Merge branch 'main' into convert-certbot-pr-test-suite-to-actions-20260323-163455

.azure-pipelines/release.yml

@@ -14,3 +14,4 @@ stages:
   - template: templates/stages/test-and-package-stage.yml
   - template: templates/stages/changelog-stage.yml
   - template: templates/stages/release-deploy-stage.yml
+  - template: templates/stages/notify-stage.yml

.azure-pipelines/templates/stages/notify-stage.yml

@@ -0,0 +1,20 @@
+stages:
+  - stage: Notify
+    condition: succeededOrFailed()
+    jobs:
+      - job: notify_release_finished
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - task: DownloadSecureFile@1
+            name: webhook_url
+            inputs:
+              secureFile: mattermost_webhook_url_release_notify
+          - bash: |
+              set -e
+              python -m venv venv
+              source venv/bin/activate
+              tools/pip_install.py requests
+              AUTHOR_NAME="$(git log -1 --pretty=format:'%an')"
+              tools/notify_mattermost.py "${AUTHOR_NAME}" $(webhook_url.secureFilePath)
+            displayName: Send mattermost message

.azure-pipelines/templates/stages/release-deploy-stage.yml

@@ -1,4 +1,6 @@
 stages:
+  # tools/notify_mattermost.py depends on this stage being named 'Deploy'
+  # If you change the name here, please remember to update that script as well
   - stage: Deploy
     jobs:
       - template: ../jobs/common-deploy-jobs.yml

acme/setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 setup(
     version=version,

certbot-apache/MANIFEST.in

@@ -1,8 +1,5 @@
 include LICENSE.txt
 include README.rst
-recursive-include src/certbot_apache/_internal/augeas_lens *.aug
-recursive-include src/certbot_apache/_internal/tls_configs *.conf
-recursive-include src/certbot_apache/_internal/tests/testdata *
 include src/certbot_apache/py.typed
 global-exclude __pycache__
 global-exclude *.py[cod]

certbot-apache/pyproject.toml

@@ -32,14 +32,6 @@ classifiers = [
     "Topic :: Utilities",
 ]
 
-[project.optional-dependencies]
-dev = [
-    "apacheconfig>=0.3.2",
-]
-test = [
-    "pytest",
-]
-
 [project.entry-points."certbot.plugins"]
 apache = "certbot_apache._internal.entrypoint:ENTRYPOINT"
 

certbot-apache/setup.py

@@ -1,14 +1,12 @@
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
-    # We specify the minimum acme and certbot version as the current plugin
+    # We specify the minimum certbot version as the current plugin
     # version for simplicity. See
     # https://github.com/certbot/certbot/issues/8761 for more info.
-    f'acme>={version}',
-    f'certbot>={version}',
-    'python-augeas',
+    f'certbot[apache]>={version}',
 ]
 
 setup(

certbot-apache/src/certbot_apache/_internal/entrypoint.py

@@ -1,69 +1,6 @@
 """ Entry point for Apache Plugin """
 
-from certbot import util
-from certbot_apache._internal import configurator
-from certbot_apache._internal import override_alpine
-from certbot_apache._internal import override_arch
-from certbot_apache._internal import override_centos
-from certbot_apache._internal import override_darwin
-from certbot_apache._internal import override_debian
-from certbot_apache._internal import override_fedora
-from certbot_apache._internal import override_gentoo
-from certbot_apache._internal import override_suse
-from certbot_apache._internal import override_void
-
-OVERRIDE_CLASSES: dict[str, type[configurator.ApacheConfigurator]] = {
-    "alpine": override_alpine.AlpineConfigurator,
-    "arch": override_arch.ArchConfigurator,
-    "cloudlinux": override_centos.CentOSConfigurator,
-    "darwin": override_darwin.DarwinConfigurator,
-    "debian": override_debian.DebianConfigurator,
-    "ubuntu": override_debian.DebianConfigurator,
-    "centos": override_centos.CentOSConfigurator,
-    "centos linux": override_centos.CentOSConfigurator,
-    "fedora_old": override_centos.CentOSConfigurator,
-    "fedora": override_fedora.FedoraConfigurator,
-    "linuxmint": override_debian.DebianConfigurator,
-    "ol": override_centos.CentOSConfigurator,
-    "oracle": override_centos.CentOSConfigurator,
-    "redhatenterpriseserver": override_centos.CentOSConfigurator,
-    "red hat enterprise linux server": override_centos.CentOSConfigurator,
-    "rhel": override_centos.CentOSConfigurator,
-    "amazon": override_centos.CentOSConfigurator,
-    "gentoo": override_gentoo.GentooConfigurator,
-    "gentoo base system": override_gentoo.GentooConfigurator,
-    "opensuse": override_suse.OpenSUSEConfigurator,
-    "suse": override_suse.OpenSUSEConfigurator,
-    "sles": override_suse.OpenSUSEConfigurator,
-    "scientific": override_centos.CentOSConfigurator,
-    "scientific linux": override_centos.CentOSConfigurator,
-    "void": override_void.VoidConfigurator,
-}
+import certbot.plugins.apache
 
 
-def get_configurator() -> type[configurator.ApacheConfigurator]:
-    """ Get correct configurator class based on the OS fingerprint """
-    os_name, os_version = util.get_os_info()
-    os_name = os_name.lower()
-    override_class = None
-
-    # Special case for older Fedora versions
-    min_version = util.parse_loose_version('29')
-    if os_name == 'fedora' and util.parse_loose_version(os_version) < min_version:
-        os_name = 'fedora_old'
-
-    try:
-        override_class = OVERRIDE_CLASSES[os_name]
-    except KeyError:
-        # OS not found in the list
-        os_like = util.get_systemd_os_like()
-        if os_like:
-            for os_name in os_like:
-                override_class = OVERRIDE_CLASSES.get(os_name)
-        if not override_class:
-            # No override class found, return the generic configurator
-            override_class = configurator.ApacheConfigurator
-    return override_class
-
-
-ENTRYPOINT = get_configurator()
+ENTRYPOINT = certbot.plugins.apache.ENTRYPOINT

certbot-apache/src/certbot_apache/_internal/tests/__init__.py

@@ -1 +0,0 @@
-"""certbot-apache tests"""

certbot-ci/setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 setup(
     version=version,

certbot-ci/src/certbot_integration_tests/.coveragerc

@@ -2,10 +2,10 @@
 # Avoid false warnings because certbot packages are not installed in the thread that executes
 # the coverage: indeed, certbot is launched as a CLI from a subprocess.
 disable_warnings = module-not-imported,no-data-collected
-omit = **/*_test.py,**/tests/*,**/dns_common*,**/certbot_nginx/_internal/parser_obj.py
+omit = **/*_test.py,**/tests/*,**/dns_common*,**/certbot/_internal/plugins/nginx/parser_obj.py
 patch = subprocess
 parallel = True
 
 [report]
 # Exclude unit tests in coverage during integration tests.
-omit = **/*_test.py,**/tests/*,**/dns_common*,**/certbot_nginx/_internal/parser_obj.py
+omit = **/*_test.py,**/tests/*,**/dns_common*,**/certbot/_internal/plugins/nginx/parser_obj.py

certbot-compatibility-test/nginx/README

@@ -4,7 +4,7 @@ Right now, this is data for the roundtrip test (checking that the parser
 can parse each file and that the reserialized config file it generates is
 identical to the original).
 
-If run in a virtualenv or otherwise so that certbot_nginx can be imported,
+If run in a virtualenv or otherwise so that certbot can be imported,
 the roundtrip test can run as
 
 python roundtrip.py nginx-roundtrip-testdata

certbot-compatibility-test/nginx/roundtrip.py

@@ -3,7 +3,7 @@
 import os
 import sys
 
-from certbot_nginx._internal import nginxparser
+from certbot._internal.plugins.nginx import nginxparser
 
 
 def roundtrip(stuff):

certbot-compatibility-test/setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 setup(
     version=version,

certbot-compatibility-test/src/certbot_compatibility_test/configurators/apache/common.py

@@ -24,7 +24,7 @@ class Proxy(configurators_common.Proxy):
 
         self.modules = self.server_root = self.test_conf = self.version = None
         patch = mock.patch(
-            "certbot_apache._internal.configurator.display_ops.select_vhost")
+            "certbot._internal.plugins.apache.configurator.display_ops.select_vhost")
         mock_display = patch.start()
         mock_display.side_effect = le_errors.PluginError(
             "Unable to determine vhost")

certbot-compatibility-test/src/certbot_compatibility_test/configurators/nginx/common.py

@@ -4,11 +4,11 @@ import shutil
 import subprocess
 
 from certbot import configuration
+from certbot._internal.plugins.nginx import configurator
+from certbot._internal.plugins.nginx import constants
 from certbot_compatibility_test import errors
 from certbot_compatibility_test import util
 from certbot_compatibility_test.configurators import common as configurators_common
-from certbot_nginx._internal import configurator
-from certbot_nginx._internal import constants
 
 
 class Proxy(configurators_common.Proxy):

certbot-dns-cloudflare/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     # for now, do not upgrade to cloudflare>=2.20 to avoid deprecation warnings and the breaking

certbot-dns-digitalocean/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'python-digitalocean>=1.15.0', # 1.15.0 or newer is recommended for TTL support

certbot-dns-dnsimple/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     # This version of lexicon is required to address the problem described in

certbot-dns-dnsmadeeasy/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-dns-gehirn/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-dns-google/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'google-api-python-client>=1.6.5',

certbot-dns-linode/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-dns-luadns/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-dns-nsone/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-dns-ovh/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.15.1',

certbot-dns-rfc2136/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     # This version was chosen because it is the version packaged in RHEL 9 and Debian unstable. It

certbot-dns-route53/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'boto3>=1.20.34',

certbot-dns-sakuracloud/setup.py

@@ -2,7 +2,7 @@ import os
 
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
     'dns-lexicon>=3.14.1',

certbot-nginx/MANIFEST.in

@@ -1,7 +1,5 @@
 include LICENSE.txt
 include README.rst
-recursive-include src/certbot_nginx/_internal/tls_configs *.conf
-recursive-include src/certbot_nginx/_internal/tests/testdata *
 include src/certbot_nginx/py.typed
 global-exclude __pycache__
 global-exclude *.py[cod]

certbot-nginx/pyproject.toml

@@ -38,7 +38,7 @@ test = [
 ]
 
 [project.entry-points."certbot.plugins"]
-nginx = "certbot_nginx._internal.configurator:NginxConfigurator"
+nginx = "certbot_nginx._internal.entrypoint:ENTRYPOINT"
 
 [project.urls]
 Homepage = "https://github.com/certbot/certbot"

certbot-nginx/setup.py

@@ -1,17 +1,12 @@
 from setuptools import setup
 
-version = '5.5.0.dev0'
+version = '5.6.0.dev0'
 
 install_requires = [
-    # We specify the minimum acme and certbot version as the current plugin
+    # We specify the minimum certbot version as the current plugin
     # version for simplicity. See
     # https://github.com/certbot/certbot/issues/8761 for more info.
-    f'acme>={version}',
-    f'certbot>={version}',
-    # PyOpenSSL>=25.0.0 is just needed to satisfy mypy right now so this dependency can probably be
-    # relaxed to >=24.0.0 if needed.
-    'PyOpenSSL>=25.0.0',
-    'pyparsing>=3.0.0',
+    f'certbot[nginx]>={version}',
 ]
 
 setup(

certbot-nginx/src/certbot_nginx/_internal/entrypoint.py

@@ -0,0 +1,6 @@
+""" Entry point for Nginx Plugin """
+
+import certbot.plugins.nginx
+
+
+ENTRYPOINT = certbot.plugins.nginx.ENTRYPOINT

certbot-nginx/src/certbot_nginx/_internal/tests/__init__.py

@@ -1 +0,0 @@
-"""certbot-nginx tests"""

certbot/CHANGELOG.md

@@ -4,6 +4,14 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 <!-- towncrier release notes start -->
 
+## 5.5.0 - 2026-04-07
+
+### Changed
+
+- Moved nearly all code for the certbot-nginx and certbot-apache plugins into private modules in the certbot package which now offers "apache" and "nginx" [extras](https://packaging.python.org/en/latest/specifications/dependency-specifiers/#extras). Users should notice no major changes. certbot-apache and certbot-nginx will continue to exist as simple packages that depend on certbot and also help register the plugin with certbot so it knows the functionality is available. Unit tests for these plugins are now also part of the certbot package. ([#10484](https://github.com/certbot/certbot/issues/10484))
+- The certbot.ocsp module has been deprecated and will be removed in the next major release. This is not a change to Certbot's OCSP functionality. The code is just being removed from Certbot's public API. ([#10584](https://github.com/certbot/certbot/issues/10584))
+
+
 ## 5.4.0 - 2026-03-10
 
 ### Added

certbot/MANIFEST.in

@@ -4,6 +4,11 @@ include LICENSE.txt
 recursive-include docs *
 recursive-include examples *
 recursive-include src/certbot/tests/testdata *
+recursive-include src/certbot/_internal/plugins/nginx/tls_configs *.conf
+recursive-include src/certbot/_internal/tests/plugins/nginx/testdata *
+recursive-include src/certbot/_internal/plugins/apache/augeas_lens *.aug
+recursive-include src/certbot/_internal/plugins/apache/tls_configs *.conf
+recursive-include src/certbot/_internal/tests/plugins/apache/testdata *
 include src/certbot/ssl-dhparams.pem
 include src/certbot/py.typed
 global-exclude __pycache__

certbot/docs/cli-help.txt

@@ -38,7 +38,7 @@ manage your account:
 
 options:
   -h, --help            show this help message and exit
-  -c CONFIG_FILE, --config CONFIG_FILE
+  -c, --config CONFIG_FILE
                         path to config file (default: /etc/letsencrypt/cli.ini
                         and ~/.config/letsencrypt/cli.ini)
   -v, --verbose         This flag can be used multiple times to incrementally
@@ -58,7 +58,7 @@ options:
   --force-interactive   Force Certbot to be interactive even if it detects
                         it's not being run in a terminal. This flag cannot be
                         used with the renew subcommand. (default: False)
-  -d DOMAIN, --domains DOMAIN, --domain DOMAIN
+  -d, --domains, --domain DOMAIN
                         Domain names to include. For multiple domains you can
                         use multiple -d flags or enter a comma separated list
                         of domains as a parameter. All domains will be
@@ -147,7 +147,7 @@ options:
                         case, and to know when to deprecate support for past
                         Python versions and flags. If you wish to hide this
                         information from the Let's Encrypt server, set this to
-                        "". (default: CertbotACMEClient/5.4.0 (certbot;
+                        "". (default: CertbotACMEClient/5.5.0 (certbot;
                         OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY
                         (SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel).
                         The flags encoded in the user agent are: --duplicate,
@@ -424,8 +424,7 @@ revoke:
 register:
   Options for account registration
 
-  -m EMAIL, --email EMAIL
-                        Email used for registration and recovery contact. Use
+  -m, --email EMAIL     Email used for registration and recovery contact. Use
                         comma to register multiple emails, ex:
                         u1@example.com,u2@example.com. (default: Ask).
   --eff-email           Share your e-mail address with EFF (default: Ask)
@@ -478,9 +477,9 @@ plugins:
                         Name of the plugin that is both an authenticator and
                         an installer. Should not be used together with
                         --authenticator or --installer. (default: Ask)
-  -a AUTHENTICATOR, --authenticator AUTHENTICATOR
+  -a, --authenticator AUTHENTICATOR
                         Authenticator plugin name. (default: None)
-  -i INSTALLER, --installer INSTALLER
+  -i, --installer INSTALLER
                         Installer plugin name (also used to find domains).
                         (default: None)
   --apache              Obtain and install certificates using Apache (default:
@@ -757,7 +756,7 @@ webroot:
   be running and serving files from the webroot path. HTTP challenge only
   (wildcards not supported).
 
-  --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
+  --webroot-path, -w WEBROOT_PATH
                         public_html / webroot path. This can be specified
                         multiple times to handle different identifiers; each
                         identifier will have the webroot path that preceded

certbot/docs/using.rst

@@ -99,7 +99,7 @@ Apache
 ------
 
 The Apache plugin currently `supports
-<https://github.com/certbot/certbot/blob/main/certbot-apache/src/certbot_apache/_internal/entrypoint.py>`_
+<https://github.com/certbot/certbot/blob/main/certbot/src/certbot/_internal/plugins/apache/entrypoint.py>`_
 modern OSes based on Debian, Fedora, SUSE, Gentoo, CentOS and Darwin.
 This automates both obtaining *and* installing certificates on an Apache
 webserver. To specify this plugin on the command line, simply include
@@ -1248,7 +1248,7 @@ Configuration file
 
 Certbot accepts a global configuration file that applies its options to all invocations
 of Certbot. Certificate-specific configuration choices are stored in the ``.conf``
-files that can be found in ``/etc/letsencrypt/renewal``. See 
+files that can be found in ``/etc/letsencrypt/renewal``. See
 `Modifying the Renewal Configuration of Existing Certificates`_ for more information
 about modifying certificate-specific options. Note that it is not recommended to modify
 these certificate-specific renewal configuration files manually.

certbot/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "certbot"
-dynamic = ["version", "dependencies"]
+dynamic = ["version", "dependencies", "optional-dependencies"]
 description = "ACME client"
 readme = "README.rst"
 license = "Apache-2.0"
@@ -32,51 +32,6 @@ classifiers = [
     "Topic :: Utilities",
 ]
 
-
-[project.optional-dependencies]
-dev = [
-    "azure-devops",
-    "build",
-    "ipdb",
-    # allows us to use newer urllib3 https://github.com/python-poetry/poetry-plugin-export/issues/183
-    "poetry-plugin-export>=1.9.0",
-    # poetry 1.2.0+ is required for it to pin pip, setuptools, and wheel. See
-    # https://github.com/python-poetry/poetry/issues/1584.
-    "poetry>=1.2.0",
-    "towncrier",
-    "twine",
-]
-docs = [
-    # If you have Sphinx<1.5.1, you need docutils<0.13.1
-    # https://github.com/sphinx-doc/sphinx/issues/3212
-    "Sphinx>=1.2", # Annotation support
-    "sphinx_rtd_theme",
-]
-# Tools like pip, wheel, and tox are listed here to ensure they are properly
-# pinned and installed during automated testing.
-test = [
-    "coverage",
-    "mypy",
-    "pip",
-    "pylint",
-    "pytest",
-    "pytest-cov>=4.1.0", # https://github.com/pytest-dev/pytest-cov/pull/558
-    "pytest-xdist",
-    "ruff",
-    "setuptools",
-    "tox",
-    "types-httplib2",
-    "types-pyRFC3339",
-    "types-pywin32",
-    "types-requests",
-    "types-setuptools",
-    "uv",
-    "wheel",
-]
-all = [
-    "certbot[dev,docs,test]"
-]
-
 [project.scripts]
 certbot = "certbot.main:main"
 

certbot/setup.py

@@ -40,7 +40,67 @@ install_requires = [
     'pywin32>=300 ; sys_platform == "win32"',
 ]
 
+extras_require = {
+    "dev": [
+        "apacheconfig>=0.3.2",
+        "azure-devops",
+        "build",
+        "ipdb",
+        # allows us to use newer urllib3 https://github.com/python-poetry/poetry-plugin-export/issues/183
+        "poetry-plugin-export>=1.9.0",
+        # poetry 1.2.0+ is required for it to pin pip, setuptools, and wheel. See
+        # https://github.com/python-poetry/poetry/issues/1584.
+        "poetry>=1.2.0",
+        "towncrier",
+        "twine",
+    ],
+    "docs": [
+        # If you have Sphinx<1.5.1, you need docutils<0.13.1
+        # https://github.com/sphinx-doc/sphinx/issues/3212
+        "Sphinx>=1.2", # Annotation support
+        "sphinx_rtd_theme",
+    ],
+    # Tools like pip, wheel, and tox are listed here to ensure they are properly
+    # pinned and installed during automated testing.
+    "test": [
+        "coverage",
+        "mypy",
+        "pip",
+        "pylint",
+        "pytest",
+        "pytest-cov>=4.1.0", # https://github.com/pytest-dev/pytest-cov/pull/558
+        "pytest-xdist",
+        "ruff",
+        "setuptools",
+        "tox",
+        "types-httplib2",
+        "types-pyRFC3339",
+        "types-pywin32",
+        "types-requests",
+        "types-setuptools",
+        "uv",
+        "wheel",
+    ],
+    "apache":  [
+        # If a user installs `certbot[apache]`, we want to include the shim
+        f'certbot-apache>={version}',
+        'python-augeas',
+    ],
+    "nginx": [
+        # If a user installs `certbot[nginx]`, we want to include the shim
+        f'certbot-nginx>={version}',
+        # PyOpenSSL>=25.0.0 is just needed to satisfy mypy right now so this dependency can probably be
+        # relaxed to >=24.0.0 if needed.
+        'PyOpenSSL>=25.0.0',
+        'pyparsing>=3.0.0',
+    ],
+    "all": [
+        "certbot[dev,docs,test,apache,nginx]"
+    ],
+}
+
 
 setup(
     install_requires=install_requires,
+    extras_require=extras_require,
 )

certbot/src/certbot/__init__.py

@@ -1,4 +1,4 @@
 """Certbot client."""
 
 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '5.5.0.dev0'
+__version__ = '5.6.0.dev0'

certbot/src/certbot/_internal/plugins/apache/apache_util.py

@@ -248,6 +248,7 @@ def find_ssl_apache_conf(prefix: str) -> str:
     """
     file_manager = ExitStack()
     atexit.register(file_manager.close)
-    ref = (importlib.resources.files("certbot_apache").joinpath("_internal")
-           .joinpath("tls_configs").joinpath("{0}-options-ssl-apache.conf".format(prefix)))
+    ref = (importlib.resources.files("certbot").joinpath("_internal")
+           .joinpath("plugins").joinpath("apache").joinpath("tls_configs")
+           .joinpath("{0}-options-ssl-apache.conf".format(prefix)))
     return str(file_manager.enter_context(importlib.resources.as_file(ref)))

certbot/src/certbot/_internal/plugins/apache/apacheparser.py

@@ -3,10 +3,10 @@ from typing import Any
 from typing import Iterable
 from typing import Optional
 
-from certbot_apache._internal import assertions
-from certbot_apache._internal import interfaces
-from certbot_apache._internal import parsernode_util as util
-from certbot_apache._internal.interfaces import ParserNode
+from certbot._internal.plugins.apache import assertions
+from certbot._internal.plugins.apache import interfaces
+from certbot._internal.plugins.apache import parsernode_util as util
+from certbot._internal.plugins.apache.interfaces import ParserNode
 
 
 class ApacheParserNode(interfaces.ParserNode):

certbot/src/certbot/_internal/plugins/apache/assertions.py

@@ -5,11 +5,11 @@ from typing import Iterable
 from typing import Optional
 from typing import Union
 
-from certbot_apache._internal import interfaces
-from certbot_apache._internal.interfaces import CommentNode
-from certbot_apache._internal.interfaces import DirectiveNode
-from certbot_apache._internal.interfaces import ParserNode
-from certbot_apache._internal.obj import VirtualHost
+from certbot._internal.plugins.apache import interfaces
+from certbot._internal.plugins.apache.interfaces import CommentNode
+from certbot._internal.plugins.apache.interfaces import DirectiveNode
+from certbot._internal.plugins.apache.interfaces import ParserNode
+from certbot._internal.plugins.apache.obj import VirtualHost
 
 PASS = "CERTBOT_PASS_ASSERT"
 

certbot/src/certbot/_internal/plugins/apache/augeasparser.py

@@ -72,11 +72,11 @@ from typing import Union
 
 from certbot import errors
 from certbot.compat import os
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import assertions
-from certbot_apache._internal import interfaces
-from certbot_apache._internal import parser
-from certbot_apache._internal import parsernode_util as util
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import assertions
+from certbot._internal.plugins.apache import interfaces
+from certbot._internal.plugins.apache import parser
+from certbot._internal.plugins.apache import parsernode_util as util
 
 
 class AugeasParserNode(interfaces.ParserNode):

certbot/src/certbot/_internal/plugins/apache/configurator.py

@@ -26,15 +26,15 @@ from certbot.interfaces import RenewableCert
 from certbot.plugins import common
 from certbot.plugins.enhancements import AutoHSTSEnhancement
 from certbot.plugins.util import path_surgery
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import assertions
-from certbot_apache._internal import constants
-from certbot_apache._internal import display_ops
-from certbot_apache._internal import dualparser
-from certbot_apache._internal import http_01
-from certbot_apache._internal import obj
-from certbot_apache._internal import parser
-from certbot_apache._internal.apacheparser import ApacheBlockNode
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import assertions
+from certbot._internal.plugins.apache import constants
+from certbot._internal.plugins.apache import display_ops
+from certbot._internal.plugins.apache import dualparser
+from certbot._internal.plugins.apache import http_01
+from certbot._internal.plugins.apache import obj
+from certbot._internal.plugins.apache import parser
+from certbot._internal.plugins.apache.apacheparser import ApacheBlockNode
 
 try:
     import apacheconfig
@@ -126,11 +126,11 @@ class ApacheConfigurator(common.Configurator):
     :type config: certbot.configuration.NamespaceConfig
 
     :ivar parser: Handles low level parsing
-    :type parser: :class:`~certbot_apache._internal.parser`
+    :type parser: :class:`~certbot._internal.plugins.apache.parser`
 
     :ivar tup version: version of Apache
     :ivar list vhosts: All vhosts found in the configuration
-        (:class:`list` of :class:`~certbot_apache._internal.obj.VirtualHost`)
+        (:class:`list` of :class:`~certbot._internal.plugins.apache.obj.VirtualHost`)
 
     :ivar dict assoc: Mapping between domains and vhosts
 
@@ -542,7 +542,7 @@ class ApacheConfigurator(common.Configurator):
             counterpart, should one get created
 
         :returns: List of VirtualHosts or None
-        :rtype: `list` of :class:`~certbot_apache._internal.obj.VirtualHost`
+        :rtype: `list` of :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
         """
 
         if util.is_wildcard_domain(domain):
@@ -720,7 +720,7 @@ class ApacheConfigurator(common.Configurator):
             counterpart, should one get created
 
         :returns: vhost associated with name
-        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises .errors.PluginError: If no vhost is available or chosen
 
@@ -823,7 +823,8 @@ class ApacheConfigurator(common.Configurator):
 
         :param str target_name: domain handled by the desired vhost
         :param vhosts: vhosts to consider
-        :type vhosts: `collections.Iterable` of :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhosts: `collections.Iterable` of
+            :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
         :param bool filter_defaults: whether a vhost with a _default_
             addr is acceptable
 
@@ -965,7 +966,7 @@ class ApacheConfigurator(common.Configurator):
         """Helper function for get_virtual_hosts().
 
         :param host: In progress vhost whose names will be added
-        :type host: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type host: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         """
 
@@ -984,7 +985,7 @@ class ApacheConfigurator(common.Configurator):
         :param str path: Augeas path to virtual host
 
         :returns: newly created vhost
-        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         """
         addrs: set[obj.Addr] = set()
@@ -1050,7 +1051,7 @@ class ApacheConfigurator(common.Configurator):
     def get_virtual_hosts_v1(self) -> list[obj.VirtualHost]:
         """Returns list of virtual hosts found in the Apache configuration.
 
-        :returns: List of :class:`~certbot_apache._internal.obj.VirtualHost`
+        :returns: List of :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
             objects found in configuration
         :rtype: list
 
@@ -1103,7 +1104,7 @@ class ApacheConfigurator(common.Configurator):
     def get_virtual_hosts_v2(self) -> list[obj.VirtualHost]:
         """Returns list of virtual hosts found in the Apache configuration using
         ParserNode interface.
-        :returns: List of :class:`~certbot_apache.obj.VirtualHost`
+        :returns: List of :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
             objects found in configuration
         :rtype: list
         """
@@ -1122,7 +1123,7 @@ class ApacheConfigurator(common.Configurator):
         interfaces.
         :param ApacheBlockNode node: The BlockNode object of VirtualHost block
         :returns: newly created vhost
-        :rtype: :class:`~certbot_apache.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
         """
         addrs = set()
         for param in node.parameters:
@@ -1164,7 +1165,7 @@ class ApacheConfigurator(common.Configurator):
     def _populate_vhost_names_v2(self, vhost: obj.VirtualHost) -> None:
         """Helper function that populates the VirtualHost names.
         :param host: In progress vhost whose names will be added
-        :type host: :class:`~certbot_apache.obj.VirtualHost`
+        :type host: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
         """
         if not vhost.node:
             raise errors.PluginError("Current VirtualHost has no node.")  # pragma: no cover
@@ -1352,10 +1353,10 @@ class ApacheConfigurator(common.Configurator):
         .. note:: This function saves the configuration
 
         :param nonssl_vhost: Valid VH that doesn't have SSLEngine on
-        :type nonssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type nonssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :returns: SSL vhost
-        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises .errors.PluginError: If more than one virtual host is in
             the file or if plugin is unable to write/read vhost files.
@@ -1720,7 +1721,7 @@ class ApacheConfigurator(common.Configurator):
         :param str id_str: Id string for matching
 
         :returns: The matched VirtualHost
-        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises .errors.PluginError: If no VirtualHost is found
         """
@@ -1737,7 +1738,7 @@ class ApacheConfigurator(common.Configurator):
         used for keeping track of VirtualHost directive over time.
 
         :param vhost: Virtual host to add the id
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :returns: The unique ID or None
         :rtype: str or None
@@ -1759,7 +1760,7 @@ class ApacheConfigurator(common.Configurator):
         If ID already exists, returns that instead.
 
         :param vhost: Virtual host to add or find the id
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :returns: The unique ID for vhost
         :rtype: str or None
@@ -1840,7 +1841,7 @@ class ApacheConfigurator(common.Configurator):
         """Increase the AutoHSTS max-age value
 
         :param vhost: Virtual host object to modify
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :param str id_str: The unique ID string of VirtualHost
 
@@ -1923,7 +1924,7 @@ class ApacheConfigurator(common.Configurator):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :param unused_options: Not currently used
         :type unused_options: Not Available
@@ -1969,7 +1970,7 @@ class ApacheConfigurator(common.Configurator):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :param header_substring: string that uniquely identifies a header.
                 e.g: Strict-Transport-Security, Upgrade-Insecure-Requests.
@@ -2003,7 +2004,7 @@ class ApacheConfigurator(common.Configurator):
         contains the string header_substring.
 
         :param ssl_vhost: vhost to check
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :param header_substring: string that uniquely identifies a header.
                 e.g: Strict-Transport-Security, Upgrade-Insecure-Requests.
@@ -2040,7 +2041,7 @@ class ApacheConfigurator(common.Configurator):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :param unused_options: Not currently used
         :type unused_options: Not Available
@@ -2120,7 +2121,7 @@ class ApacheConfigurator(common.Configurator):
         delete certbot's old rewrite rules and set the new one instead.
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises errors.PluginEnhancementAlreadyPresent: When the exact
                 certbot redirection WriteRule exists in virtual host.
@@ -2159,7 +2160,7 @@ class ApacheConfigurator(common.Configurator):
         """Checks if there exists a RewriteRule directive in vhost
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :returns: True if a RewriteRule directive exists.
         :rtype: bool
@@ -2173,7 +2174,7 @@ class ApacheConfigurator(common.Configurator):
         """Checks if a RewriteEngine directive is on
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         """
         rewrite_engine_path_list = self.parser.find_dir("RewriteEngine", "on", start=vhost.path)
@@ -2189,7 +2190,7 @@ class ApacheConfigurator(common.Configurator):
         """Creates an http_vhost specifically to redirect for the ssl_vhost.
 
         :param ssl_vhost: ssl vhost
-        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
         """
         text = self._get_redirect_config_str(ssl_vhost)
 
@@ -2308,7 +2309,7 @@ class ApacheConfigurator(common.Configurator):
                   of this method where available.
 
         :param vhost: vhost to enable
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises .errors.NotSupportedError: If filesystem layout is not
             supported.
@@ -2569,7 +2570,7 @@ class ApacheConfigurator(common.Configurator):
         """Do the initial AutoHSTS deployment to a vhost
 
         :param ssl_vhost: The VirtualHost object to deploy the AutoHSTS
-        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost` or None
+        :type ssl_vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost` or None
 
         :raises errors.PluginEnhancementAlreadyPresent: When already enhanced
 

certbot/src/certbot/_internal/plugins/apache/constants.py

@@ -44,7 +44,8 @@ def _generate_augeas_lens_dir_static() -> str:
     # Python process, and will be automatically cleaned up on exit.
     file_manager = ExitStack()
     atexit.register(file_manager.close)
-    augeas_lens_dir_ref = importlib.resources.files("certbot_apache") / "_internal" / "augeas_lens"
+    augeas_lens_dir_ref = importlib.resources.files("certbot") / "_internal" \
+        / "plugins" / "apache" / "augeas_lens"
     return str(file_manager.enter_context(importlib.resources.as_file(augeas_lens_dir_ref)))
 
 AUGEAS_LENS_DIR = _generate_augeas_lens_dir_static()

certbot/src/certbot/_internal/plugins/apache/display_ops.py

@@ -7,7 +7,7 @@ from typing import Sequence
 from certbot import errors
 from certbot.compat import os
 from certbot.display import util as display_util
-from certbot_apache._internal.obj import VirtualHost
+from certbot._internal.plugins.apache.obj import VirtualHost
 
 logger = logging.getLogger(__name__)
 
@@ -83,7 +83,7 @@ def _vhost_menu(domain: str, vhosts: Iterable[VirtualHost]) -> tuple[str, int]:
 
     if free_chars < 2:
         logger.debug("Display size is too small for "
-                     "certbot_apache._internal.display_ops._vhost_menu()")
+                     "certbot._internal.plugins.apache.display_ops._vhost_menu()")
         # This runs the edge off the screen, but it doesn't cause an "error"
         filename_size = 1
         disp_name_size = 1

certbot/src/certbot/_internal/plugins/apache/dualparser.py

@@ -6,14 +6,14 @@ from typing import Optional
 from typing import TYPE_CHECKING
 from typing import TypeVar
 
-from certbot_apache._internal import apacheparser
-from certbot_apache._internal import assertions
-from certbot_apache._internal import augeasparser
-from certbot_apache._internal import interfaces
+from certbot._internal.plugins.apache import apacheparser
+from certbot._internal.plugins.apache import assertions
+from certbot._internal.plugins.apache import augeasparser
+from certbot._internal.plugins.apache import interfaces
 
 if TYPE_CHECKING:
-    from certbot_apache._internal.apacheparser import ApacheParserNode  # pragma: no cover
-    from certbot_apache._internal.augeasparser import AugeasParserNode  # pragma: no cover
+    from certbot._internal.plugins.apache.apacheparser import ApacheParserNode  # pragma: no cover
+    from certbot._internal.plugins.apache.augeasparser import AugeasParserNode  # pragma: no cover
 
 GenericAugeasParserNode = TypeVar("GenericAugeasParserNode", bound="AugeasParserNode")
 GenericApacheParserNode = TypeVar("GenericApacheParserNode", bound="ApacheParserNode")

certbot/src/certbot/_internal/plugins/apache/entrypoint.py

@@ -0,0 +1,66 @@
+""" Entry point for Apache Plugin """
+
+from certbot import util
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache import override_alpine
+from certbot._internal.plugins.apache import override_arch
+from certbot._internal.plugins.apache import override_centos
+from certbot._internal.plugins.apache import override_darwin
+from certbot._internal.plugins.apache import override_debian
+from certbot._internal.plugins.apache import override_fedora
+from certbot._internal.plugins.apache import override_gentoo
+from certbot._internal.plugins.apache import override_suse
+from certbot._internal.plugins.apache import override_void
+
+OVERRIDE_CLASSES: dict[str, type[configurator.ApacheConfigurator]] = {
+    "alpine": override_alpine.AlpineConfigurator,
+    "arch": override_arch.ArchConfigurator,
+    "cloudlinux": override_centos.CentOSConfigurator,
+    "darwin": override_darwin.DarwinConfigurator,
+    "debian": override_debian.DebianConfigurator,
+    "ubuntu": override_debian.DebianConfigurator,
+    "centos": override_centos.CentOSConfigurator,
+    "centos linux": override_centos.CentOSConfigurator,
+    "fedora_old": override_centos.CentOSConfigurator,
+    "fedora": override_fedora.FedoraConfigurator,
+    "linuxmint": override_debian.DebianConfigurator,
+    "ol": override_centos.CentOSConfigurator,
+    "oracle": override_centos.CentOSConfigurator,
+    "redhatenterpriseserver": override_centos.CentOSConfigurator,
+    "red hat enterprise linux server": override_centos.CentOSConfigurator,
+    "rhel": override_centos.CentOSConfigurator,
+    "amazon": override_centos.CentOSConfigurator,
+    "gentoo": override_gentoo.GentooConfigurator,
+    "gentoo base system": override_gentoo.GentooConfigurator,
+    "opensuse": override_suse.OpenSUSEConfigurator,
+    "suse": override_suse.OpenSUSEConfigurator,
+    "sles": override_suse.OpenSUSEConfigurator,
+    "scientific": override_centos.CentOSConfigurator,
+    "scientific linux": override_centos.CentOSConfigurator,
+    "void": override_void.VoidConfigurator,
+}
+
+
+def get_configurator() -> type[configurator.ApacheConfigurator]:
+    """ Get correct configurator class based on the OS fingerprint """
+    os_name, os_version = util.get_os_info()
+    os_name = os_name.lower()
+    override_class = None
+
+    # Special case for older Fedora versions
+    min_version = util.parse_loose_version('29')
+    if os_name == 'fedora' and util.parse_loose_version(os_version) < min_version:
+        os_name = 'fedora_old'
+
+    try:
+        override_class = OVERRIDE_CLASSES[os_name]
+    except KeyError:
+        # OS not found in the list
+        os_like = util.get_systemd_os_like()
+        if os_like:
+            for os_name in os_like:
+                override_class = OVERRIDE_CLASSES.get(os_name)
+        if not override_class:
+            # No override class found, return the generic configurator
+            override_class = configurator.ApacheConfigurator
+    return override_class

certbot/src/certbot/_internal/plugins/apache/http_01.py

@@ -10,11 +10,11 @@ from certbot.achallenges import KeyAuthorizationAnnotatedChallenge
 from certbot.compat import filesystem
 from certbot.compat import os
 from certbot.plugins import common
-from certbot_apache._internal.obj import VirtualHost
-from certbot_apache._internal.parser import get_aug_path
+from certbot._internal.plugins.apache.obj import VirtualHost
+from certbot._internal.plugins.apache.parser import get_aug_path
 
 if TYPE_CHECKING:
-    from certbot_apache._internal.configurator import ApacheConfigurator  # pragma: no cover
+    from certbot._internal.plugins.apache.configurator import ApacheConfigurator  # pragma: no cover
 
 logger = logging.getLogger(__name__)
 

certbot/src/certbot/_internal/plugins/apache/obj.py

@@ -6,9 +6,9 @@ from typing import Optional
 from typing import Union
 
 from certbot.plugins import common
-from certbot_apache._internal.apacheparser import ApacheBlockNode
-from certbot_apache._internal.augeasparser import AugeasBlockNode
-from certbot_apache._internal.dualparser import DualBlockNode
+from certbot._internal.plugins.apache.apacheparser import ApacheBlockNode
+from certbot._internal.plugins.apache.augeasparser import AugeasBlockNode
+from certbot._internal.plugins.apache.dualparser import DualBlockNode
 
 
 class Addr(common.Addr):
@@ -27,7 +27,7 @@ class Addr(common.Addr):
         return False
 
     def __repr__(self) -> str:
-        return f"certbot_apache._internal.obj.Addr({repr(self.tup)})"
+        return f"certbot._internal.plugins.apache.obj.Addr({repr(self.tup)})"
 
     def __hash__(self) -> int:  # pylint: disable=useless-super-delegation
         # Python 3 requires explicit overridden for __hash__ if __eq__ or

certbot/src/certbot/_internal/plugins/apache/override_alpine.py

@@ -1,6 +1,6 @@
 """ Distribution specific override class for Alpine Linux """
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class AlpineConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_arch.py

@@ -1,6 +1,6 @@
 """ Distribution specific override class for Arch Linux """
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class ArchConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_centos.py

@@ -4,10 +4,10 @@ from typing import Any
 
 from certbot import errors
 from certbot import util
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import configurator
-from certbot_apache._internal import parser
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache import parser
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 logger = logging.getLogger(__name__)
 

certbot/src/certbot/_internal/plugins/apache/override_darwin.py

@@ -1,6 +1,6 @@
 """ Distribution specific override class for macOS """
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class DarwinConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_debian.py

@@ -5,10 +5,10 @@ from certbot import errors
 from certbot import util
 from certbot.compat import filesystem
 from certbot.compat import os
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
-from certbot_apache._internal.obj import VirtualHost
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
+from certbot._internal.plugins.apache.obj import VirtualHost
 
 logger = logging.getLogger(__name__)
 
@@ -30,7 +30,7 @@ class DebianConfigurator(configurator.ApacheConfigurator):
                   modules are enabled appropriately.
 
         :param vhost: vhost to enable
-        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.apache.obj.VirtualHost`
 
         :raises .errors.NotSupportedError: If filesystem layout is not
             supported.

certbot/src/certbot/_internal/plugins/apache/override_fedora.py

@@ -3,10 +3,10 @@ from typing import Any
 
 from certbot import errors
 from certbot import util
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import configurator
-from certbot_apache._internal import parser
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache import parser
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class FedoraConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_gentoo.py

@@ -1,10 +1,10 @@
 """ Distribution specific override class for Gentoo Linux """
 from typing import Any
 
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import configurator
-from certbot_apache._internal import parser
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache import parser
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class GentooConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_suse.py

@@ -1,6 +1,6 @@
 """ Distribution specific override class for OpenSUSE """
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class OpenSUSEConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/override_void.py

@@ -1,6 +1,6 @@
 """ Distribution specific override class for Void Linux """
-from certbot_apache._internal import configurator
-from certbot_apache._internal.configurator import OsOptions
+from certbot._internal.plugins.apache import configurator
+from certbot._internal.plugins.apache.configurator import OsOptions
 
 
 class VoidConfigurator(configurator.ApacheConfigurator):

certbot/src/certbot/_internal/plugins/apache/parser.py

@@ -12,11 +12,11 @@ from typing import Union
 
 from certbot import errors
 from certbot.compat import os
-from certbot_apache._internal import apache_util
-from certbot_apache._internal import constants
+from certbot._internal.plugins.apache import apache_util
+from certbot._internal.plugins.apache import constants
 
 if TYPE_CHECKING:
-    from certbot_apache._internal.configurator import ApacheConfigurator  # pragma: no cover
+    from certbot._internal.plugins.apache.configurator import ApacheConfigurator  # pragma: no cover
 
 try:
     from augeas import Augeas

certbot/src/certbot/_internal/plugins/apache/parsernode_util.py

@@ -3,7 +3,7 @@ from typing import Any
 from typing import Iterable
 from typing import Optional
 
-from certbot_apache._internal.interfaces import ParserNode
+from certbot._internal.plugins.apache.interfaces import ParserNode
 
 
 def validate_kwargs(kwargs: dict[str, Any], required_names: Iterable[str]) -> dict[str, Any]:

certbot/src/certbot/_internal/plugins/nginx/configurator.py

@@ -25,12 +25,12 @@ from certbot import util
 from certbot.compat import os
 from certbot.display import util as display_util
 from certbot.plugins import common
-from certbot_nginx._internal import constants
-from certbot_nginx._internal import display_ops
-from certbot_nginx._internal import http_01
-from certbot_nginx._internal import nginxparser
-from certbot_nginx._internal import obj
-from certbot_nginx._internal import parser
+from certbot._internal.plugins.nginx import constants
+from certbot._internal.plugins.nginx import display_ops
+from certbot._internal.plugins.nginx import http_01
+from certbot._internal.plugins.nginx import nginxparser
+from certbot._internal.plugins.nginx import obj
+from certbot._internal.plugins.nginx import parser
 
 NAME_RANK = 0
 START_WILDCARD_RANK = 1
@@ -52,7 +52,7 @@ class NginxConfigurator(common.Configurator):
     :type config: certbot.configuration.NamespaceConfig
 
     :ivar parser: Handles low level parsing
-    :type parser: :class:`~certbot_nginx._internal.parser`
+    :type parser: :class:`~certbot._internal.plugins.nginx.parser`
 
     :ivar str save_notes: Human-readable config change notes
 
@@ -173,8 +173,9 @@ class NginxConfigurator(common.Configurator):
 
         file_manager = ExitStack()
         atexit.register(file_manager.close)
-        ref = (importlib.resources.files("certbot_nginx").joinpath("_internal")
-               .joinpath("tls_configs").joinpath(config_filename))
+        ref = (importlib.resources.files("certbot").joinpath("_internal")
+               .joinpath("plugins").joinpath("nginx").joinpath("tls_configs")
+               .joinpath(config_filename))
 
         return str(file_manager.enter_context(importlib.resources.as_file(ref)))
 
@@ -348,7 +349,7 @@ class NginxConfigurator(common.Configurator):
         :param str target_name: domain name
 
         :returns: ssl vhosts associated with name
-        :rtype: list of :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: list of :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
 
         """
         return [vhost for vhost in self._choose_vhosts_common(target_name) if vhost.ssl]
@@ -369,7 +370,7 @@ class NginxConfigurator(common.Configurator):
         :param str fullchain_path: certificates to use when creating SSL vhosts
 
         :returns: ssl vhosts associated with name
-        :rtype: list of :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: list of :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
 
         """
         vhosts = self._choose_vhosts_common(target_name)
@@ -478,7 +479,7 @@ class NginxConfigurator(common.Configurator):
         :param list matches: list of dicts containing the vhost, the matching name,
             and the numerical rank
         :returns: the most matching vhost
-        :rtype: :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
 
         """
         if not matches:
@@ -564,7 +565,7 @@ class NginxConfigurator(common.Configurator):
         :param str port: port number
 
         :returns: vhosts associated with name
-        :rtype: list of :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: list of :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
 
         """
         if util.is_wildcard_domain(target_name):
@@ -586,7 +587,7 @@ class NginxConfigurator(common.Configurator):
         :param str target_name: non-wildcard domain name
 
         :returns: tuple of HTTP and HTTPS virtualhosts
-        :rtype: tuple of :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: tuple of :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
 
         """
         vhosts = [m['vhost'] for m in self._get_ranked_matches(target_name) if m and 'vhost' in m]
@@ -712,7 +713,7 @@ class NginxConfigurator(common.Configurator):
         Make a server SSL by adding new listen and SSL directives.
 
         :param vhost: The vhost to add SSL to.
-        :type vhost: :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
         :param str key_path: key to use for SSL
         :param str fullchain_path: certificates to use for SSL
 
@@ -868,9 +869,9 @@ class NginxConfigurator(common.Configurator):
         :param vhost: The server block to break up into two.
         :param list only_directives: If this exists, only duplicate these directives
             when splitting the block.
-        :type vhost: :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :type vhost: :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
         :returns: tuple (http_vhost, https_vhost)
-        :rtype: tuple of type :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: tuple of type :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
         """
         http_vhost = self.parser.duplicate_vhost(vhost, only_directives=only_directives)
 

certbot/src/certbot/_internal/plugins/nginx/display_ops.py

@@ -4,7 +4,7 @@ from typing import Iterable
 from typing import Optional
 
 from certbot.display import util as display_util
-from certbot_nginx._internal.obj import VirtualHost
+from certbot._internal.plugins.nginx.obj import VirtualHost
 
 logger = logging.getLogger(__name__)
 

certbot/src/certbot/_internal/plugins/nginx/http_01.py

@@ -11,11 +11,11 @@ from certbot import errors
 from certbot.achallenges import KeyAuthorizationAnnotatedChallenge
 from certbot.compat import os
 from certbot.plugins import common
-from certbot_nginx._internal import nginxparser
-from certbot_nginx._internal.obj import Addr
+from certbot._internal.plugins.nginx import nginxparser
+from certbot._internal.plugins.nginx.obj import Addr
 
 if TYPE_CHECKING:
-    from certbot_nginx._internal.configurator import NginxConfigurator
+    from certbot._internal.plugins.nginx.configurator import NginxConfigurator
 
 logger = logging.getLogger(__name__)
 
@@ -146,7 +146,7 @@ class NginxHttp01(common.ChallengePerformer):
 
     def _default_listen_addresses(self) -> list[Addr]:
         """Finds addresses for a challenge block to listen on.
-        :returns: list of :class:`certbot_nginx._internal.obj.Addr` to apply
+        :returns: list of :class:`certbot._internal.plugins.nginx.obj.Addr` to apply
         :rtype: list
         """
         addresses: list[Addr] = []

certbot/src/certbot/_internal/plugins/nginx/obj.py

@@ -136,7 +136,7 @@ class Addr(common.Addr):
 
     def __hash__(self) -> int:  # pylint: disable=useless-super-delegation
         # Python 3 requires explicit overridden for __hash__
-        # See certbot-apache/src/certbot_apache/_internal/obj.py for more information
+        # See certbot-apache/src/certbot._internal.plugins.apache/obj.py for more information
         return super().__hash__()
 
     def super_eq(self, other: "Addr") -> bool:

certbot/src/certbot/_internal/plugins/nginx/parser.py

@@ -18,9 +18,9 @@ import pyparsing
 
 from certbot import errors
 from certbot.compat import os
-from certbot_nginx._internal import nginxparser
-from certbot_nginx._internal import obj
-from certbot_nginx._internal.nginxparser import UnspacedList
+from certbot._internal.plugins.nginx import nginxparser
+from certbot._internal.plugins.nginx import obj
+from certbot._internal.plugins.nginx.nginxparser import UnspacedList
 
 logger = logging.getLogger(__name__)
 
@@ -145,7 +145,7 @@ class NginxParser:
         Technically this is a misnomer because Nginx does not have virtual
         hosts, it has 'server blocks'.
 
-        :returns: List of :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :returns: List of :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
             objects found in configuration
         :rtype: list
 
@@ -286,7 +286,8 @@ class NginxParser:
     def has_ssl_on_directive(self, vhost: obj.VirtualHost) -> bool:
         """Does vhost have ssl on for all ports?
 
-        :param :class:`~certbot_nginx._internal.obj.VirtualHost` vhost: The vhost in question
+        :param :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
+            vhost: The vhost in question
 
         :returns: True if 'ssl on' directive is included
         :rtype: bool
@@ -313,7 +314,7 @@ class NginxParser:
         ..todo :: Doesn't match server blocks whose server_name directives are
             split across multiple conf files.
 
-        :param :class:`~certbot_nginx._internal.obj.VirtualHost` vhost: The vhost
+        :param :class:`~certbot._internal.plugins.nginx.obj.VirtualHost` vhost: The vhost
             whose information we use to match on
         :param list directives: The directives to add
         :param bool insert_at_top: True if the directives need to be inserted at the top
@@ -336,7 +337,7 @@ class NginxParser:
         ..todo :: Doesn't match server blocks whose server_name directives are
             split across multiple conf files.
 
-        :param :class:`~certbot_nginx._internal.obj.VirtualHost` vhost: The vhost
+        :param :class:`~certbot._internal.plugins.nginx.obj.VirtualHost` vhost: The vhost
             whose information we use to match on
         :param list directives: The directives to add
         :param bool insert_at_top: True if the directives need to be inserted at the top
@@ -350,7 +351,7 @@ class NginxParser:
                                  match_func: Optional[Callable[[Any], bool]] = None) -> None:
         """Remove all directives of type directive_name.
 
-        :param :class:`~certbot_nginx._internal.obj.VirtualHost` vhost: The vhost
+        :param :class:`~certbot._internal.plugins.nginx.obj.VirtualHost` vhost: The vhost
             to remove directives from
         :param string directive_name: The directive type to remove
         :param callable match_func: Function of the directive that returns true for directives
@@ -389,7 +390,7 @@ class NginxParser:
                         only_directives: Optional[list[Any]] = None) -> obj.VirtualHost:
         """Duplicate the vhost in the configuration files.
 
-        :param :class:`~certbot_nginx._internal.obj.VirtualHost` vhost_template: The vhost
+        :param :class:`~certbot._internal.plugins.nginx.obj.VirtualHost` vhost_template: The vhost
             whose information we copy
         :param bool remove_singleton_listen_params: If we should remove parameters
             from listen directives in the block that can only be used once per address
@@ -397,7 +398,7 @@ class NginxParser:
             looks at first level of depth; does not expand includes.
 
         :returns: A vhost object for the newly created vhost
-        :rtype: :class:`~certbot_nginx._internal.obj.VirtualHost`
+        :rtype: :class:`~certbot._internal.plugins.nginx.obj.VirtualHost`
         """
         # TODO: https://github.com/certbot/certbot/issues/5185
         # put it in the same file as the template, at the same level

certbot/src/certbot/_internal/tests/plugins/apache/__init__.py

@@ -0,0 +1,7 @@
+"""certbot-apache tests"""
+
+import pytest
+
+
+# Make sure we're only running these tests if our apache plugin dependencies are installed
+pytest.importorskip("augeas")