diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py
index d308db72e..df56d74ae 100644
--- a/letsencrypt/cli.py
+++ b/letsencrypt/cli.py
@@ -1,16 +1,13 @@
-"""Let's Encrypt CLI."""
+"""Let's Encrypt command CLI argument processing."""
 from __future__ import print_function
 import argparse
-import atexit
 import copy
-import functools
 import glob
 import json
 import logging
 import logging.handlers
 import os
 import sys
-import time
 import traceback
 
 import configargparse
@@ -19,32 +16,20 @@ import zope.component
 import zope.interface.exceptions
 import zope.interface.verify
 
-from letsencrypt import account
-from letsencrypt import colored_logging
+import letsencrypt
+
 from letsencrypt import configuration
 from letsencrypt import constants
-from letsencrypt import client
 from letsencrypt import crypto_util
 from letsencrypt import errors
 from letsencrypt import interfaces
 from letsencrypt import le_util
-from letsencrypt import log
 from letsencrypt import main
-from letsencrypt import reporter
 from letsencrypt import storage
 
-from letsencrypt.display import util as display_util
 from letsencrypt.display import ops as display_ops
 from letsencrypt.plugins import disco as plugins_disco
 
-# TODO: Sanity check all input.  Be sure to avoid shell code etc...
-# pylint: disable=too-many-lines
-# (TODO: split this file into main.py and cli.py)
-
-
-
-
-
 
 logger = logging.getLogger(__name__)
 
@@ -1321,10 +1306,3 @@ class DomainFlagProcessor(argparse.Action):  # pylint: disable=missing-docstring
     def __call__(self, parser, args, domain_arg, option_string=None):
         """Just wrap process_domain in argparseese."""
         process_domain(args, domain_arg)
-
-
-if __name__ == "__main__":
-    err_string = main.main()
-    if err_string:
-        logger.warn("Exiting with message %s", err_string)
-    sys.exit(err_string)  # pragma: no cover
diff --git a/letsencrypt/main.py b/letsencrypt/main.py
index 89e7a85a3..516cdf843 100644
--- a/letsencrypt/main.py
+++ b/letsencrypt/main.py
@@ -1,3 +1,4 @@
+"""Let's Encrypt main entry point."""
 from __future__ import print_function
 import atexit
 import functools
@@ -5,6 +6,8 @@ import os
 import sys
 import zope.component
 
+import letsencrypt
+
 from letsencrypt import account
 from letsencrypt import client
 from letsencrypt import cli
@@ -694,3 +697,9 @@ def main(cli_args=sys.argv[1:]):
     atexit.register(report.atexit_print_messages)
 
     return config.func(config, plugins)
+
+if __name__ == "__main__":
+    err_string = main()
+    if err_string:
+        logger.warn("Exiting with message %s", err_string)
+    sys.exit(err_string)  # pragma: no cover
diff --git a/letsencrypt/tests/cli_test.py b/letsencrypt/tests/cli_test.py
index f17f0fb73..c3fd91c11 100644
--- a/letsencrypt/tests/cli_test.py
+++ b/letsencrypt/tests/cli_test.py
@@ -13,13 +13,14 @@ import mock
 
 from acme import jose
 
-from letsencrypt import account, main
+from letsencrypt import account
 from letsencrypt import cli
 from letsencrypt import configuration
 from letsencrypt import constants
 from letsencrypt import crypto_util
 from letsencrypt import errors
 from letsencrypt import le_util
+from letsencrypt import main
 from letsencrypt import storage
 
 from letsencrypt.plugins import disco
@@ -906,10 +907,10 @@ class DetermineAccountTest(unittest.TestCase):
 
     def _call(self):
         # pylint: disable=protected-access
-        from letsencrypt.cli import _determine_account
+        from letsencrypt.main import _determine_account
         with mock.patch('letsencrypt.cli.account.AccountFileStorage') as mock_storage:
             mock_storage.return_value = self.account_storage
-            return main._determine_account(self.config)
+            return _determine_account(self.config)
 
     def test_args_account_set(self):
         self.account_storage.save(self.accs[1])
@@ -971,30 +972,30 @@ class DuplicativeCertsTest(storage_test.BaseRenewableCertTest):
 
     @mock.patch('letsencrypt.le_util.make_or_verify_dir')
     def test_find_duplicative_names(self, unused_makedir):
-        from letsencrypt.cli import _find_duplicative_certs
+        from letsencrypt.main import _find_duplicative_certs
         test_cert = test_util.load_vector('cert-san.pem')
         with open(self.test_rc.cert, 'w') as f:
             f.write(test_cert)
 
         # No overlap at all
-        result = main._find_duplicative_certs(
+        result = _find_duplicative_certs(
             self.cli_config, ['wow.net', 'hooray.org'])
         self.assertEqual(result, (None, None))
 
         # Totally identical
-        result = main._find_duplicative_certs(
+        result = _find_duplicative_certs(
             self.cli_config, ['example.com', 'www.example.com'])
         self.assertTrue(result[0].configfile.filename.endswith('example.org.conf'))
         self.assertEqual(result[1], None)
 
         # Superset
-        result = main._find_duplicative_certs(
+        result = _find_duplicative_certs(
             self.cli_config, ['example.com', 'www.example.com', 'something.new'])
         self.assertEqual(result[0], None)
         self.assertTrue(result[1].configfile.filename.endswith('example.org.conf'))
 
         # Partial overlap doesn't count
-        result = main._find_duplicative_certs(
+        result = _find_duplicative_certs(
             self.cli_config, ['example.com', 'something.new'])
         self.assertEqual(result, (None, None))