient/1.15.0 (certbot; + "". (default: CertbotACMEClient/1.16.0 (certbot; OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY (SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel). The flags encoded in the user agent are: --duplicate, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/docs/using.rst new/certbot-1.17.0/docs/using.rst --- old/certbot-1.16.0/docs/using.rst 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/docs/using.rst 2021-07-06 17:41:16.000000000 +0200 @@ -57,10 +57,11 @@ | domain. Doing domain validation in this way is | the only way to obtain wildcard certificates from Let's | Encrypt. -manual_ Y N | Helps you obtain a certificate by giving you instructions to http-01_ (80) or - | perform domain validation yourself. Additionally allows you dns-01_ (53) - | to specify scripts to automate the validation task in a - | customized way. +manual_ Y N | Obtain a certificate by manually following instructions to http-01_ (80) or + | perform domain validation yourself. Certificates created this dns-01_ (53) + | way do not support autorenewal. + | Autorenewal may be enabled by providing an authentication + | hook script to automate the domain validation steps. =========== ==== ==== =============================================================== ============================= .. |dns_plugs| replace:: :ref:`DNS plugins <dns_plugins>` @@ -229,11 +230,21 @@ _acme-challenge.example.com. 300 IN TXT "gfj9Xq...Rg85nM" +.. _manual-renewal: -Additionally you can specify scripts to prepare for validation and -perform the authentication procedure and/or clean up after it by using -the ``--manual-auth-hook`` and ``--manual-cleanup-hook`` flags. This is -described in more depth in the hooks_ section. +**Renewal with the manual plugin** + +Certificates created using ``--manual`` **do not** support automatic renewal unless +combined with an `authentication hook script <#hooks>`_ via ``--manual-auth-hook`` +to automatically set up the required HTTP and/or TXT challenges. + +If you can use one of the other plugins_ which support autorenewal to create +your certificate, doing so is highly recommended. + +To manually renew a certificate using ``--manual`` without hooks, repeat the same +``certbot --manual`` command you used to create the certificate originally. As this +will require you to copy and paste new HTTP files or DNS TXT records, the command +cannot be automated with a cron job. .. _combination: @@ -286,6 +297,10 @@ dns-inwx_ Y Y DNS Authentication for INWX through the XML API dns-azure_ Y N DNS Authentication using Azure DNS dns-godaddy_ Y N DNS Authentication using Godaddy DNS +njalla_ Y N DNS Authentication for njalla +DuckDNS_ Y N DNS Authentication for DuckDNS +Porkbun_ Y N DNS Authentication for Porkbun +Infomaniak_ Y N DNS Authentication using Infomaniak Domains API ================== ==== ==== =============================================================== .. _haproxy: https://github.com/greenhost/certbot-haproxy @@ -302,6 +317,10 @@ .. _dns-inwx: https://github.com/oGGy990/certbot-dns-inwx/ .. _dns-azure: https://github.com/binkhq/certbot-dns-azure .. _dns-godaddy: https://github.com/miigotu/certbot-dns-godaddy +.. _njalla: https://github.com/chaptergy/certbot-dns-njalla +.. _DuckDNS: https://github.com/infinityofspace/certbot_dns_duckdns +.. _Porkbun: https://github.com/infinityofspace/certbot_dns_porkbun +.. _Infomaniak: https://github.com/Infomaniak/certbot-dns-infomaniak If you're interested, you can also :ref:`write your own plugin <dev-plugin>`. @@ -522,6 +541,10 @@ .. seealso:: Most Certbot installations come with automatic renewal out of the box. See `Automated Renewals`_ for more details. +.. seealso:: Users of the `Manual`_ plugin should note that ``--manual`` certificates + will not renew automatically, unless combined with authentication hook scripts. + See `Renewal with the manual plugin <#manual-renewal>`_. + As of version 0.10.0, Certbot supports a ``renew`` action to check all installed certificates for impending expiry and attempt to renew them. The simplest form is simply @@ -710,7 +733,7 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you think you may need to set up automated renewal, follow these instructions to set up a -scheduled task to automatically renew your certificates in the background. If you are unsure +scheduled task to automatically renew your certificates in the background. If you are unsure whether your system has a pre-installed scheduled task for Certbot, it is safe to follow these instructions to create one. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/examples/dev-cli.ini new/certbot-1.17.0/examples/dev-cli.ini --- old/certbot-1.16.0/examples/dev-cli.ini 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/examples/dev-cli.ini 2021-07-06 17:41:16.000000000 +0200 @@ -13,8 +13,6 @@ text = True agree-tos = True debug = True -# Unfortunately, it's not possible to specify "verbose" multiple times -# (correspondingly to -vvvvvv) -verbose = True +verbose-level = 2 # -vv (debug) authenticator = standalone diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/setup.py new/certbot-1.17.0/setup.py --- old/certbot-1.16.0/setup.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/setup.py 2021-07-06 17:41:16.000000000 +0200 @@ -41,7 +41,10 @@ # here to avoid masking the more specific request requirements in acme. See # https://github.com/pypa/pip/issues/988 for more info. install_requires = [ - 'acme>=1.8.0', + # We specify the minimum acme version as the current Certbot version for + # simplicity. See https://github.com/certbot/certbot/issues/8761 for more + # info. + f'acme>={version}', # We technically need ConfigArgParse 0.10.0 for Python 2.6 support, but # saying so here causes a runtime error against our temporary fork of 0.9.3 # in which we added 2.6 support (see #2243), so we relax the requirement. @@ -64,22 +67,13 @@ ] dev_extras = [ - 'astroid', 'azure-devops', - 'coverage', 'ipdb', - 'mypy', 'PyGithub', - # 1.1.0+ is required for poetry to use the poetry-core library for the - # build system declared in tools/pinning/pyproject.toml. - 'poetry>=1.1.0', - 'pylint', - 'pytest', - 'pytest-cov', - 'pytest-xdist', - # typing-extensions is required to import typing.Protocol and make the mypy checks - # pass (along with pylint about non-existent objects) on Python 3.6 & 3.7 - 'typing-extensions', + 'pip', + # poetry 1.2.0+ is required for it to pin pip, setuptools, and wheel. See + # https://github.com/python-poetry/poetry/issues/1584. + 'poetry>=1.2.0a1', 'tox', 'twine', 'wheel', @@ -93,6 +87,21 @@ 'sphinx_rtd_theme', ] +test_extras = [ + 'coverage', + 'mypy', + 'pylint', + 'pytest', + 'pytest-cov', + 'pytest-xdist', + # typing-extensions is required to import typing.Protocol and make the mypy checks + # pass (along with pylint about non-existent objects) on Python 3.6 & 3.7 + 'typing-extensions', +] + + +all_extras = dev_extras + docs_extras + test_extras + setup( name='certbot', version=version, @@ -129,8 +138,10 @@ install_requires=install_requires, extras_require={ + 'all': all_extras, 'dev': dev_extras, 'docs': docs_extras, + 'test': test_extras, }, entry_points={ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/tests/client_test.py new/certbot-1.17.0/tests/client_test.py --- old/certbot-1.16.0/tests/client_test.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/tests/client_test.py 2021-07-06 17:41:16.000000000 +0200 @@ -712,7 +712,7 @@ if enhance_error: self.assertEqual(mock_logger.error.call_count, 1) - self.assertIn('Unable to set enhancement', mock_logger.error.call_args_list[0][0][0]) + self.assertEqual('Unable to set the %s enhancement for %s.', mock_logger.error.call_args_list[0][0][0]) if restart_error: mock_logger.critical.assert_called_with( 'Rolling back to previous server configuration...') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/tests/log_test.py new/certbot-1.17.0/tests/log_test.py --- old/certbot-1.16.0/tests/log_test.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/tests/log_test.py 2021-07-06 17:41:16.000000000 +0200 @@ -122,7 +122,7 @@ if self.config.quiet: self.assertEqual(level, constants.QUIET_LOGGING_LEVEL) else: - self.assertEqual(level, -self.config.verbose_count * 10) + self.assertEqual(level, constants.DEFAULT_LOGGING_LEVEL) def test_debug(self): self.config.debug = True diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/tests/main_test.py new/certbot-1.17.0/tests/main_test.py --- old/certbot-1.16.0/tests/main_test.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/tests/main_test.py 2021-07-06 17:41:16.000000000 +0200 @@ -271,6 +271,21 @@ self._call(('certonly --webroot --cert-name example.com').split()) self.assertIs(mock_choose_names.called, True) + @mock.patch('certbot._internal.main._report_next_steps') + @mock.patch('certbot._internal.main._get_and_save_cert') + @mock.patch('certbot._internal.main._csr_get_and_save_cert') + @mock.patch('certbot._internal.cert_manager.lineage_for_certname') + def test_dryrun_next_steps_no_cert_saved(self, mock_lineage, mock_csr_get_cert, + unused_mock_get_cert, mock_report_next_steps): + """certonly --dry-run shouldn't report creation of a certificate in NEXT STEPS.""" + mock_lineage.return_value = None + mock_csr_get_cert.return_value = ("/cert", "/chain", "/fullchain") + for flag in (f"--csr {CSR}", "-d example.com"): + self._call(f"certonly {flag} --webroot --cert-name example.com --dry-run".split()) + mock_report_next_steps.assert_called_once_with( + mock.ANY, mock.ANY, mock.ANY, new_or_renewed_cert=False) + mock_report_next_steps.reset_mock() + class FindDomainsOrCertnameTest(unittest.TestCase): """Tests for certbot._internal.main._find_domains_or_certname.""" @@ -1886,6 +1901,71 @@ 'This certificate expires on 1970-01-01.' ) + def test_manual_no_hooks_report(self): + """Shouldn't get a message about autorenewal if no --manual-auth-hook""" + self._call(mock.Mock(dry_run=False, authenticator='manual', manual_auth_hook=None), + '/path/to/cert.pem', '/path/to/fullchain.pem', + '/path/to/privkey.pem') + + self.mock_notify.assert_called_with( + '\nSuccessfully received certificate.\n' + 'Certificate is saved at: /path/to/fullchain.pem\n' + 'Key is saved at: /path/to/privkey.pem\n' + 'This certificate expires on 1970-01-01.\n' + 'These files will be updated when the certificate renews.' + ) + + +class ReportNextStepsTest(unittest.TestCase): + """Tests for certbot._internal.main._report_next_steps""" + + def setUp(self): + self.config = mock.MagicMock( + cert_name="example.com", preconfigured_renewal=True, + csr=None, authenticator="nginx", manual_auth_hook=None) + notify_patch = mock.patch('certbot._internal.main.display_util.notify') + self.mock_notify = notify_patch.start() + self.addCleanup(notify_patch.stop) + self.old_stdout = sys.stdout + sys.stdout = io.StringIO() + + def tearDown(self): + sys.stdout = self.old_stdout + + @classmethod + def _call(cls, *args, **kwargs): + from certbot._internal.main import _report_next_steps + _report_next_steps(*args, **kwargs) + + def _output(self) -> str: + self.mock_notify.assert_called_once() + return self.mock_notify.call_args_list[0][0][0] + + def test_report(self): + """No steps for a normal renewal""" + self.config.authenticator = "manual" + self.config.manual_auth_hook = "/bin/true" + self._call(self.config, None, None) + self.mock_notify.assert_not_called() + + def test_csr_report(self): + """--csr requires manual renewal""" + self.config.csr = "foo.csr" + self._call(self.config, None, None) + self.assertIn("--csr will not be renewed", self._output()) + + def test_manual_no_hook_renewal(self): + """--manual without a hook requires manual renewal""" + self.config.authenticator = "manual" + self._call(self.config, None, None) + self.assertIn("--manual certificates requires", self._output()) + + def test_no_preconfigured_renewal(self): + """No --preconfigured-renewal needs manual cron setup""" + self.config.preconfigured_renewal = False + self._call(self.config, None, None) + self.assertIn("https://certbot.org/renewal-setup", self._output()) + class UpdateAccountTest(test_util.ConfigTestCase): """Tests for certbot._internal.main.update_account""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-1.16.0/tests/plugins/standalone_test.py new/certbot-1.17.0/tests/plugins/standalone_test.py --- old/certbot-1.16.0/tests/plugins/standalone_test.py 2021-06-01 19:49:17.000000000 +0200 +++ new/certbot-1.17.0/tests/plugins/standalone_test.py 2021-07-06 17:41:16.000000000 +0200 @@ -177,6 +177,13 @@ "server1": set(), "server2": set()}) self.auth.servers.stop.assert_called_with(2) + def test_auth_hint(self): + self.config.http01_port = "80" + self.config.http01_address = None + self.assertIn("on port 80", self.auth.auth_hint([])) + self.config.http01_address = "127.0.0.1" + self.assertIn("on 127.0.0.1:80", self.auth.auth_hint([])) + if __name__ == "__main__": unittest.main() # pragma: no cover