U ÝÁ]HÃã@s dZddlmZddlZddlZddlZddlZddlZ ddl Z ddl m ZddlmZddlZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlm Z ddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddl"m#Z#ddl"m$Z$ddl"m%Z%ddl&m!Z'm(Z)ddl*m+Z,ddl*m-Z-ddl*m.Z/dZ0e 1e2¡Z3dd„Z4d d!„Z5dpd"d#„Z6d$d%„Z7d&d'„Z8d(d)„Z9d*d+„Z:d,d-„Z;d.d/„Zdqd4d5„Z?drd6d7„Z@d8d9„ZAd:d;„ZBdd?„ZDd@dA„ZEdBdC„ZFdsdDdE„ZGdFdG„ZHdHdI„ZIdJdK„ZJdLdM„ZKdNdO„ZLdPdQ„ZMdRdS„ZNdTdU„ZOdVdW„ZPdXdY„ZQdZd[„ZRd\d]„ZSd^d_„ZTd`da„ZUdbdc„ZVddde„ZWdfdg„ZXdhdi„ZYdjdk„ZZdtdldm„Z[e2dnkre[ƒZ\e\rþe3 ]doe\¡e ^e\¡dS)uzCertbot main entry point.é)Úprint_functionN)Úerrors)ÚUnion)Úaccount)Ú cert_manager)Úcli)Úclient)Ú configuration)Ú constants)Ú crypto_util)Úeff)Úhooks)Ú interfaces)Úlog)Úrenewal)Úreporter)Ústorage)Úupdater)Úutil)Ú filesystem)Úmisc)Úos)rÚops)Údisco)Ú enhancements)Ú selectionz?User chose to cancel the operation and may reinvoke the client.cCs<|jdkst‚|jrdStj tj¡}d}| ||j ¡dS)z­Potentially suggest a donation to support Certbot. :param config: Configuration object :type config: interfaces.IConfig :returns: `None` :rtype: None ÚrenewNzÀIf you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ) ÚverbÚAssertionErrorZstagingÚzopeÚ componentÚ getUtilityrÚ IReporterÚ add_messageÚ LOW_PRIORITY)ÚconfigÚ reporter_utilÚmsg©r(ú./usr/lib/python3/dist-packages/certbot/main.pyÚ _suggest_donation_if_appropriate1s r*cCs2tj tj¡}|jdkst‚|jd|jdddS)z˜Reports on successful dry run :param config: Configuration object :type config: interfaces.IConfig :returns: `None` :rtype: None rzThe dry run was successful.F)Zon_crashN) rr r!rr"rrr#Ú HIGH_PRIORITY)r%r&r(r(r)Ú_report_successful_dry_runEs ÿr,c Cs–t |¡zz|dk r0t d¡t ||||¡nR|dk szThis is impossibleN)Zensure_deployedrZ should_renewrNr@rArBrrCrrr r!rrEZmenuÚ display_utilZCANCELrr0r)r%r6rLZkeep_optÚchoicesÚdisplayZresponser(r(r)Ú_handle_identical_cert_request´s@ ÿü  ÿÿÿ  rUcCsX|jr dSt ||¡\}}|dkr.|dkr.dS|dk r@t||ƒS|dk rTt|||ƒSdS)aöDetermine whether there are duplicated names and how to handle them (renew, reinstall, newcert, or raising an error to stop the client run if the user chooses to cancel the operation when prompted). :param config: Configuration object :type config: interfaces.IConfig :param domains: List of domain names :type domains: `list` of `str` :returns: Two-element tuple containing desired new-certificate behavior as a string token ("reinstall", "renew", or "newcert"), plus either a RenewableCert instance or `None` if renewal shouldn't occur. :rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None` :raises errors.Error: If the user would like to rerun the client again. ©ZnewcertNN©NN)Z duplicaterZfind_duplicative_certsrUrM)r%r4Zident_names_certZsubset_names_certr(r(r)Ú_find_lineage_for_domainsæs  rXcCs.t|||ƒ\}}|dkr"t d¡|dk|fS)aWFinds an existing certificate object given domains and/or a certificate name. :param config: Configuration object :type config: interfaces.IConfig :param domains: List of domain names :type domains: `list` of `str` :param certname: Name of certificate :type certname: str :returns: Two-element tuple of a boolean that indicates if this function should be followed by a call to fetch a certificate from the server, and either a RenewableCert instance or None. :rtype: `tuple` of `bool` and :class:`storage.RenewableCert` or `None` rNz Keeping the existing certificate)Ú&_find_lineage_for_domains_and_certnamer-r.)r%r4r5Úactionr6r(r(r)Ú _find_cert s r[cCsz|st||ƒSt ||¡}|r^|rTtt ||¡ƒt|ƒkrTt|||| ¡ƒd|fSt||ƒS|rfdSt  d  |¡¡‚dS)a¦Find appropriate lineage based on given domains and/or certname. :param config: Configuration object :type config: interfaces.IConfig :param domains: List of domain names :type domains: `list` of `str` :param certname: Name of certificate :type certname: str :returns: Two-element tuple containing desired new-certificate behavior as a string token ("reinstall", "renew", or "newcert"), plus either a RenewableCert instance or None if renewal should not occur. :rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None` :raises errors.Error: If the user would like to rerun the client again. rrVz}No certificate with name {0} found. Use -d to specify domains, or run certbot certificates to see possible certificate names.N) rXrÚlineage_for_certnameÚsetÚdomains_for_certnameÚ_ask_user_to_confirm_new_namesr1rUrÚConfigurationErrorr@)r%r4r5r6r(r(r)rY$s   ÿ þrYcCs@tt|ƒt|ƒƒ}tt|ƒt|ƒƒ}| ¡| ¡||fS)zWGet lists of items removed from `before` and a lists of items added to `after` )Úlistr]Úsort)ZafterZbeforeÚaddedÚremovedr(r(r)Ú_get_added_removedMs recCs(|s d}ndd |¡}|j|tjdS)z%Format list with given character z {br}(None)z {br}{ch} )Zchr9)r?r@rrC)Ú characterZstringsZ formattedr(r(r)Ú _format_listWsþrgcCsf|jr dSt||ƒ\}}dj|td|ƒtd|ƒtjd}tj t j ¡}|j |dddd sbt   d ¡‚dS) a÷Ask user to confirm update cert certname to contain new_domains. :param config: Configuration object :type config: interfaces.IConfig :param new_domains: List of new domain names :type new_domains: `list` of `str` :param certname: Name of certificate :type certname: str :param old_domains: List of old domain names :type old_domains: `list` of `str` :returns: None :rtype: None :raises errors.ConfigurationError: if cert name and domains mismatch Nz©You are updating certificate {0} to include new domain(s): {1}{br}{br}You are also removing previously included domain(s): {2}{br}{br}Did you intend to make this change?ú+ú-r8z Update certr:T)rQz+Specified mismatched cert name and domains.)Zrenew_with_new_domainsrer@rgrrCrr r!rrErFrr`)r%Z new_domainsr5Z old_domainsrcrdr'Úobjr(r(r)r_csúr_cCsRd}|j}|jr|j}n|r(t ||¡}|s8t ||¡}|sJ|sJt d¡‚||fS)aRetrieve domains and certname from config or user input. :param config: Configuration object :type config: interfaces.IConfig :param installer: Installer object :type installer: interfaces.IInstaller :param `str` question: Overriding dialog question to ask the user if asked to choose from domain names. :returns: Two-part tuple of domains and certname :rtype: `tuple` of list of `str` and `str` :raises errors.Error: Usage message, if parameters are not used correctly Nz‡Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.)r5r4rr^Ú display_opsZ choose_namesrr0)r%Ú installerrLr4r5r(r(r)Ú_find_domains_or_certnameˆs   rmc Cs”|jrt|ƒdS|r|s"tdƒ‚t |¡ ¡}tj t j ¡}|j dkrLdnd}|rddj |t jdnd}dj |||tj|t jd}| ||j¡dS) aDReports the creation of a new certificate to the user. :param cert_path: path to certificate :type cert_path: str :param fullchain_path: path to full chain :type fullchain_path: str :param key_path: path to private key, if available :type key_path: str :returns: `None` :rtype: None Nz No certificates saved to report.rOz with the "certonly" optionÚz+Your key file has been saved at:{br}{0}{br}r8aCongratulations! Your certificate and chain have been saved at:{br}{0}{br}{1}Your cert will expire on {2}. To obtain a new or tweaked version of this certificate in the future, simply run {3} again{4}. To non-interactively renew *all* of your certificates, run "{3} renew")Údry_runr,rr ZnotAfterÚdaterr r!rr"rr@rrCrZ cli_commandr#ÚMEDIUM_PRIORITY) r%Ú cert_pathÚfullchain_pathÚkey_pathZexpiryr&Z verbswitchZprivkey_statementr'r(r(r)Ú_report_new_cert±s.ÿÿÿúrucsð‡fdd„}t ˆ¡}d}ˆjdk r2| ˆj¡}n®| ¡}t|ƒdkrRt |¡}nŽt|ƒdkrh|d}nxˆjdkr‚ˆjs‚t  ¡ˆ_zt j ˆ||d\}}WnDt j k r²‚Yn.t jk rÞtjddd t  d ¡‚YnX|jˆ_||fS) aèDetermine which account to use. If ``config.account`` is ``None``, it will be updated based on the user input. Same for ``config.email``. :param config: Configuration object :type config: interfaces.IConfig :returns: Account and optionally ACME client API (biproduct of new registration). :rtype: tuple of :class:`certbot.account.Account` and :class:`acme.client.Client` :raises errors.Error: If unable to register an account with ACME server csLˆjr dSd |ˆj¡}tj tj¡}|j|ddddd}|sHt   d¡‚dS)NTzhPlease read the Terms of Service at {0}. You must agree in order to register with the ACME server at {1}ZAgreer:z --agree-tosr;z?Registration cannot proceed without accepting Terms of Service.) Ztosr@Zserverrr r!rrErFrr0)Zterms_of_servicer'rjÚresult©r%r(r)Ú_tos_cbës ý ÿÿz#_determine_account.._tos_cbNr>r)Ztos_cbrnT)Úexc_infoz.Unable to register an account with ACME server)rÚAccountFileStorageÚloadÚfind_allÚlenrkZchoose_accountÚemailÚregister_unsafely_without_emailÚ get_emailrÚregisterrZMissingCommandlineFlagr0r-ÚdebugÚid)r%rxÚaccount_storageÚacmeÚaccÚaccountsr(rwr)Ú_determine_accountÛs6        ÿÿ rˆc sDtj tj¡}tj tj¡}|j}|dkrBd}|j|ddddd}|sX| d|j ¡dS|j sbt ‚|j stt  |¡|_ t t t ||j ¡¡||j ¡‰z&t  |‡fdd „gd d „d d „¡Wnztjk rðd  ˆ¡}| d  |¡|j¡YdStk r4}z&d}| |j|jˆ|¡}t |¡‚W5d}~XYnXt  |¡dS)a›Does the user want to delete their now-revoked certs? If run in non-interactive mode, deleting happens automatically. :param config: parsed command line arguments :type config: interfaces.IConfig :returns: `None` :rtype: None :raises errors.Error: If anything goes wrong, including bad user input, if an overlapping archive dir is found for the specified lineage, etc ... NzmWould you like to delete the cert(s) you just revoked, along with all earlier and later versions of the cert?zYes (recommended)ZNoT)Ú yes_labelÚno_labelr<rQzNot deleting revoked certs.csˆS©Nr(©Úx©Z archive_dirr(r)Ú>óz(_delete_if_appropriate..cSs|jSr‹rŽrŒr(r(r)r?rcSs|Sr‹r(rŒr(r(r)r?rz^Not deleting revoked certs due to overlapping archive dirs. More than one lineage is using {0}rnz_config.default_archive_dir: {0}, config.live_dir: {1}, archive_dir: {2},original exception: {3})rr r!rrEr"Zdelete_after_revokerFr#r$rrrr5rZcert_path_to_lineagerZfull_archive_pathÚ configobjZ ConfigObjZrenewal_file_for_certnameZmatch_and_check_overlapsrZOverlappingMatchFoundr@r?rqÚ ExceptionZdefault_archive_dirr2r0Údelete)r%rTr&Zattempt_deletionr'Úer(rŽr)Ú_delete_if_appropriatesH  ÿ  þÿÿr•cCs>|dk r"t|ƒ\}}t d|¡nd\}}tj|||||dS)anInitialize Let's Encrypt Client :param config: Configuration object :type config: interfaces.IConfig :param authenticator: Acme authentication handler :type authenticator: interfaces.IAuthenticator :param installer: Installer object :type installer: interfaces.IInstaller :returns: client: Client object :rtype: client.Client NzPicked account: %rrW©r…)rˆr-r‚rÚClient)r%Ú authenticatorrlr†r…r(r(r)Ú_init_le_clientNs  r™c Csªt |¡}| ¡}tj tj¡}|s(dStj tj¡j }d}||dddd}|sTdSt |ƒ\}} t j ||dd| d } | j  |j¡t |¡} |  |j¡| d |j¡dS) zúDeactivate account on server :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None z.Could not find existing account to deactivate.zCAre you sure you would like to irrevocably deactivate your account?Z DeactivateZAbortT)r‰rŠrQzDeactivation aborted.Nr–zAccount deactivated.)rrzr|rr r!rr"rErFrˆrr—r…Zdeactivate_registrationÚregrr“r#rq) r%Úunused_pluginsr„r‡r&rFÚpromptZwants_deactivater†r…Ú cb_clientZ account_filesr(r(r)Ú unregisteris& ÿ   ržcCsD|jrd}t |¡t||ƒSt |¡}| ¡}|r8dSt|ƒdS)a$Create accounts on the server. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` or a string indicating and error :rtype: None or str zuUsage 'certbot register --update-registration' is deprecated. Please use 'certbot update_account [options]' instead. zmThere is an existing account; registration of a duplicate account with this command is currently unsupported.N)Úupdate_registrationr-ÚwarningÚupdate_accountrrzr|rˆ)r%r›r'r„r‡r(r(r)r’s   rc sôt |¡}| ¡}tj tj¡‰‡fdd„}|s4dS|jdkrV|j rHdSt j dd|_t |ƒ\}}t j||dd|d}d d „|j d ¡Dƒ}|jj} |j |jj|jjj|d d ¡|_|jj| d|_| ||j¡t |¡|d |j¡ƒdS)a$Modify accounts on the server. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` or a string indicating and error :rtype: None or str csˆ |ˆj¡Sr‹)r#rq)Úm©r&r(r)rÊrz update_account..z-Could not find an existing account to update.Nz‚--register-unsafely-without-email provided, however, a new e-mail address must currently be provided when updating a registration.F)Zoptionalr–cSsg|] }d|‘qS)zmailto:r()Ú.0r~r(r(r)Ú Øsz"update_account..ú,)Zcontact)Úbody)Úuriz'Your e-mail address was updated to {0}.)rrzr|rr r!rr"r~rrkr€rˆrr—Úsplitršr¨r…rŸÚupdater§Z save_regrr Zhandle_subscriptionr@) r%r›r„r‡Zadd_msgr†r…rZ acc_contactsZ prev_regr_urir(r£r)r¡¸s,     ÿ  r¡cCsF|r|n|}|jdk st‚| ||j|j|j|j¡| ||j¡dS)a†Install a cert :param config: Configuration object :type config: interfaces.IConfig :param le_client: Client object :type le_client: client.Client :param domains: List of domains :type domains: `list` of `str` :param lineage: Certificate lineage object. Defaults to `None` :type lineage: storage.RenewableCert :returns: `None` :rtype: None N)rrrZdeploy_certificatertÚ chain_pathrsÚenhance_config)r%r3r4r6Z path_providerr(r(r)Ú _install_certås  ÿr­c Cs*zt ||d¡\}}Wn0tjk rF}zt|ƒWY¢Sd}~XYnX|joR|j}|jsz|szd}tj |dd|dd|_t   ||¡st  d¡‚|jr t |ƒ}nt  |¡r´t d¡‚|jrò|jròt|ƒt||ƒ\}}t|d|d }t|||ƒn t d ¡‚t  |¡r&t ||j¡} t  | |||¡dS) zòInstall a previously obtained cert in a server. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None ÚinstallNz,Which certificate would you like to install?F©Zallow_multipleZ custom_promptrúVOne ore more of the requested enhancements are not supported by the selected installerzLOne or more of the requested enhancements require --cert-name to be provided©r˜rlz¤Path to certificate or key was not defined. If your certificate is managed by Certbot, please use --cert-name to define which certificate you would like to install.)Úplug_selÚchoose_configurator_pluginsrÚPluginSelectionErrorÚstrrtrrr5rÚ get_certnamesrÚ are_supportedÚNotSupportedErrorÚ_populate_from_certnameÚ are_requestedr`Ú_check_certificate_and_keyrmr™r­r\Úenable) r%ÚpluginsrlÚ_r”Z custom_certÚcertname_questionr4r3r6r(r(r)r®s>  þþ        r®cCsZt ||j¡}|s|S|js&|j|j_|js6|j|j_|jsF|j|j_|jsV|j|j_|S)zfHelper function for install to populate missing config values from lineage defined by --cert-name.)rr\r5rtÚ namespacerrr«rs)r%r6r(r(r)r¹;s    r¹cCsPtj t |j¡¡s&t d |j¡¡‚tj t |j ¡¡sLt d |j ¡¡‚dS)Nz-Error while reading certificate from path {0}z-Error while reading private key from path {0}) rÚpathÚisfilerÚrealpathrrrr`r@rtrwr(r(r)r»Lsÿÿr»cCsÔt d|j¡|jdkrgn|j}| ¡ |¡}t d|¡tjtj t j ¡j dd}|j sr|j sr|t|ƒƒdS|  |¡| |¡}t d|¡|j s¨|t|ƒƒdS|  ¡| ¡}t d|¡|t|ƒƒdS)zàList server software plugins. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None zExpected interfaces: %sNzFiltered plugins: %rF©ÚpausezVerified plugins: %rzPrepared plugins: %s)r-r‚ÚifacesZvisibleÚ functoolsÚpartialrr r!rrEÚ notificationZinitZpreparerµZverifyÚ available)r%r½rÆZfilteredÚnotifyZverifiedrÊr(r(r)Ú plugins_cmdSs,   ÿÿ       rÌc shddddg}t‡fdd„|Dƒƒ}t ˆ¡sP|sPd}t |tjd¡t d ¡‚zt   ˆ|d ¡\}}Wn0tj k r–}zt |ƒWY¢Sd }~XYnXt  ˆ|¡s®t d ¡‚d }tjˆd d|ddˆ_t ˆˆj¡} ˆjrä| } n d} t | | ¡} | st d¡‚t ˆˆj¡} ˆjs"| jˆ_|rHtˆd |d} | j| ˆjddt ˆ¡rdt | | |ˆ¡d S)zöAdd security enhancements to existing configuration :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None ZhstsZredirectZuirZstaplecsg|]}tˆ|ƒ‘qSr()Úgetattr)r¤Zenhrwr(r)r¥‰szenhance..z|Please specify one or more enhancement types to configure. To list the available enhancement types, run: %s --help enhance rz#No enhancements requested, exiting.ÚenhanceNr°zFWhich certificate would you like to use to enhance your configuration?Fr¯zJWhich domain names would you like to enable the selected enhancements for?zAUser cancelled the domain selection. No domains defined, exiting.r±)Z ask_redirect)Úanyrrºr-r rGrHrZMisconfigurationErrorr²r³r´rµr·r¸rr¶r5r^Únoninteractive_moderkZ choose_valuesr0r\r«r™r¬r¼)r%r½Zsupported_enhancementsZ oldstyle_enhr'rlr¾r”r¿Z cert_domainsr4Zdomain_questionr6r3r(rwr)rÎzsJ    þþ   rÎcCst |j|j||¡dS)zýRollback server configuration changes made during install. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None N)rÚrollbackrlZ checkpoints)r%r½r(r(r)rѵs rÑcCst d¡t |¡dS)aPShow changes made to server config during installation View checkpoints and associated configuration changes. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None zZThe config_changes subcommand has been deprecated and will be removed in a future release.N)r-r rZview_config_changes©r%r›r(r(r)Úconfig_changesÅs rÓcCst |¡dS)arUpdate the certificate file family symlinks Use the information in the config file to make symlinks point to the correct archive directory. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None N)rZupdate_live_symlinksrÒr(r(r)Úupdate_symlinksØsrÔcCst |¡dS)aARename a certificate Use the information in the config file to rename an existing lineage. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None N)rZrename_lineagerÒr(r(r)ÚrenameêsrÕcCst |¡dS)aADelete a certificate Use the information in the config file to delete an existing lineage. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None N)rr“rÒr(r(r)r“üsr“cCst |¡dS)aDisplay information about certs configured with Certbot :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None N)rÚ certificatesrÒr(r(r)rÖs rÖc Cs`d|_|_|jdkr.|jr.t ||j¡|_n|jr@|jrJ|jrJt d¡‚|jdk r¦t   d|jd|jd¡t   |jd|jd¡t j |jd¡}t ||¡}n0t   d|jd¡t|ƒ\}}t ||j|j¡}t  |jd¡d}t   d|j¡z | t  |¡|j¡t|ƒWn2tjk rJ}zt|ƒWY¢Sd}~XYnXt |jd¡dS)a:Revoke a previously obtained certificate. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` or string indicating error in case of error :rtype: None or str NzCError! Exactly one of --cert-path or --cert-name must be specified!zRevoking %s using cert key %srr>zRevoking %s using Account KeyzReason code for revocation: %s)rlr˜rrr5rZcert_path_for_cert_namerr0rtr-r‚r Zverify_cert_matches_priv_keyÚjoseZJWKr{rZacme_from_config_keyrˆÚkeyršZpyopenssl_load_certificateÚreasonÚrevokeZComparableX509r•Ú acme_errorsZ ClientErrorrµrkZsuccess_revocation)r%r›rØr…r†r¾rJr”r(r(r)rÚs2   ÿ  rÚc Cs:zt ||d¡\}}Wn0tjk rF}zt|ƒWY¢Sd}~XYnXt ||¡s^t d¡‚t|||ƒ}t ||ƒ\}}t |||ƒ\}} | } |r t ||||| ƒ} | rª| j nd} | r¸| j nd} | rÆ| jnd} t|| | | ƒt|||| ƒt |¡r| rt | |||¡| dks|s$t |¡n t |¡t|ƒdS)zäObtain a certificate and install. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None rONr°)r²r³rr´rµrr·r¸r™rmr[r7rrrsrtrur­rºr¼rkZsuccess_installationZsuccess_renewalr*)r%r½rlr˜r”r3r4r5Úshould_get_certr6Z new_lineagerrrsrtr(r(r)rOKs6   ÿ  rOc Csn|j\}}| |¡\}}|jr0t d|j¡dS| ||tj  |j¡tj  |j ¡tj  |j ¡¡\}}}||fS)aôObtain a cert using a user-supplied CSR This works differently in the CSR case (for now) because we don't have the privkey, and therefore can't construct the files for a lineage. So we just save the cert & chain to disk :/ :param config: Configuration object :type config: interfaces.IConfig :param client: Client object :type client: client.Client :returns: `cert_path` and `fullchain_path` as absolute paths to the actual files :rtype: `tuple` of `str` z*Dry run: skipping saving certificate to %srW) Z actual_csrZobtain_certificate_from_csrror-r‚rrZsave_certificaterrÁÚnormpathr«rs)r%r3Úcsrr¾rJÚchainrrrsr(r(r)Ú_csr_get_and_save_cert‚s  ÿ  þ ràc CsÄzt ||d¡\}}Wn2tjk rH}zt d|¡‚W5d}~XYnXt|||ƒ}t|||d}tj   t j ¡j }|dkr’|d |j¡ddn.t |||¡| ¡|d |j|j¡dddS) a±Renew & save an existing cert. Do not install it. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :param lineage: Certificate lineage object :type lineage: storage.RenewableCert :returns: `None` :rtype: None :raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass rPú'Could not choose appropriate plugin: %sN)r6z9new certificate deployed without reload, fullchain is {0}FrÄzDnew certificate deployed with reload of {0} server; fullchain is {1})r²r³rr´r-r.r™r7rr r!rrErÉr@Z fullchainrZrun_renewal_deployerZrestartrl) r%r½r6rlÚauthr”r3Zrenewed_lineagerËr(r(r)r/žs,  ÿÿÿÿr/c Cszt ||d¡\}}Wn2tjk rH}zt d|¡‚W5d}~XYnXt|||ƒ}|jr‚t||ƒ\}}t |||ƒt |ƒdSt ||ƒ\}} t ||| ƒ\} } | sÄt j tj¡j} | ddddSt|||| | ƒ} | rÞ| jnd}| rì| jnd}| rú| jnd} t |||| ƒt |ƒdS)afAuthenticate & obtain cert, but do not install it. This implements the 'certonly' subcommand. :param config: Configuration object :type config: interfaces.IConfig :param plugins: List of plugins :type plugins: `list` of `str` :returns: `None` :rtype: None :raises errors.Error: If specified plugin could not be used rPráNz5Certificate not yet due for renewal; no action taken.FrÄ)r²r³rr´r-r.r™rÞràrur*rmr[rr r!rrErÉr7rrrsrt)r%r½rlrâr”r3rrrsr4r5rÜr6rËrtr(r(r)rPÈs.    rPcCszt |¡W5t ¡XdS)aRenew previously-obtained certificates. :param config: Configuration object :type config: interfaces.IConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: `list` of `str` :returns: `None` :rtype: None N)r Zrun_saved_post_hooksrZhandle_renewal_requestrÒr(r(r)rùs rcCsVt |jtj|j¡t |jtj|j¡|j|j|j f}|D]}tj ||jdqNzcertbot version: %sz Arguments: %rzDiscovered plugins: %ré)éézgPython 3.4 support will be dropped in the next release of Certbot - please upgrade your Python version.)"rGrHrZpre_arg_parse_setupÚ plugins_discoZPluginsRegistryr|r-r‚ÚcertbotÚ __version__rZprepare_and_parse_argsr ZNamespaceConfigrr rêrZ+raise_for_non_administrative_windows_rightsZpost_arg_parse_setuprärr0ÚfuncrÌÚ version_infor rërZReporterrZatexit_registerZprint_messages)Zcli_argsr½Úargsr%Úreportr(r(r)Úmain6s0              röÚ__main__zExiting with message %s)NNN)N)N)N)N)_Ú__doc__Z __future__rrÇZlogging.handlersZloggingrGr‘Zjosepyr×Zzope.componentrr…rrÛZacme.magic_typingrrðrrrrr r r r r rrrrrrrZcertbot.compatrrrZcertbot.displayrRrrkZcertbot.pluginsrrïrrr²rIZ getLoggerÚ__name__r-r*r,r7rMrUrXr[rYrergr_rmrurˆr•r™ržrr¡r­r®r¹r»rÌrÎrÑrÓrÔrÕr“rÖrÚrOràr/rPrrärëröZ err_stringr Úexitr(r(r(r)Ús¢                            /02')  % ) *<7)&- ;';-7*1 3