diff --git a/.travis.yml b/.travis.yml
index c92c52f7b..a321de3de 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,7 +20,7 @@ before_script:
matrix:
include:
- python: "2.7"
- env: TOXENV=cover FYI="this also tests py27"
+ env: TOXENV=cover NUMPROCESSES=2 FYI="this also tests py27"
- python: "2.7"
env: TOXENV=lint
- python: "2.7"
@@ -40,7 +40,7 @@ matrix:
sudo: required
services: docker
- python: "2.7"
- env: TOXENV='py27-{acme,apache,certbot,dns}-oldest'
+ env: TOXENV='py27-{acme,apache,certbot,dns,postfix}-oldest'
- sudo: required
env: TOXENV=apache_compat
services: docker
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88251e48a..4d0808de6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,54 @@
Certbot adheres to [Semantic Versioning](http://semver.org/).
+## 0.26.0 - 2018-07-11
+
+### Added
+
+* A new security enhancement which we're calling AutoHSTS has been added to
+ Certbot's Apache plugin. This enhancement configures your webserver to send a
+ HTTP Strict Transport Security header with a low max-age value that is slowly
+ increased over time. The max-age value is not increased to a large value
+ until you've successfully managed to renew your certificate. This enhancement
+ can be requested with the --auto-hsts flag.
+* New official DNS plugins have been created for Gehirn Infrastracture Service,
+ Linode, OVH, and Sakura Cloud. These plugins can be found on our Docker Hub
+ page at https://hub.docker.com/u/certbot and on PyPI.
+* The ability to reuse ACME accounts from Let's Encrypt's ACMEv1 endpoint on
+ Let's Encrypt's ACMEv2 endpoint has been added.
+* Certbot and its components now support Python 3.7.
+* Certbot's install subcommand now allows you to interactively choose which
+ certificate to install from the list of certificates managed by Certbot.
+* Certbot now accepts the flag `--no-autorenew` which causes any obtained
+ certificates to not be automatically renewed when it approaches expiration.
+* Support for parsing the TLS-ALPN-01 challenge has been added back to the acme
+ library.
+
+### Changed
+
+* Certbot's default ACME server has been changed to Let's Encrypt's ACMEv2
+ endpoint. By default, this server will now be used for both new certificate
+ lineages and renewals.
+* The Nginx plugin is no longer marked labeled as an "Alpha" version.
+* The `prepare` method of Certbot's plugins is no longer called before running
+ "Updater" enhancements that are run on every invocation of `certbot renew`.
+
+Despite us having broken lockstep, we are continuing to release new versions of
+all Certbot components during releases for the time being, however, the only
+packages with functional changes were:
+
+* acme
+* certbot
+* certbot-apache
+* certbot-dns-gehirn
+* certbot-dns-linode
+* certbot-dns-ovh
+* certbot-dns-sakuracloud
+* certbot-nginx
+
+More details about these changes can be found on our GitHub repo:
+https://github.com/certbot/certbot/milestone/55?closed=1
+
## 0.25.1 - 2018-06-13
### Fixed
diff --git a/acme/acme/client.py b/acme/acme/client.py
index bdc07fb1c..a0bfe460d 100644
--- a/acme/acme/client.py
+++ b/acme/acme/client.py
@@ -50,7 +50,6 @@ class ClientBase(object): # pylint: disable=too-many-instance-attributes
:ivar .ClientNetwork net: Client network.
:ivar int acme_version: ACME protocol version. 1 or 2.
"""
-
def __init__(self, directory, net, acme_version):
"""Initialize.
@@ -588,6 +587,30 @@ class ClientV2(ClientBase):
self.net.account = regr
return regr
+ def update_registration(self, regr, update=None):
+ """Update registration.
+
+ :param messages.RegistrationResource regr: Registration Resource.
+ :param messages.Registration update: Updated body of the
+ resource. If not provided, body will be taken from `regr`.
+
+ :returns: Updated Registration Resource.
+ :rtype: `.RegistrationResource`
+
+ """
+ # https://github.com/certbot/certbot/issues/6155
+ new_regr = self._get_v2_account(regr)
+ return super(ClientV2, self).update_registration(new_regr, update)
+
+ def _get_v2_account(self, regr):
+ self.net.account = None
+ only_existing_reg = regr.body.update(only_return_existing=True)
+ response = self._post(self.directory['newAccount'], only_existing_reg)
+ updated_uri = response.headers['Location']
+ new_regr = regr.update(uri=updated_uri)
+ self.net.account = new_regr
+ return new_regr
+
def new_order(self, csr_pem):
"""Request a new Order object from the server.
@@ -910,6 +933,7 @@ class ClientNetwork(object): # pylint: disable=too-many-instance-attributes
if acme_version == 2:
kwargs["url"] = url
# newAccount and revokeCert work without the kid
+ # newAccount must not have kid
if self.account is not None:
kwargs["kid"] = self.account["uri"]
kwargs["key"] = self.key
diff --git a/acme/acme/client_test.py b/acme/acme/client_test.py
index f3018ed81..cd31c4ac3 100644
--- a/acme/acme/client_test.py
+++ b/acme/acme/client_test.py
@@ -139,7 +139,7 @@ class BackwardsCompatibleClientV2Test(ClientTestBase):
client = self._init()
self.assertEqual(client.directory, client.client.directory)
self.assertEqual(client.key, KEY)
- self.assertEqual(client.update_registration, client.client.update_registration)
+ self.assertEqual(client.deactivate_registration, client.client.deactivate_registration)
self.assertRaises(AttributeError, client.__getattr__, 'nonexistent')
self.assertRaises(AttributeError, client.__getattr__, 'new_account_and_tos')
self.assertRaises(AttributeError, client.__getattr__, 'new_account')
@@ -270,6 +270,13 @@ class BackwardsCompatibleClientV2Test(ClientTestBase):
client.revoke(messages_test.CERT, self.rsn)
mock_client().revoke.assert_called_once_with(messages_test.CERT, self.rsn)
+ def test_update_registration(self):
+ self.response.json.return_value = DIRECTORY_V1.to_json()
+ with mock.patch('acme.client.Client') as mock_client:
+ client = self._init()
+ client.update_registration(mock.sentinel.regr, None)
+ mock_client().update_registration.assert_called_once_with(mock.sentinel.regr, None)
+
class ClientTest(ClientTestBase):
"""Tests for acme.client.Client."""
@@ -789,6 +796,19 @@ class ClientV2Test(ClientTestBase):
self.net.post.assert_called_once_with(
self.directory["revokeCert"], mock.ANY, acme_version=2)
+ def test_update_registration(self):
+ # "Instance of 'Field' has no to_json/update member" bug:
+ # pylint: disable=no-member
+ self.response.headers['Location'] = self.regr.uri
+ self.response.json.return_value = self.regr.body.to_json()
+ self.assertEqual(self.regr, self.client.update_registration(self.regr))
+ self.assertNotEqual(self.client.net.account, None)
+ self.assertEqual(self.client.net.post.call_count, 2)
+ self.assertTrue(DIRECTORY_V2.newAccount in self.net.post.call_args_list[0][0])
+
+ self.response.json.return_value = self.regr.body.update(
+ contact=()).to_json()
+
class MockJSONDeSerializable(jose.JSONDeSerializable):
# pylint: disable=missing-docstring
diff --git a/acme/acme/messages.py b/acme/acme/messages.py
index 827a4dd11..5be458580 100644
--- a/acme/acme/messages.py
+++ b/acme/acme/messages.py
@@ -274,6 +274,7 @@ class Registration(ResourceBody):
agreement = jose.Field('agreement', omitempty=True)
status = jose.Field('status', omitempty=True)
terms_of_service_agreed = jose.Field('termsOfServiceAgreed', omitempty=True)
+ only_return_existing = jose.Field('onlyReturnExisting', omitempty=True)
phone_prefix = 'tel:'
email_prefix = 'mailto:'
diff --git a/acme/setup.py b/acme/setup.py
index ecafac61a..88592013c 100644
--- a/acme/setup.py
+++ b/acme/setup.py
@@ -3,7 +3,7 @@ from setuptools import find_packages
from setuptools.command.test import test as TestCommand
import sys
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Please update tox.ini when modifying dependency version requirements
install_requires = [
@@ -58,7 +58,7 @@ setup(
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
classifiers=[
- 'Development Status :: 3 - Alpha',
+ 'Development Status :: 5 - Production/Stable',
'Intended Audience :: Developers',
'License :: OSI Approved :: Apache Software License',
'Programming Language :: Python',
@@ -68,6 +68,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
],
diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py
index ab83a5332..bb77e2e41 100644
--- a/certbot-apache/certbot_apache/configurator.py
+++ b/certbot-apache/certbot_apache/configurator.py
@@ -165,6 +165,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
self._autohsts = {} # type: Dict[str, Dict[str, Union[int, float]]]
# These will be set in the prepare function
+ self._prepared = False
self.parser = None
self.version = version
self.vhosts = None
@@ -249,6 +250,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
logger.debug("Encountered error:", exc_info=True)
raise errors.PluginError(
"Unable to lock %s", self.conf("server-root"))
+ self._prepared = True
def _check_aug_version(self):
""" Checks that we have recent enough version of libaugeas.
@@ -2394,6 +2396,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
continue
nextstep = config["laststep"] + 1
if nextstep < len(constants.AUTOHSTS_STEPS):
+ # If installer hasn't been prepared yet, do it now
+ if not self._prepared:
+ self.prepare()
# Have not reached the max value yet
try:
vhost = self.find_vhost_by_id(id_str)
diff --git a/certbot-apache/certbot_apache/tests/autohsts_test.py b/certbot-apache/certbot_apache/tests/autohsts_test.py
index 86d985079..73da33f15 100644
--- a/certbot-apache/certbot_apache/tests/autohsts_test.py
+++ b/certbot-apache/certbot_apache/tests/autohsts_test.py
@@ -55,7 +55,9 @@ class AutoHSTSTest(util.ApacheTest):
@mock.patch("certbot_apache.constants.AUTOHSTS_FREQ", 0)
@mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
- def test_autohsts_increase(self, _mock_restart):
+ @mock.patch("certbot_apache.configurator.ApacheConfigurator.prepare")
+ def test_autohsts_increase(self, mock_prepare, _mock_restart):
+ self.config._prepared = False
maxage = "\"max-age={0}\""
initial_val = maxage.format(constants.AUTOHSTS_STEPS[0])
inc_val = maxage.format(constants.AUTOHSTS_STEPS[1])
@@ -69,6 +71,7 @@ class AutoHSTSTest(util.ApacheTest):
# Verify increased value
self.assertEquals(self.get_autohsts_value(self.vh_truth[7].path),
inc_val)
+ self.assertTrue(mock_prepare.called)
@mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
@mock.patch("certbot_apache.configurator.ApacheConfigurator._autohsts_increase")
diff --git a/certbot-apache/setup.py b/certbot-apache/setup.py
index ffaa6a863..f435bb1a9 100644
--- a/certbot-apache/setup.py
+++ b/certbot-apache/setup.py
@@ -2,13 +2,13 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'acme>=0.25.0',
- 'certbot>=0.26.0.dev0',
+ 'certbot>=0.26.0',
'mock',
'python-augeas',
'setuptools',
@@ -31,7 +31,7 @@ setup(
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
classifiers=[
- 'Development Status :: 3 - Alpha',
+ 'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
'Intended Audience :: System Administrators',
'License :: OSI Approved :: Apache Software License',
@@ -43,6 +43,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-auto b/certbot-auto
index d2cfa672d..e097719db 100755
--- a/certbot-auto
+++ b/certbot-auto
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.25.1"
+LE_AUTO_VERSION="0.26.1"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -1060,37 +1060,26 @@ ConfigArgParse==0.12.0 \
configobj==5.0.6 \
--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902 \
--no-binary configobj
-cryptography==2.0.2 \
- --hash=sha256:187ae17358436d2c760f28c2aeb02fefa3f37647a9c5b6f7f7c3e83cd1c5a972 \
- --hash=sha256:19e43a13bbf52028dd1e810c803f2ad8880d0692d772f98d42e1eaf34bdee3d6 \
- --hash=sha256:da9291502cbc87dc0284a20c56876e4d2e68deac61cc43df4aec934e44ca97b1 \
- --hash=sha256:0954f8813095f581669330e0a2d5e726c33ac7f450c1458fac58bab54595e516 \
- --hash=sha256:d68b0cc40a8432ed3fc84876c519de704d6001800ec22b136e75ae841910c45b \
- --hash=sha256:2f8ad9580ab4da645cfea52a91d2da99a49a1e76616d8be68441a986fad652b0 \
- --hash=sha256:cc00b4511294f5f6b65c4e77a1a9c62f52490a63d2c120f3872176b40a82351e \
- --hash=sha256:cf896020f6a9f095a547b3d672c8db1ef2ed71fca11250731fa1d4a4cb8b1590 \
- --hash=sha256:e0fdb8322206fa02aa38f71519ff75dce2eb481b7e1110e2936795cb376bb6ee \
- --hash=sha256:277538466657ca5d6637f80be100242f9831d75138b788d718edd3aab34621f8 \
- --hash=sha256:2c77eb0560f54ce654ab82d6b2a64327a71ee969b29022bf9746ca311c9f5069 \
- --hash=sha256:755a7853b679e79d0a799351c092a9b0271f95ff54c8dd8823d8b527a2926a86 \
- --hash=sha256:77197a2d525e761cdd4c771180b4bd0d80703654c6385e4311cbbbe2beb56fa1 \
- --hash=sha256:eb8bb79d0ab00c931c8333b745f06fec481a51c52d70acd4ee95d6093ba5c386 \
- --hash=sha256:131f61de82ef28f3e20beb4bfc24f9692d28cecfd704e20e6c7f070f7793013a \
- --hash=sha256:ac35435974b2e27cd4520f29c191d7da36f4189aa3264e52c4c6c6d089ab6142 \
- --hash=sha256:04b6ea99daa2a8460728794213d76d45ad58ea247dc7e7ff148d7dd726e87863 \
- --hash=sha256:2b9442f8b4c3d575f6cc3db0e856034e0f5a9d55ecd636f52d8c496795b26952 \
- --hash=sha256:b3d3b3ecba1fe1bdb6f180770a137f877c8f07571f7b2934bb269475bcf0e5e8 \
- --hash=sha256:670a58c0d75cb0e78e73dd003bd96d4440bbb1f2bc041dcf7b81767ca4fb0ce9 \
- --hash=sha256:5af84d23bdb86b5e90aca263df1424b43f1748480bfcde3ac2a3cbe622612468 \
- --hash=sha256:ba22e8eefabdd7aca37d0c0c00d2274000d2cebb5cce9e5a710cb55bf8797b31 \
- --hash=sha256:b798b22fa7e92b439547323b8b719d217f1e1b7677585cfeeedf3b55c70bb7fb \
- --hash=sha256:59cff28af8cce96cb7e94a459726e1d88f6f5fa75097f9dcbebd99118d64ea4c \
- --hash=sha256:fe859e445abc9ba9e97950ddafb904e23234c4ecb76b0fae6c86e80592ce464a \
- --hash=sha256:655f3c474067f1e277430f23cc0549f0b1dc99b82aec6e53f80b9b2db7f76f11 \
- --hash=sha256:0ebc2be053c9a03a2f3e20a466e87bf12a51586b3c79bd2a22171b073a805346 \
- --hash=sha256:01e6e60654df64cca53733cda39446d67100c819c181d403afb120e0d2a71e1b \
- --hash=sha256:d46f4e5d455cb5563685c52ef212696f0a6cc1ea627603218eabbd8a095291d8 \
- --hash=sha256:3780b2663ee7ebb37cb83263326e3cd7f8b2ea439c448539d4b87de12c8d06ab
+cryptography==2.2.2 \
+ --hash=sha256:3f3b65d5a16e6b52fba63dc860b62ca9832f51f1a2ae5083c78b6840275f12dd \
+ --hash=sha256:5251e7de0de66810833606439ca65c9b9e45da62196b0c88bfadf27740aac09f \
+ --hash=sha256:551a3abfe0c8c6833df4192a63371aa2ff43afd8f570ed345d31f251d78e7e04 \
+ --hash=sha256:5cb990056b7cadcca26813311187ad751ea644712022a3976443691168781b6f \
+ --hash=sha256:60bda7f12ecb828358be53095fc9c6edda7de8f1ef571f96c00b2363643fa3cd \
+ --hash=sha256:64b5c67acc9a7c83fbb4b69166f3105a0ab722d27934fac2cb26456718eec2ba \
+ --hash=sha256:6fef51ec447fe9f8351894024e94736862900d3a9aa2961528e602eb65c92bdb \
+ --hash=sha256:77d0ad229d47a6e0272d00f6bf8ac06ce14715a9fd02c9a97f5a2869aab3ccb2 \
+ --hash=sha256:808fe471b1a6b777f026f7dc7bd9a4959da4bfab64972f2bbe91e22527c1c037 \
+ --hash=sha256:9b62fb4d18529c84b961efd9187fecbb48e89aa1a0f9f4161c61b7fc42a101bd \
+ --hash=sha256:9e5bed45ec6b4f828866ac6a6bedf08388ffcfa68abe9e94b34bb40977aba531 \
+ --hash=sha256:9fc295bf69130a342e7a19a39d7bbeb15c0bcaabc7382ec33ef3b2b7d18d2f63 \
+ --hash=sha256:abd070b5849ed64e6d349199bef955ee0ad99aefbad792f0c587f8effa681a5e \
+ --hash=sha256:ba6a774749b6e510cffc2fb98535f717e0e5fd91c7c99a61d223293df79ab351 \
+ --hash=sha256:c332118647f084c983c6a3e1dba0f3bcb051f69d12baccac68db8d62d177eb8a \
+ --hash=sha256:d6f46e862ee36df81e6342c2177ba84e70f722d9dc9c6c394f9f1f434c4a5563 \
+ --hash=sha256:db6013746f73bf8edd9c3d1d3f94db635b9422f503db3fc5ef105233d4c011ab \
+ --hash=sha256:f57008eaff597c69cf692c3518f6d4800f0309253bb138b526a37fe9ef0c7471 \
+ --hash=sha256:f6c821ac253c19f2ad4c8691633ae1d1a17f120d5b01ea1d256d7b602bc59887
enum34==1.1.2 ; python_version < '3.4' \
--hash=sha256:2475d7fcddf5951e92ff546972758802de5260bf409319a9f1934e6bbc8b1dc7 \
--hash=sha256:35907defb0f992b75ab7788f65fedc1cf20ffa22688e0e6f6f12afc06b3ea501
@@ -1103,9 +1092,9 @@ idna==2.5 \
ipaddress==1.0.16 \
--hash=sha256:935712800ce4760701d89ad677666cd52691fd2f6f0b340c8b4239a3c17988a5 \
--hash=sha256:5a3182b322a706525c46282ca6f064d27a02cffbd449f9f47416f1dc96aa71b0
-josepy==1.0.1 \
- --hash=sha256:354a3513038a38bbcd27c97b7c68a8f3dfaff0a135b20a92c6db4cc4ea72915e \
- --hash=sha256:9f48b88ca37f0244238b1cc77723989f7c54f7b90b2eee6294390bacfe870acc
+josepy==1.1.0 \
+ --hash=sha256:1309a25aac3caeff5239729c58ff9b583f7d022ffdb1553406ddfc8e5b52b76e \
+ --hash=sha256:fb5c62c77d26e04df29cb5ecd01b9ce69b6fcc9e521eb1ca193b7faa2afa7086
linecache2==1.0.0 \
--hash=sha256:e78be9c0a0dfcbac712fe04fbf92b96cddae80b1b842f24248214c8496f006ef \
--hash=sha256:4b26ff4e7110db76eeb6f5a7b64a82623839d595c2038eeda662f2a2db78e97c
@@ -1208,18 +1197,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
-certbot==0.25.1 \
- --hash=sha256:01689015364685fef3f1e1fb7832ba84eb3b0aa85bc5a71c96661f6d4c59981f \
- --hash=sha256:5c23e5186133bb1afd805be5e0cd2fb7b95862a8b0459c9ecad4ae60f933e54e
-acme==0.25.1 \
- --hash=sha256:26e641a01536705fe5f12d856703b8ef06e5a07981a7b6379d2771dcdb69a742 \
- --hash=sha256:47b5f3f73d69b7b1d13f918aa2cd75a8093069a68becf4af38e428e4613b2734
-certbot-apache==0.25.1 \
- --hash=sha256:a28b7c152cc11474bef5b5e7967aaea42b2c0aaf86fd82ee4082713d33cee5a9 \
- --hash=sha256:ed012465617073a0f1057fe854dc8d1eb6d2dd7ede1fb2eee765129fed2a095a
-certbot-nginx==0.25.1 \
- --hash=sha256:83f82c3ba08c0b1d4bf449ac24018e8e7dd34a6248d35466f2de7da1cd312e15 \
- --hash=sha256:68f98b41c54e0bf4218ef293079597176617bee3837ae3aa6528ce2ff0bf4f9c
+certbot==0.26.1 \
+ --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+ --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+ --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+ --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+ --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+ --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+ --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+ --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624
UNLIKELY_EOF
# -------------------------------------------------------------------------
diff --git a/certbot-compatibility-test/setup.py b/certbot-compatibility-test/setup.py
index bf86df5da..e4ccc719a 100644
--- a/certbot-compatibility-test/setup.py
+++ b/certbot-compatibility-test/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
install_requires = [
'certbot',
@@ -46,6 +46,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
],
diff --git a/certbot-dns-cloudflare/setup.py b/certbot-dns-cloudflare/setup.py
index 055a8cffc..05649d4d0 100644
--- a/certbot-dns-cloudflare/setup.py
+++ b/certbot-dns-cloudflare/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-cloudxns/setup.py b/certbot-dns-cloudxns/setup.py
index 2c0c074be..911f9e052 100644
--- a/certbot-dns-cloudxns/setup.py
+++ b/certbot-dns-cloudxns/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-digitalocean/setup.py b/certbot-dns-digitalocean/setup.py
index bd5f2ff26..9dd318296 100644
--- a/certbot-dns-digitalocean/setup.py
+++ b/certbot-dns-digitalocean/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -43,6 +43,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-dnsimple/setup.py b/certbot-dns-dnsimple/setup.py
index 581c478b8..09b11def0 100644
--- a/certbot-dns-dnsimple/setup.py
+++ b/certbot-dns-dnsimple/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-dnsmadeeasy/setup.py b/certbot-dns-dnsmadeeasy/setup.py
index c5d310d71..2ca3213bf 100644
--- a/certbot-dns-dnsmadeeasy/setup.py
+++ b/certbot-dns-dnsmadeeasy/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-gehirn/Dockerfile b/certbot-dns-gehirn/Dockerfile
new file mode 100644
index 000000000..48ad902b5
--- /dev/null
+++ b/certbot-dns-gehirn/Dockerfile
@@ -0,0 +1,5 @@
+FROM certbot/certbot
+
+COPY . src/certbot-dns-gehirn
+
+RUN pip install --no-cache-dir --editable src/certbot-dns-gehirn
diff --git a/certbot-dns-gehirn/LICENSE.txt b/certbot-dns-gehirn/LICENSE.txt
new file mode 100644
index 000000000..8316b6a0e
--- /dev/null
+++ b/certbot-dns-gehirn/LICENSE.txt
@@ -0,0 +1,190 @@
+ Copyright 2018 Electronic Frontier Foundation and others
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
diff --git a/certbot-dns-gehirn/MANIFEST.in b/certbot-dns-gehirn/MANIFEST.in
new file mode 100644
index 000000000..18f018c08
--- /dev/null
+++ b/certbot-dns-gehirn/MANIFEST.in
@@ -0,0 +1,3 @@
+include LICENSE.txt
+include README.rst
+recursive-include docs *
diff --git a/certbot-dns-gehirn/README.rst b/certbot-dns-gehirn/README.rst
new file mode 100644
index 000000000..16058eff8
--- /dev/null
+++ b/certbot-dns-gehirn/README.rst
@@ -0,0 +1 @@
+Gehirn Infrastracture Service DNS Authenticator plugin for Certbot
diff --git a/certbot-dns-gehirn/certbot_dns_gehirn/__init__.py b/certbot-dns-gehirn/certbot_dns_gehirn/__init__.py
new file mode 100644
index 000000000..db54154ac
--- /dev/null
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/__init__.py
@@ -0,0 +1,88 @@
+"""
+The `~certbot_dns_gehirn.dns_gehirn` plugin automates the process of completing
+a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and subsequently
+removing, TXT records using the Gehirn Infrastracture Service DNS API.
+
+
+Named Arguments
+---------------
+
+======================================== =====================================
+``--dns-gehirn-credentials`` Gehirn Infrastracture Service
+ credentials_ INI file.
+ (Required)
+``--dns-gehirn-propagation-seconds`` The number of seconds to wait for DNS
+ to propagate before asking the ACME
+ server to verify the DNS record.
+ (Default: 30)
+======================================== =====================================
+
+
+Credentials
+-----------
+
+Use of this plugin requires a configuration file containing
+Gehirn Infrastracture Service DNS API credentials,
+obtained from your Gehirn Infrastracture Service
+`dashboard `_.
+
+.. code-block:: ini
+ :name: credentials.ini
+ :caption: Example credentials file:
+
+ # Gehirn Infrastracture Service API credentials used by Certbot
+ dns_gehirn_api_token = 00000000-0000-0000-0000-000000000000
+ dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+
+The path to this file can be provided interactively or using the
+``--dns-gehirn-credentials`` command-line argument. Certbot records the path
+to this file for use during renewal, but does not store the file's contents.
+
+.. caution::
+ You should protect these API credentials as you would the password to your
+ Gehirn Infrastracture Service account. Users who can read this file can use
+ these credentials to issue arbitrary API calls on your behalf. Users who can
+ cause Certbot to run using these credentials can complete a ``dns-01``
+ challenge to acquire new certificates or revoke existing certificates for
+ associated domains, even if those domains aren't being managed by this server.
+
+Certbot will emit a warning if it detects that the credentials file can be
+accessed by other users on your system. The warning reads "Unsafe permissions
+on credentials configuration file", followed by the path to the credentials
+file. This warning will be emitted each time Certbot uses the credentials file,
+including for renewal, and cannot be silenced except by addressing the issue
+(e.g., by using a command like ``chmod 600`` to restrict access to the file).
+
+
+Examples
+--------
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``
+
+ certbot certonly \\
+ --dns-gehirn \\
+ --dns-gehirn-credentials ~/.secrets/certbot/gehirn.ini \\
+ -d example.com
+
+.. code-block:: bash
+ :caption: To acquire a single certificate for both ``example.com`` and
+ ``www.example.com``
+
+ certbot certonly \\
+ --dns-gehirn \\
+ --dns-gehirn-credentials ~/.secrets/certbot/gehirn.ini \\
+ -d example.com \\
+ -d www.example.com
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``, waiting 60 seconds
+ for DNS propagation
+
+ certbot certonly \\
+ --dns-gehirn \\
+ --dns-gehirn-credentials ~/.secrets/certbot/gehirn.ini \\
+ --dns-gehirn-propagation-seconds 60 \\
+ -d example.com
+
+"""
diff --git a/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn.py b/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn.py
new file mode 100644
index 000000000..50bfce1ae
--- /dev/null
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn.py
@@ -0,0 +1,84 @@
+"""DNS Authenticator for Gehirn Infrastracture Service DNS."""
+import logging
+
+import zope.interface
+from lexicon.providers import gehirn
+
+from certbot import interfaces
+from certbot.plugins import dns_common
+from certbot.plugins import dns_common_lexicon
+
+logger = logging.getLogger(__name__)
+
+DASHBOARD_URL = "https://gis.gehirn.jp/"
+
+@zope.interface.implementer(interfaces.IAuthenticator)
+@zope.interface.provider(interfaces.IPluginFactory)
+class Authenticator(dns_common.DNSAuthenticator):
+ """DNS Authenticator for Gehirn Infrastracture Service DNS
+
+ This Authenticator uses the Gehirn Infrastracture Service API to fulfill
+ a dns-01 challenge.
+ """
+
+ description = 'Obtain certificates using a DNS TXT record ' + \
+ '(if you are using Gehirn Infrastracture Service for DNS).'
+ ttl = 60
+
+ def __init__(self, *args, **kwargs):
+ super(Authenticator, self).__init__(*args, **kwargs)
+ self.credentials = None
+
+ @classmethod
+ def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
+ super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=30)
+ add('credentials', help='Gehirn Infrastracture Service credentials file.')
+
+ def more_info(self): # pylint: disable=missing-docstring,no-self-use
+ return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
+ 'the Gehirn Infrastracture Service API.'
+
+ def _setup_credentials(self):
+ self.credentials = self._configure_credentials(
+ 'credentials',
+ 'Gehirn Infrastracture Service credentials file',
+ {
+ 'api-token': 'API token for Gehirn Infrastracture Service ' + \
+ 'API obtained from {0}'.format(DASHBOARD_URL),
+ 'api-secret': 'API secret for Gehirn Infrastracture Service ' + \
+ 'API obtained from {0}'.format(DASHBOARD_URL),
+ }
+ )
+
+ def _perform(self, domain, validation_name, validation):
+ self._get_gehirn_client().add_txt_record(domain, validation_name, validation)
+
+ def _cleanup(self, domain, validation_name, validation):
+ self._get_gehirn_client().del_txt_record(domain, validation_name, validation)
+
+ def _get_gehirn_client(self):
+ return _GehirnLexiconClient(
+ self.credentials.conf('api-token'),
+ self.credentials.conf('api-secret'),
+ self.ttl
+ )
+
+
+class _GehirnLexiconClient(dns_common_lexicon.LexiconClient):
+ """
+ Encapsulates all communication with the Gehirn Infrastracture Service via Lexicon.
+ """
+
+ def __init__(self, api_token, api_secret, ttl):
+ super(_GehirnLexiconClient, self).__init__()
+
+ self.provider = gehirn.Provider({
+ 'auth_token': api_token,
+ 'auth_secret': api_secret,
+ 'ttl': ttl,
+ })
+
+ def _handle_http_error(self, e, domain_name):
+ if domain_name in str(e) and (str(e).startswith('404 Client Error: Not Found for url:')):
+ return # Expected errors when zone name guess is wrong
+ return super(_GehirnLexiconClient, self)._handle_http_error(e, domain_name)
diff --git a/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn_test.py b/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn_test.py
new file mode 100644
index 000000000..b771c103e
--- /dev/null
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn_test.py
@@ -0,0 +1,55 @@
+"""Tests for certbot_dns_gehirn.dns_gehirn."""
+
+import os
+import unittest
+
+import mock
+from requests.exceptions import HTTPError
+
+from certbot.plugins import dns_test_common
+from certbot.plugins import dns_test_common_lexicon
+from certbot.plugins.dns_test_common import DOMAIN
+from certbot.tests import util as test_util
+
+API_TOKEN = '00000000-0000-0000-0000-000000000000'
+API_SECRET = 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw'
+
+class AuthenticatorTest(test_util.TempDirTestCase,
+ dns_test_common_lexicon.BaseLexiconAuthenticatorTest):
+
+ def setUp(self):
+ super(AuthenticatorTest, self).setUp()
+
+ from certbot_dns_gehirn.dns_gehirn import Authenticator
+
+ path = os.path.join(self.tempdir, 'file.ini')
+ dns_test_common.write(
+ {"gehirn_api_token": API_TOKEN, "gehirn_api_secret": API_SECRET},
+ path
+ )
+
+ self.config = mock.MagicMock(gehirn_credentials=path,
+ gehirn_propagation_seconds=0) # don't wait during tests
+
+ self.auth = Authenticator(self.config, "gehirn")
+
+ self.mock_client = mock.MagicMock()
+ # _get_gehirn_client | pylint: disable=protected-access
+ self.auth._get_gehirn_client = mock.MagicMock(return_value=self.mock_client)
+
+
+class GehirnLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):
+ DOMAIN_NOT_FOUND = HTTPError('404 Client Error: Not Found for url: {0}.'.format(DOMAIN))
+ LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: {0}.'.format(DOMAIN))
+
+ def setUp(self):
+ from certbot_dns_gehirn.dns_gehirn import _GehirnLexiconClient
+
+ self.client = _GehirnLexiconClient(API_TOKEN, API_SECRET, 0)
+
+ self.provider_mock = mock.MagicMock()
+ self.client.provider = self.provider_mock
+
+
+if __name__ == "__main__":
+ unittest.main() # pragma: no cover
diff --git a/certbot-dns-gehirn/docs/.gitignore b/certbot-dns-gehirn/docs/.gitignore
new file mode 100644
index 000000000..ba65b13af
--- /dev/null
+++ b/certbot-dns-gehirn/docs/.gitignore
@@ -0,0 +1 @@
+/_build/
diff --git a/certbot-dns-gehirn/docs/Makefile b/certbot-dns-gehirn/docs/Makefile
new file mode 100644
index 000000000..a363d1b47
--- /dev/null
+++ b/certbot-dns-gehirn/docs/Makefile
@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+SPHINXPROJ = certbot-dns-gehirn
+SOURCEDIR = .
+BUILDDIR = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file
diff --git a/certbot-dns-gehirn/docs/api.rst b/certbot-dns-gehirn/docs/api.rst
new file mode 100644
index 000000000..8668ec5d8
--- /dev/null
+++ b/certbot-dns-gehirn/docs/api.rst
@@ -0,0 +1,8 @@
+=================
+API Documentation
+=================
+
+.. toctree::
+ :glob:
+
+ api/**
diff --git a/certbot-dns-gehirn/docs/api/dns_gehirn.rst b/certbot-dns-gehirn/docs/api/dns_gehirn.rst
new file mode 100644
index 000000000..35a13e9c1
--- /dev/null
+++ b/certbot-dns-gehirn/docs/api/dns_gehirn.rst
@@ -0,0 +1,5 @@
+:mod:`certbot_dns_gehirn.dns_gehirn`
+------------------------------------
+
+.. automodule:: certbot_dns_gehirn.dns_gehirn
+ :members:
diff --git a/certbot-dns-gehirn/docs/conf.py b/certbot-dns-gehirn/docs/conf.py
new file mode 100644
index 000000000..a1b2799fb
--- /dev/null
+++ b/certbot-dns-gehirn/docs/conf.py
@@ -0,0 +1,180 @@
+# -*- coding: utf-8 -*-
+#
+# certbot-dns-gehirn documentation build configuration file, created by
+# sphinx-quickstart on Wed May 10 18:30:40 2017.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = ['sphinx.ext.autodoc',
+ 'sphinx.ext.intersphinx',
+ 'sphinx.ext.todo',
+ 'sphinx.ext.coverage',
+ 'sphinx.ext.viewcode']
+
+autodoc_member_order = 'bysource'
+autodoc_default_flags = ['show-inheritance', 'private-members']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'certbot-dns-gehirn'
+copyright = u'2018, Certbot Project'
+author = u'Certbot Project'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = u'0'
+# The full version, including alpha/beta/rc tags.
+release = u'0'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'en'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This patterns also effect to html_static_path and html_extra_path
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+default_role = 'py:obj'
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+#
+
+# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
+# on_rtd is whether we are on readthedocs.org
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+if not on_rtd: # only import and set the theme if we're building docs locally
+ import sphinx_rtd_theme
+ html_theme = 'sphinx_rtd_theme'
+ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+# otherwise, readthedocs.org uses their theme by default, so no need to specify it
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+
+# -- Options for HTMLHelp output ------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'certbot-dns-gehirndoc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+ # The paper size ('letterpaper' or 'a4paper').
+ #
+ # 'papersize': 'letterpaper',
+
+ # The font size ('10pt', '11pt' or '12pt').
+ #
+ # 'pointsize': '10pt',
+
+ # Additional stuff for the LaTeX preamble.
+ #
+ # 'preamble': '',
+
+ # Latex figure (float) alignment
+ #
+ # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+# author, documentclass [howto, manual, or own class]).
+latex_documents = [
+ (master_doc, 'certbot-dns-gehirn.tex', u'certbot-dns-gehirn Documentation',
+ u'Certbot Project', 'manual'),
+]
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ (master_doc, 'certbot-dns-gehirn', u'certbot-dns-gehirn Documentation',
+ [author], 1)
+]
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ (master_doc, 'certbot-dns-gehirn', u'certbot-dns-gehirn Documentation',
+ author, 'certbot-dns-gehirn', 'One line description of project.',
+ 'Miscellaneous'),
+]
+
+
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {
+ 'python': ('https://docs.python.org/', None),
+ 'acme': ('https://acme-python.readthedocs.org/en/latest/', None),
+ 'certbot': ('https://certbot.eff.org/docs/', None),
+}
diff --git a/certbot-dns-gehirn/docs/index.rst b/certbot-dns-gehirn/docs/index.rst
new file mode 100644
index 000000000..77546fa89
--- /dev/null
+++ b/certbot-dns-gehirn/docs/index.rst
@@ -0,0 +1,28 @@
+.. certbot-dns-gehirn documentation master file, created by
+ sphinx-quickstart on Wed May 10 18:30:40 2017.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Welcome to certbot-dns-gehirn's documentation!
+==============================================
+
+.. toctree::
+ :maxdepth: 2
+ :caption: Contents:
+
+.. toctree::
+ :maxdepth: 1
+
+ api
+
+.. automodule:: certbot_dns_gehirn
+ :members:
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
diff --git a/certbot-dns-gehirn/docs/make.bat b/certbot-dns-gehirn/docs/make.bat
new file mode 100644
index 000000000..905d4ee90
--- /dev/null
+++ b/certbot-dns-gehirn/docs/make.bat
@@ -0,0 +1,36 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+set SPHINXPROJ=certbot-dns-gehirn
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd
diff --git a/certbot-dns-gehirn/readthedocs.org.requirements.txt b/certbot-dns-gehirn/readthedocs.org.requirements.txt
new file mode 100644
index 000000000..d9f4f9823
--- /dev/null
+++ b/certbot-dns-gehirn/readthedocs.org.requirements.txt
@@ -0,0 +1,12 @@
+# readthedocs.org gives no way to change the install command to "pip
+# install -e .[docs]" (that would in turn install documentation
+# dependencies), but it allows to specify a requirements.txt file at
+# https://readthedocs.org/dashboard/letsencrypt/advanced/ (c.f. #259)
+
+# Although ReadTheDocs certainly doesn't need to install the project
+# in --editable mode (-e), just "pip install .[docs]" does not work as
+# expected and "pip install -e .[docs]" must be used instead
+
+-e acme
+-e .
+-e certbot-dns-gehirn[docs]
diff --git a/certbot-dns-gehirn/setup.cfg b/certbot-dns-gehirn/setup.cfg
new file mode 100644
index 000000000..2a9acf13d
--- /dev/null
+++ b/certbot-dns-gehirn/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal = 1
diff --git a/certbot-dns-gehirn/setup.py b/certbot-dns-gehirn/setup.py
new file mode 100644
index 000000000..e9ead6546
--- /dev/null
+++ b/certbot-dns-gehirn/setup.py
@@ -0,0 +1,66 @@
+import sys
+
+from setuptools import setup
+from setuptools import find_packages
+
+
+version = '0.27.0.dev0'
+
+# Please update tox.ini when modifying dependency version requirements
+install_requires = [
+ 'acme>=0.21.1',
+ 'certbot>=0.21.1',
+ 'dns-lexicon>=2.1.22',
+ 'mock',
+ 'setuptools',
+ 'zope.interface',
+]
+
+docs_extras = [
+ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
+ 'sphinx_rtd_theme',
+]
+
+setup(
+ name='certbot-dns-gehirn',
+ version=version,
+ description="Gehirn Infrastracture Service DNS Authenticator plugin for Certbot",
+ url='https://github.com/certbot/certbot',
+ author="Certbot Project",
+ author_email='client-dev@letsencrypt.org',
+ license='Apache License 2.0',
+ python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
+ classifiers=[
+ 'Development Status :: 3 - Alpha',
+ 'Environment :: Plugins',
+ 'Intended Audience :: System Administrators',
+ 'License :: OSI Approved :: Apache Software License',
+ 'Operating System :: POSIX :: Linux',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 2',
+ 'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Topic :: Security',
+ 'Topic :: System :: Installation/Setup',
+ 'Topic :: System :: Networking',
+ 'Topic :: System :: Systems Administration',
+ 'Topic :: Utilities',
+ ],
+
+ packages=find_packages(),
+ include_package_data=True,
+ install_requires=install_requires,
+ extras_require={
+ 'docs': docs_extras,
+ },
+ entry_points={
+ 'certbot.plugins': [
+ 'dns-gehirn = certbot_dns_gehirn.dns_gehirn:Authenticator',
+ ],
+ },
+ test_suite='certbot_dns_gehirn',
+)
diff --git a/certbot-dns-google/setup.py b/certbot-dns-google/setup.py
index 01d979c2b..3c7402f25 100644
--- a/certbot-dns-google/setup.py
+++ b/certbot-dns-google/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -47,6 +47,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-linode/Dockerfile b/certbot-dns-linode/Dockerfile
new file mode 100644
index 000000000..2e237b521
--- /dev/null
+++ b/certbot-dns-linode/Dockerfile
@@ -0,0 +1,5 @@
+FROM certbot/certbot
+
+COPY . src/certbot-dns-linode
+
+RUN pip install --no-cache-dir --editable src/certbot-dns-linode
diff --git a/certbot-dns-linode/LICENSE.txt b/certbot-dns-linode/LICENSE.txt
new file mode 100644
index 000000000..981c46c9f
--- /dev/null
+++ b/certbot-dns-linode/LICENSE.txt
@@ -0,0 +1,190 @@
+ Copyright 2015 Electronic Frontier Foundation and others
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
diff --git a/certbot-dns-linode/MANIFEST.in b/certbot-dns-linode/MANIFEST.in
new file mode 100644
index 000000000..18f018c08
--- /dev/null
+++ b/certbot-dns-linode/MANIFEST.in
@@ -0,0 +1,3 @@
+include LICENSE.txt
+include README.rst
+recursive-include docs *
diff --git a/certbot-dns-linode/README.rst b/certbot-dns-linode/README.rst
new file mode 100644
index 000000000..69e1fa056
--- /dev/null
+++ b/certbot-dns-linode/README.rst
@@ -0,0 +1 @@
+Linode DNS Authenticator plugin for Certbot
diff --git a/certbot-dns-linode/certbot_dns_linode/__init__.py b/certbot-dns-linode/certbot_dns_linode/__init__.py
new file mode 100644
index 000000000..0c445f45d
--- /dev/null
+++ b/certbot-dns-linode/certbot_dns_linode/__init__.py
@@ -0,0 +1,86 @@
+"""
+The `~certbot_dns_linode.dns_linode` plugin automates the process of
+completing a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and
+subsequently removing, TXT records using the Linode API.
+
+
+Named Arguments
+---------------
+
+========================================== ===================================
+``--dns-linode-credentials`` Linode credentials_ INI file.
+ (Required)
+``--dns-linode-propagation-seconds`` The number of seconds to wait for
+ DNS to propagate before asking the
+ ACME server to verify the DNS
+ record.
+ (Default: 960)
+========================================== ===================================
+
+
+Credentials
+-----------
+
+Use of this plugin requires a configuration file containing Linode API
+credentials, obtained from your Linode account's `Applications & API
+Tokens page `_.
+
+.. code-block:: ini
+ :name: credentials.ini
+ :caption: Example credentials file:
+
+ # Linode API credentials used by Certbot
+ dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+
+The path to this file can be provided interactively or using the
+``--dns-linode-credentials`` command-line argument. Certbot records the path
+to this file for use during renewal, but does not store the file's contents.
+
+.. caution::
+ You should protect these API credentials as you would the password to your
+ Linode account. Users who can read this file can use these credentials
+ to issue arbitrary API calls on your behalf. Users who can cause Certbot to
+ run using these credentials can complete a ``dns-01`` challenge to acquire
+ new certificates or revoke existing certificates for associated domains,
+ even if those domains aren't being managed by this server.
+
+Certbot will emit a warning if it detects that the credentials file can be
+accessed by other users on your system. The warning reads "Unsafe permissions
+on credentials configuration file", followed by the path to the credentials
+file. This warning will be emitted each time Certbot uses the credentials file,
+including for renewal, and cannot be silenced except by addressing the issue
+(e.g., by using a command like ``chmod 600`` to restrict access to the file).
+
+
+Examples
+--------
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``
+
+ certbot certonly \\
+ --dns-linode \\
+ --dns-linode-credentials ~/.secrets/certbot/linode.ini \\
+ -d example.com
+
+.. code-block:: bash
+ :caption: To acquire a single certificate for both ``example.com`` and
+ ``www.example.com``
+
+ certbot certonly \\
+ --dns-linode \\
+ --dns-linode-credentials ~/.secrets/certbot/linode.ini \\
+ -d example.com \\
+ -d www.example.com
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``, waiting 60 seconds
+ for DNS propagation
+
+ certbot certonly \\
+ --dns-linode \\
+ --dns-linode-credentials ~/.secrets/certbot/linode.ini \\
+ --dns-linode-propagation-seconds 60 \\
+ -d example.com
+
+"""
diff --git a/certbot-dns-linode/certbot_dns_linode/dns_linode.py b/certbot-dns-linode/certbot_dns_linode/dns_linode.py
new file mode 100644
index 000000000..323c0810a
--- /dev/null
+++ b/certbot-dns-linode/certbot_dns_linode/dns_linode.py
@@ -0,0 +1,72 @@
+"""DNS Authenticator for Linode."""
+import logging
+
+import zope.interface
+from lexicon.providers import linode
+
+from certbot import errors
+from certbot import interfaces
+from certbot.plugins import dns_common
+from certbot.plugins import dns_common_lexicon
+
+logger = logging.getLogger(__name__)
+
+API_KEY_URL = 'https://manager.linode.com/profile/api'
+
+@zope.interface.implementer(interfaces.IAuthenticator)
+@zope.interface.provider(interfaces.IPluginFactory)
+class Authenticator(dns_common.DNSAuthenticator):
+ """DNS Authenticator for Linode
+
+ This Authenticator uses the Linode API to fulfill a dns-01 challenge.
+ """
+
+ description = 'Obtain certs using a DNS TXT record (if you are using Linode for DNS).'
+
+ def __init__(self, *args, **kwargs):
+ super(Authenticator, self).__init__(*args, **kwargs)
+ self.credentials = None
+
+ @classmethod
+ def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
+ super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=960)
+ add('credentials', help='Linode credentials INI file.')
+
+ def more_info(self): # pylint: disable=missing-docstring,no-self-use
+ return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
+ 'the Linode API.'
+
+ def _setup_credentials(self):
+ self.credentials = self._configure_credentials(
+ 'credentials',
+ 'Linode credentials INI file',
+ {
+ 'key': 'API key for Linode account, obtained from {0}'.format(API_KEY_URL)
+ }
+ )
+
+ def _perform(self, domain, validation_name, validation):
+ self._get_linode_client().add_txt_record(domain, validation_name, validation)
+
+ def _cleanup(self, domain, validation_name, validation):
+ self._get_linode_client().del_txt_record(domain, validation_name, validation)
+
+ def _get_linode_client(self):
+ return _LinodeLexiconClient(self.credentials.conf('key'))
+
+class _LinodeLexiconClient(dns_common_lexicon.LexiconClient):
+ """
+ Encapsulates all communication with the Linode API.
+ """
+
+ def __init__(self, api_key):
+ super(_LinodeLexiconClient, self).__init__()
+ self.provider = linode.Provider({
+ 'auth_token': api_key
+ })
+
+ def _handle_general_error(self, e, domain_name):
+ if not str(e).startswith('Domain not found'):
+ return errors.PluginError('Unexpected error determining zone identifier for {0}: {1}'
+ .format(domain_name, e))
+
diff --git a/certbot-dns-linode/certbot_dns_linode/dns_linode_test.py b/certbot-dns-linode/certbot_dns_linode/dns_linode_test.py
new file mode 100644
index 000000000..2a0ee49f7
--- /dev/null
+++ b/certbot-dns-linode/certbot_dns_linode/dns_linode_test.py
@@ -0,0 +1,47 @@
+"""Tests for certbot_dns_linode.dns_linode."""
+
+import os
+import unittest
+
+import mock
+
+from certbot.plugins import dns_test_common
+from certbot.plugins import dns_test_common_lexicon
+from certbot.tests import util as test_util
+
+TOKEN = 'a-token'
+
+class AuthenticatorTest(test_util.TempDirTestCase,
+ dns_test_common_lexicon.BaseLexiconAuthenticatorTest):
+
+ def setUp(self):
+ super(AuthenticatorTest, self).setUp()
+
+ from certbot_dns_linode.dns_linode import Authenticator
+
+ path = os.path.join(self.tempdir, 'file.ini')
+ dns_test_common.write({"linode_key": TOKEN}, path)
+
+ self.config = mock.MagicMock(linode_credentials=path,
+ linode_propagation_seconds=0) # don't wait during tests
+
+ self.auth = Authenticator(self.config, "linode")
+
+ self.mock_client = mock.MagicMock()
+ # _get_linode_client | pylint: disable=protected-access
+ self.auth._get_linode_client = mock.MagicMock(return_value=self.mock_client)
+
+class LinodeLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):
+
+ DOMAIN_NOT_FOUND = Exception('Domain not found')
+
+ def setUp(self):
+ from certbot_dns_linode.dns_linode import _LinodeLexiconClient
+
+ self.client = _LinodeLexiconClient(TOKEN)
+
+ self.provider_mock = mock.MagicMock()
+ self.client.provider = self.provider_mock
+
+if __name__ == "__main__":
+ unittest.main() # pragma: no cover
diff --git a/certbot-dns-linode/docs/.gitignore b/certbot-dns-linode/docs/.gitignore
new file mode 100644
index 000000000..ba65b13af
--- /dev/null
+++ b/certbot-dns-linode/docs/.gitignore
@@ -0,0 +1 @@
+/_build/
diff --git a/certbot-dns-linode/docs/Makefile b/certbot-dns-linode/docs/Makefile
new file mode 100644
index 000000000..bcfbfd5b1
--- /dev/null
+++ b/certbot-dns-linode/docs/Makefile
@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+SPHINXPROJ = certbot-dns-linode
+SOURCEDIR = .
+BUILDDIR = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
diff --git a/certbot-dns-linode/docs/api.rst b/certbot-dns-linode/docs/api.rst
new file mode 100644
index 000000000..8668ec5d8
--- /dev/null
+++ b/certbot-dns-linode/docs/api.rst
@@ -0,0 +1,8 @@
+=================
+API Documentation
+=================
+
+.. toctree::
+ :glob:
+
+ api/**
diff --git a/certbot-dns-linode/docs/api/dns_linode.rst b/certbot-dns-linode/docs/api/dns_linode.rst
new file mode 100644
index 000000000..6380b3eba
--- /dev/null
+++ b/certbot-dns-linode/docs/api/dns_linode.rst
@@ -0,0 +1,5 @@
+:mod:`certbot_dns_linode.dns_linode`
+------------------------------------------------
+
+.. automodule:: certbot_dns_linode.dns_linode
+ :members:
diff --git a/certbot-dns-linode/docs/conf.py b/certbot-dns-linode/docs/conf.py
new file mode 100644
index 000000000..1fb721400
--- /dev/null
+++ b/certbot-dns-linode/docs/conf.py
@@ -0,0 +1,180 @@
+# -*- coding: utf-8 -*-
+#
+# certbot-dns-linode documentation build configuration file, created by
+# sphinx-quickstart on Wed May 10 10:52:06 2017.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = ['sphinx.ext.autodoc',
+ 'sphinx.ext.intersphinx',
+ 'sphinx.ext.todo',
+ 'sphinx.ext.coverage',
+ 'sphinx.ext.viewcode']
+
+autodoc_member_order = 'bysource'
+autodoc_default_flags = ['show-inheritance', 'private-members']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'certbot-dns-linode'
+copyright = u'2017, Certbot Project'
+author = u'Certbot Project'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = u'0'
+# The full version, including alpha/beta/rc tags.
+release = u'0'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'en'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This patterns also effect to html_static_path and html_extra_path
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+default_role = 'py:obj'
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+#
+
+# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
+# on_rtd is whether we are on readthedocs.org
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+if not on_rtd: # only import and set the theme if we're building docs locally
+ import sphinx_rtd_theme
+ html_theme = 'sphinx_rtd_theme'
+ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+# otherwise, readthedocs.org uses their theme by default, so no need to specify it
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+
+# -- Options for HTMLHelp output ------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'certbot-dns-linodedoc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+ # The paper size ('letterpaper' or 'a4paper').
+ #
+ # 'papersize': 'letterpaper',
+
+ # The font size ('10pt', '11pt' or '12pt').
+ #
+ # 'pointsize': '10pt',
+
+ # Additional stuff for the LaTeX preamble.
+ #
+ # 'preamble': '',
+
+ # Latex figure (float) alignment
+ #
+ # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+# author, documentclass [howto, manual, or own class]).
+latex_documents = [
+ (master_doc, 'certbot-dns-linode.tex', u'certbot-dns-linode Documentation',
+ u'Certbot Project', 'manual'),
+]
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ (master_doc, 'certbot-dns-linode', u'certbot-dns-linode Documentation',
+ [author], 1)
+]
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ (master_doc, 'certbot-dns-linode', u'certbot-dns-linode Documentation',
+ author, 'certbot-dns-linode', 'One line description of project.',
+ 'Miscellaneous'),
+]
+
+
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {
+ 'python': ('https://docs.python.org/', None),
+ 'acme': ('https://acme-python.readthedocs.org/en/latest/', None),
+ 'certbot': ('https://certbot.eff.org/docs/', None),
+}
diff --git a/certbot-dns-linode/docs/index.rst b/certbot-dns-linode/docs/index.rst
new file mode 100644
index 000000000..dd430554b
--- /dev/null
+++ b/certbot-dns-linode/docs/index.rst
@@ -0,0 +1,28 @@
+.. certbot-dns-linode documentation master file, created by
+ sphinx-quickstart on Wed May 10 10:52:06 2017.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Welcome to certbot-dns-linode's documentation!
+====================================================
+
+.. toctree::
+ :maxdepth: 2
+ :caption: Contents:
+
+.. toctree::
+ :maxdepth: 1
+
+ api
+
+.. automodule:: certbot_dns_linode
+ :members:
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
diff --git a/certbot-dns-linode/docs/make.bat b/certbot-dns-linode/docs/make.bat
new file mode 100644
index 000000000..1f2a6867f
--- /dev/null
+++ b/certbot-dns-linode/docs/make.bat
@@ -0,0 +1,36 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+set SPHINXPROJ=certbot-dns-linode
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd
diff --git a/certbot-dns-linode/local-oldest-requirements.txt b/certbot-dns-linode/local-oldest-requirements.txt
new file mode 100644
index 000000000..8368d266e
--- /dev/null
+++ b/certbot-dns-linode/local-oldest-requirements.txt
@@ -0,0 +1,2 @@
+acme[dev]==0.21.1
+certbot[dev]==0.21.1
diff --git a/certbot-dns-linode/readthedocs.org.requirements.txt b/certbot-dns-linode/readthedocs.org.requirements.txt
new file mode 100644
index 000000000..47449454f
--- /dev/null
+++ b/certbot-dns-linode/readthedocs.org.requirements.txt
@@ -0,0 +1,12 @@
+# readthedocs.org gives no way to change the install command to "pip
+# install -e .[docs]" (that would in turn install documentation
+# dependencies), but it allows to specify a requirements.txt file at
+# https://readthedocs.org/dashboard/letsencrypt/advanced/ (c.f. #259)
+
+# Although ReadTheDocs certainly doesn't need to install the project
+# in --editable mode (-e), just "pip install .[docs]" does not work as
+# expected and "pip install -e .[docs]" must be used instead
+
+-e acme
+-e .
+-e certbot-dns-linode[docs]
diff --git a/certbot-dns-linode/setup.cfg b/certbot-dns-linode/setup.cfg
new file mode 100644
index 000000000..2a9acf13d
--- /dev/null
+++ b/certbot-dns-linode/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal = 1
diff --git a/certbot-dns-linode/setup.py b/certbot-dns-linode/setup.py
new file mode 100644
index 000000000..327224c9c
--- /dev/null
+++ b/certbot-dns-linode/setup.py
@@ -0,0 +1,66 @@
+import sys
+
+from setuptools import setup
+from setuptools import find_packages
+
+version = '0.27.0.dev0'
+
+# Please update tox.ini when modifying dependency version requirements
+install_requires = [
+ 'acme>=0.21.1',
+ 'certbot>=0.21.1',
+ 'dns-lexicon>=2.2.1',
+ 'mock',
+ 'setuptools',
+ 'zope.interface',
+]
+
+docs_extras = [
+ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
+ 'sphinx_rtd_theme',
+]
+
+setup(
+ name='certbot-dns-linode',
+ version=version,
+ description="Linode DNS Authenticator plugin for Certbot",
+ url='https://github.com/certbot/certbot',
+ author="Certbot Project",
+ author_email='client-dev@letsencrypt.org',
+ license='Apache License 2.0',
+ python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
+ classifiers=[
+ 'Development Status :: 3 - Alpha',
+ 'Environment :: Plugins',
+ 'Intended Audience :: System Administrators',
+ 'License :: OSI Approved :: Apache Software License',
+ 'Operating System :: POSIX :: Linux',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 2',
+ 'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Topic :: Security',
+ 'Topic :: System :: Installation/Setup',
+ 'Topic :: System :: Networking',
+ 'Topic :: System :: Systems Administration',
+ 'Topic :: Utilities',
+ ],
+
+ packages=find_packages(),
+ include_package_data=True,
+ install_requires=install_requires,
+ extras_require={
+ 'docs': docs_extras,
+ },
+ entry_points={
+ 'certbot.plugins': [
+ 'dns-linode = certbot_dns_linode.dns_linode:Authenticator',
+ ],
+ },
+ test_suite='certbot_dns_linode',
+)
diff --git a/certbot-dns-luadns/setup.py b/certbot-dns-luadns/setup.py
index 44f67c0a7..1f92f7dce 100644
--- a/certbot-dns-luadns/setup.py
+++ b/certbot-dns-luadns/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-nsone/setup.py b/certbot-dns-nsone/setup.py
index 87a7da4cc..0b4241afb 100644
--- a/certbot-dns-nsone/setup.py
+++ b/certbot-dns-nsone/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-ovh/Dockerfile b/certbot-dns-ovh/Dockerfile
new file mode 100644
index 000000000..e8da96d95
--- /dev/null
+++ b/certbot-dns-ovh/Dockerfile
@@ -0,0 +1,5 @@
+FROM certbot/certbot
+
+COPY . src/certbot-dns-ovh
+
+RUN pip install --no-cache-dir --editable src/certbot-dns-ovh
diff --git a/certbot-dns-ovh/LICENSE.txt b/certbot-dns-ovh/LICENSE.txt
new file mode 100644
index 000000000..981c46c9f
--- /dev/null
+++ b/certbot-dns-ovh/LICENSE.txt
@@ -0,0 +1,190 @@
+ Copyright 2015 Electronic Frontier Foundation and others
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
diff --git a/certbot-dns-ovh/MANIFEST.in b/certbot-dns-ovh/MANIFEST.in
new file mode 100644
index 000000000..18f018c08
--- /dev/null
+++ b/certbot-dns-ovh/MANIFEST.in
@@ -0,0 +1,3 @@
+include LICENSE.txt
+include README.rst
+recursive-include docs *
diff --git a/certbot-dns-ovh/README.rst b/certbot-dns-ovh/README.rst
new file mode 100644
index 000000000..05ffe2a16
--- /dev/null
+++ b/certbot-dns-ovh/README.rst
@@ -0,0 +1 @@
+OVH DNS Authenticator plugin for Certbot
diff --git a/certbot-dns-ovh/certbot_dns_ovh/__init__.py b/certbot-dns-ovh/certbot_dns_ovh/__init__.py
new file mode 100644
index 000000000..47f8bda9f
--- /dev/null
+++ b/certbot-dns-ovh/certbot_dns_ovh/__init__.py
@@ -0,0 +1,98 @@
+"""
+The `~certbot_dns_ovh.dns_ovh` plugin automates the process of
+completing a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and
+subsequently removing, TXT records using the OVH API.
+
+
+Named Arguments
+---------------
+
+=================================== ==========================================
+``--dns-ovh-credentials`` OVH credentials_ INI file.
+ (Required)
+``--dns-ovh-propagation-seconds`` The number of seconds to wait for DNS
+ to propagate before asking the ACME
+ server to verify the DNS record.
+ (Default: 30)
+=================================== ==========================================
+
+
+Credentials
+-----------
+
+Use of this plugin requires a configuration file containing OVH API
+credentials for an account with the following access rules:
+
+* ``GET /domain/zone/*``
+* ``PUT /domain/zone/*``
+* ``POST /domain/zone/*``
+* ``DELETE /domain/zone/*``
+
+These credentials can be obtained there:
+
+* `OVH Europe `_ (endpoint: ``ovh-eu``)
+* `OVH North America `_ (endpoint:
+ ``ovh-ca``)
+
+.. code-block:: ini
+ :name: credentials.ini
+ :caption: Example credentials file:
+
+ # OVH API credentials used by Certbot
+ dns_ovh_endpoint = ovh-eu
+ dns_ovh_application_key = MDAwMDAwMDAwMDAw
+ dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+
+The path to this file can be provided interactively or using the
+``--dns-ovh-credentials`` command-line argument. Certbot records the path
+to this file for use during renewal, but does not store the file's contents.
+
+.. caution::
+ You should protect these API credentials as you would the password to your
+ OVH account. Users who can read this file can use these credentials
+ to issue arbitrary API calls on your behalf. Users who can cause Certbot to
+ run using these credentials can complete a ``dns-01`` challenge to acquire
+ new certificates or revoke existing certificates for associated domains,
+ even if those domains aren't being managed by this server.
+
+Certbot will emit a warning if it detects that the credentials file can be
+accessed by other users on your system. The warning reads "Unsafe permissions
+on credentials configuration file", followed by the path to the credentials
+file. This warning will be emitted each time Certbot uses the credentials file,
+including for renewal, and cannot be silenced except by addressing the issue
+(e.g., by using a command like ``chmod 600`` to restrict access to the file).
+
+
+Examples
+--------
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``
+
+ certbot certonly \\
+ --dns-ovh \\
+ --dns-ovh-credentials ~/.secrets/certbot/ohv.ini \\
+ -d example.com
+
+.. code-block:: bash
+ :caption: To acquire a single certificate for both ``example.com`` and
+ ``www.example.com``
+
+ certbot certonly \\
+ --dns-ovh \\
+ --dns-ovh-credentials ~/.secrets/certbot/ovh.ini \\
+ -d example.com \\
+ -d www.example.com
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``, waiting 60 seconds
+ for DNS propagation
+
+ certbot certonly \\
+ --dns-ovh \\
+ --dns-ovh-credentials ~/.secrets/certbot/ovh.ini \\
+ --dns-ovh-propagation-seconds 60 \\
+ -d example.com
+
+"""
diff --git a/certbot-dns-ovh/certbot_dns_ovh/dns_ovh.py b/certbot-dns-ovh/certbot_dns_ovh/dns_ovh.py
new file mode 100644
index 000000000..c4ded7748
--- /dev/null
+++ b/certbot-dns-ovh/certbot_dns_ovh/dns_ovh.py
@@ -0,0 +1,102 @@
+"""DNS Authenticator for OVH DNS."""
+import logging
+
+import zope.interface
+from lexicon.providers import ovh
+
+from certbot import errors
+from certbot import interfaces
+from certbot.plugins import dns_common
+from certbot.plugins import dns_common_lexicon
+
+logger = logging.getLogger(__name__)
+
+TOKEN_URL = 'https://eu.api.ovh.com/createToken/ or https://ca.api.ovh.com/createToken/'
+
+
+@zope.interface.implementer(interfaces.IAuthenticator)
+@zope.interface.provider(interfaces.IPluginFactory)
+class Authenticator(dns_common.DNSAuthenticator):
+ """DNS Authenticator for OVH
+
+ This Authenticator uses the OVH API to fulfill a dns-01 challenge.
+ """
+
+ description = 'Obtain certificates using a DNS TXT record (if you are using OVH for DNS).'
+ ttl = 60
+
+ def __init__(self, *args, **kwargs):
+ super(Authenticator, self).__init__(*args, **kwargs)
+ self.credentials = None
+
+ @classmethod
+ def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
+ super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=30)
+ add('credentials', help='OVH credentials INI file.')
+
+ def more_info(self): # pylint: disable=missing-docstring,no-self-use
+ return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
+ 'the OVH API.'
+
+ def _setup_credentials(self):
+ self.credentials = self._configure_credentials(
+ 'credentials',
+ 'OVH credentials INI file',
+ {
+ 'endpoint': 'OVH API endpoint (ovh-eu or ovh-ca)',
+ 'application-key': 'Application key for OVH API, obtained from {0}'
+ .format(TOKEN_URL),
+ 'application-secret': 'Application secret for OVH API, obtained from {0}'
+ .format(TOKEN_URL),
+ 'consumer-key': 'Consumer key for OVH API, obtained from {0}'
+ .format(TOKEN_URL),
+ }
+ )
+
+ def _perform(self, domain, validation_name, validation):
+ self._get_ovh_client().add_txt_record(domain, validation_name, validation)
+
+ def _cleanup(self, domain, validation_name, validation):
+ self._get_ovh_client().del_txt_record(domain, validation_name, validation)
+
+ def _get_ovh_client(self):
+ return _OVHLexiconClient(
+ self.credentials.conf('endpoint'),
+ self.credentials.conf('application-key'),
+ self.credentials.conf('application-secret'),
+ self.credentials.conf('consumer-key'),
+ self.ttl
+ )
+
+
+class _OVHLexiconClient(dns_common_lexicon.LexiconClient):
+ """
+ Encapsulates all communication with the OVH API via Lexicon.
+ """
+
+ def __init__(self, endpoint, application_key, application_secret, consumer_key, ttl):
+ super(_OVHLexiconClient, self).__init__()
+
+ self.provider = ovh.Provider({
+ 'auth_entrypoint': endpoint,
+ 'auth_application_key': application_key,
+ 'auth_application_secret': application_secret,
+ 'auth_consumer_key': consumer_key,
+ 'ttl': ttl,
+ })
+
+ def _handle_http_error(self, e, domain_name):
+ hint = None
+ if str(e).startswith('400 Client Error:'):
+ hint = 'Is your Application Secret value correct?'
+ if str(e).startswith('403 Client Error:'):
+ hint = 'Are your Application Key and Consumer Key values correct?'
+
+ return errors.PluginError('Error determining zone identifier for {0}: {1}.{2}'
+ .format(domain_name, e, ' ({0})'.format(hint) if hint else ''))
+
+ def _handle_general_error(self, e, domain_name):
+ if domain_name in str(e) and str(e).endswith('not found'):
+ return
+
+ super(_OVHLexiconClient, self)._handle_general_error(e, domain_name)
diff --git a/certbot-dns-ovh/certbot_dns_ovh/dns_ovh_test.py b/certbot-dns-ovh/certbot_dns_ovh/dns_ovh_test.py
new file mode 100644
index 000000000..f2a10485d
--- /dev/null
+++ b/certbot-dns-ovh/certbot_dns_ovh/dns_ovh_test.py
@@ -0,0 +1,62 @@
+"""Tests for certbot_dns_ovh.dns_ovh."""
+
+import os
+import unittest
+
+import mock
+from requests.exceptions import HTTPError
+
+from certbot.plugins import dns_test_common
+from certbot.plugins import dns_test_common_lexicon
+from certbot.tests import util as test_util
+
+ENDPOINT = 'ovh-eu'
+APPLICATION_KEY = 'foo'
+APPLICATION_SECRET = 'bar'
+CONSUMER_KEY = 'spam'
+
+
+class AuthenticatorTest(test_util.TempDirTestCase,
+ dns_test_common_lexicon.BaseLexiconAuthenticatorTest):
+
+ def setUp(self):
+ super(AuthenticatorTest, self).setUp()
+
+ from certbot_dns_ovh.dns_ovh import Authenticator
+
+ path = os.path.join(self.tempdir, 'file.ini')
+ credentials = {
+ "ovh_endpoint": ENDPOINT,
+ "ovh_application_key": APPLICATION_KEY,
+ "ovh_application_secret": APPLICATION_SECRET,
+ "ovh_consumer_key": CONSUMER_KEY,
+ }
+ dns_test_common.write(credentials, path)
+
+ self.config = mock.MagicMock(ovh_credentials=path,
+ ovh_propagation_seconds=0) # don't wait during tests
+
+ self.auth = Authenticator(self.config, "ovh")
+
+ self.mock_client = mock.MagicMock()
+ # _get_ovh_client | pylint: disable=protected-access
+ self.auth._get_ovh_client = mock.MagicMock(return_value=self.mock_client)
+
+
+class OVHLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):
+ DOMAIN_NOT_FOUND = Exception('Domain example.com not found')
+ LOGIN_ERROR = HTTPError('403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/...')
+
+ def setUp(self):
+ from certbot_dns_ovh.dns_ovh import _OVHLexiconClient
+
+ self.client = _OVHLexiconClient(
+ ENDPOINT, APPLICATION_KEY, APPLICATION_SECRET, CONSUMER_KEY, 0
+ )
+
+ self.provider_mock = mock.MagicMock()
+ self.client.provider = self.provider_mock
+
+
+if __name__ == "__main__":
+ unittest.main() # pragma: no cover
diff --git a/certbot-dns-ovh/docs/.gitignore b/certbot-dns-ovh/docs/.gitignore
new file mode 100644
index 000000000..ba65b13af
--- /dev/null
+++ b/certbot-dns-ovh/docs/.gitignore
@@ -0,0 +1 @@
+/_build/
diff --git a/certbot-dns-ovh/docs/Makefile b/certbot-dns-ovh/docs/Makefile
new file mode 100644
index 000000000..38f6a9159
--- /dev/null
+++ b/certbot-dns-ovh/docs/Makefile
@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+SPHINXPROJ = certbot-dns-ovh
+SOURCEDIR = .
+BUILDDIR = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file
diff --git a/certbot-dns-ovh/docs/api.rst b/certbot-dns-ovh/docs/api.rst
new file mode 100644
index 000000000..8668ec5d8
--- /dev/null
+++ b/certbot-dns-ovh/docs/api.rst
@@ -0,0 +1,8 @@
+=================
+API Documentation
+=================
+
+.. toctree::
+ :glob:
+
+ api/**
diff --git a/certbot-dns-ovh/docs/api/dns_ovh.rst b/certbot-dns-ovh/docs/api/dns_ovh.rst
new file mode 100644
index 000000000..79863d05f
--- /dev/null
+++ b/certbot-dns-ovh/docs/api/dns_ovh.rst
@@ -0,0 +1,5 @@
+:mod:`certbot_dns_ovh.dns_ovh`
+------------------------------
+
+.. automodule:: certbot_dns_ovh.dns_ovh
+ :members:
diff --git a/certbot-dns-ovh/docs/conf.py b/certbot-dns-ovh/docs/conf.py
new file mode 100644
index 000000000..57194666e
--- /dev/null
+++ b/certbot-dns-ovh/docs/conf.py
@@ -0,0 +1,180 @@
+# -*- coding: utf-8 -*-
+#
+# certbot-dns-ovh documentation build configuration file, created by
+# sphinx-quickstart on Fri Jan 12 10:14:31 2018.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = ['sphinx.ext.autodoc',
+ 'sphinx.ext.intersphinx',
+ 'sphinx.ext.todo',
+ 'sphinx.ext.coverage',
+ 'sphinx.ext.viewcode']
+
+autodoc_member_order = 'bysource'
+autodoc_default_flags = ['show-inheritance', 'private-members']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'certbot-dns-ovh'
+copyright = u'2018, Certbot Project'
+author = u'Certbot Project'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = u'0'
+# The full version, including alpha/beta/rc tags.
+release = u'0'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'en'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This patterns also effect to html_static_path and html_extra_path
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+default_role = 'py:obj'
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+#
+
+# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
+# on_rtd is whether we are on readthedocs.org
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+if not on_rtd: # only import and set the theme if we're building docs locally
+ import sphinx_rtd_theme
+ html_theme = 'sphinx_rtd_theme'
+ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+# otherwise, readthedocs.org uses their theme by default, so no need to specify it
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+
+# -- Options for HTMLHelp output ------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'certbot-dns-ovhdoc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+ # The paper size ('letterpaper' or 'a4paper').
+ #
+ # 'papersize': 'letterpaper',
+
+ # The font size ('10pt', '11pt' or '12pt').
+ #
+ # 'pointsize': '10pt',
+
+ # Additional stuff for the LaTeX preamble.
+ #
+ # 'preamble': '',
+
+ # Latex figure (float) alignment
+ #
+ # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+# author, documentclass [howto, manual, or own class]).
+latex_documents = [
+ (master_doc, 'certbot-dns-ovh.tex', u'certbot-dns-ovh Documentation',
+ u'Certbot Project', 'manual'),
+]
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ (master_doc, 'certbot-dns-ovh', u'certbot-dns-ovh Documentation',
+ [author], 1)
+]
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ (master_doc, 'certbot-dns-ovh', u'certbot-dns-ovh Documentation',
+ author, 'certbot-dns-ovh', 'One line description of project.',
+ 'Miscellaneous'),
+]
+
+
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {
+ 'python': ('https://docs.python.org/', None),
+ 'acme': ('https://acme-python.readthedocs.org/en/latest/', None),
+ 'certbot': ('https://certbot.eff.org/docs/', None),
+}
diff --git a/certbot-dns-ovh/docs/index.rst b/certbot-dns-ovh/docs/index.rst
new file mode 100644
index 000000000..ad5860289
--- /dev/null
+++ b/certbot-dns-ovh/docs/index.rst
@@ -0,0 +1,28 @@
+.. certbot-dns-ovh documentation master file, created by
+ sphinx-quickstart on Fri Jan 12 10:14:31 2018.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Welcome to certbot-dns-ovh's documentation!
+===========================================
+
+.. toctree::
+ :maxdepth: 2
+ :caption: Contents:
+
+.. automodule:: certbot_dns_ovh
+ :members:
+
+.. toctree::
+ :maxdepth: 1
+
+ api
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
diff --git a/certbot-dns-ovh/docs/make.bat b/certbot-dns-ovh/docs/make.bat
new file mode 100644
index 000000000..78f7dd669
--- /dev/null
+++ b/certbot-dns-ovh/docs/make.bat
@@ -0,0 +1,36 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+set SPHINXPROJ=certbot-dns-ovh
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd
diff --git a/certbot-dns-ovh/local-oldest-requirements.txt b/certbot-dns-ovh/local-oldest-requirements.txt
new file mode 100644
index 000000000..8368d266e
--- /dev/null
+++ b/certbot-dns-ovh/local-oldest-requirements.txt
@@ -0,0 +1,2 @@
+acme[dev]==0.21.1
+certbot[dev]==0.21.1
diff --git a/certbot-dns-ovh/readthedocs.org.requirements.txt b/certbot-dns-ovh/readthedocs.org.requirements.txt
new file mode 100644
index 000000000..0780e12a1
--- /dev/null
+++ b/certbot-dns-ovh/readthedocs.org.requirements.txt
@@ -0,0 +1,12 @@
+# readthedocs.org gives no way to change the install command to "pip
+# install -e .[docs]" (that would in turn install documentation
+# dependencies), but it allows to specify a requirements.txt file at
+# https://readthedocs.org/dashboard/letsencrypt/advanced/ (c.f. #259)
+
+# Although ReadTheDocs certainly doesn't need to install the project
+# in --editable mode (-e), just "pip install .[docs]" does not work as
+# expected and "pip install -e .[docs]" must be used instead
+
+-e acme
+-e .
+-e certbot-dns-ovh[docs]
diff --git a/certbot-dns-ovh/setup.cfg b/certbot-dns-ovh/setup.cfg
new file mode 100644
index 000000000..2a9acf13d
--- /dev/null
+++ b/certbot-dns-ovh/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal = 1
diff --git a/certbot-dns-ovh/setup.py b/certbot-dns-ovh/setup.py
new file mode 100644
index 000000000..e0ce785a1
--- /dev/null
+++ b/certbot-dns-ovh/setup.py
@@ -0,0 +1,67 @@
+import sys
+
+from setuptools import setup
+from setuptools import find_packages
+
+
+version = '0.27.0.dev0'
+
+# Remember to update local-oldest-requirements.txt when changing the minimum
+# acme/certbot version.
+install_requires = [
+ 'acme>=0.21.1',
+ 'certbot>=0.21.1',
+ 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name
+ 'mock',
+ 'setuptools',
+ 'zope.interface',
+]
+
+docs_extras = [
+ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
+ 'sphinx_rtd_theme',
+]
+
+setup(
+ name='certbot-dns-ovh',
+ version=version,
+ description="OVH DNS Authenticator plugin for Certbot",
+ url='https://github.com/certbot/certbot',
+ author="Certbot Project",
+ author_email='client-dev@letsencrypt.org',
+ license='Apache License 2.0',
+ python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
+ classifiers=[
+ 'Development Status :: 3 - Alpha',
+ 'Environment :: Plugins',
+ 'Intended Audience :: System Administrators',
+ 'License :: OSI Approved :: Apache Software License',
+ 'Operating System :: POSIX :: Linux',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 2',
+ 'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Topic :: Security',
+ 'Topic :: System :: Installation/Setup',
+ 'Topic :: System :: Networking',
+ 'Topic :: System :: Systems Administration',
+ 'Topic :: Utilities',
+ ],
+
+ packages=find_packages(),
+ include_package_data=True,
+ install_requires=install_requires,
+ extras_require={
+ 'docs': docs_extras,
+ },
+ entry_points={
+ 'certbot.plugins': [
+ 'dns-ovh = certbot_dns_ovh.dns_ovh:Authenticator',
+ ],
+ },
+ test_suite='certbot_dns_ovh',
+)
diff --git a/certbot-dns-rfc2136/setup.py b/certbot-dns-rfc2136/setup.py
index c1fffc4a2..bd54ec4c5 100644
--- a/certbot-dns-rfc2136/setup.py
+++ b/certbot-dns-rfc2136/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -42,6 +42,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-route53/setup.py b/certbot-dns-route53/setup.py
index c8806e862..5f0b26f6e 100644
--- a/certbot-dns-route53/setup.py
+++ b/certbot-dns-route53/setup.py
@@ -1,7 +1,7 @@
from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -36,6 +36,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-dns-sakuracloud/Dockerfile b/certbot-dns-sakuracloud/Dockerfile
new file mode 100644
index 000000000..694773f61
--- /dev/null
+++ b/certbot-dns-sakuracloud/Dockerfile
@@ -0,0 +1,5 @@
+FROM certbot/certbot
+
+COPY . src/certbot-dns-sakuracloud
+
+RUN pip install --no-cache-dir --editable src/certbot-dns-sakuracloud
diff --git a/certbot-dns-sakuracloud/LICENSE.txt b/certbot-dns-sakuracloud/LICENSE.txt
new file mode 100644
index 000000000..8316b6a0e
--- /dev/null
+++ b/certbot-dns-sakuracloud/LICENSE.txt
@@ -0,0 +1,190 @@
+ Copyright 2018 Electronic Frontier Foundation and others
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
diff --git a/certbot-dns-sakuracloud/MANIFEST.in b/certbot-dns-sakuracloud/MANIFEST.in
new file mode 100644
index 000000000..18f018c08
--- /dev/null
+++ b/certbot-dns-sakuracloud/MANIFEST.in
@@ -0,0 +1,3 @@
+include LICENSE.txt
+include README.rst
+recursive-include docs *
diff --git a/certbot-dns-sakuracloud/README.rst b/certbot-dns-sakuracloud/README.rst
new file mode 100644
index 000000000..46a082b9c
--- /dev/null
+++ b/certbot-dns-sakuracloud/README.rst
@@ -0,0 +1 @@
+Sakura Cloud DNS Authenticator plugin for Certbot
diff --git a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/__init__.py b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/__init__.py
new file mode 100644
index 000000000..f18780c18
--- /dev/null
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/__init__.py
@@ -0,0 +1,86 @@
+"""
+The `~certbot_dns_sakuracloud.dns_sakuracloud` plugin automates the process of completing
+a ``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and subsequently
+removing, TXT records using the Sakura Cloud DNS API.
+
+
+Named Arguments
+---------------
+
+========================================== ======================================
+``--dns-sakuracloud-credentials`` Sakura Cloud credentials_ INI file.
+ (Required)
+``--dns-sakuracloud-propagation-seconds`` The number of seconds to wait for DNS
+ to propagate before asking the ACME
+ server to verify the DNS record.
+ (Default: 90)
+========================================== ======================================
+
+
+Credentials
+-----------
+
+Use of this plugin requires a configuration file containing
+Sakura Cloud DNS API credentials, obtained from your Sakura Cloud DNS
+`apikey page `_.
+
+.. code-block:: ini
+ :name: credentials.ini
+ :caption: Example credentials file:
+
+ # Sakura Cloud API credentials used by Certbot
+ dns_sakuracloud_api_token = 00000000-0000-0000-0000-000000000000
+ dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+
+The path to this file can be provided interactively or using the
+``--dns-sakuracloud-credentials`` command-line argument. Certbot records the path
+to this file for use during renewal, but does not store the file's contents.
+
+.. caution::
+ You should protect these API credentials as you would the password to your
+ Sakura Cloud account. Users who can read this file can use these credentials
+ to issue arbitrary API calls on your behalf. Users who can cause Certbot to
+ run using these credentials can complete a ``dns-01`` challenge to acquire new
+ certificates or revoke existing certificates for associated domains, even if
+ those domains aren't being managed by this server.
+
+Certbot will emit a warning if it detects that the credentials file can be
+accessed by other users on your system. The warning reads "Unsafe permissions
+on credentials configuration file", followed by the path to the credentials
+file. This warning will be emitted each time Certbot uses the credentials file,
+including for renewal, and cannot be silenced except by addressing the issue
+(e.g., by using a command like ``chmod 600`` to restrict access to the file).
+
+
+Examples
+--------
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``
+
+ certbot certonly \\
+ --dns-sakuracloud \\
+ --dns-sakuracloud-credentials ~/.secrets/certbot/sakuracloud.ini \\
+ -d example.com
+
+.. code-block:: bash
+ :caption: To acquire a single certificate for both ``example.com`` and
+ ``www.example.com``
+
+ certbot certonly \\
+ --dns-sakuracloud \\
+ --dns-sakuracloud-credentials ~/.secrets/certbot/sakuracloud.ini \\
+ -d example.com \\
+ -d www.example.com
+
+.. code-block:: bash
+ :caption: To acquire a certificate for ``example.com``, waiting 60 seconds
+ for DNS propagation
+
+ certbot certonly \\
+ --dns-sakuracloud \\
+ --dns-sakuracloud-credentials ~/.secrets/certbot/sakuracloud.ini \\
+ --dns-sakuracloud-propagation-seconds 60 \\
+ -d example.com
+
+"""
diff --git a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud.py b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud.py
new file mode 100644
index 000000000..6f1c74b68
--- /dev/null
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud.py
@@ -0,0 +1,87 @@
+"""DNS Authenticator for Sakura Cloud DNS."""
+import logging
+
+import zope.interface
+from lexicon.providers import sakuracloud
+
+from certbot import interfaces
+from certbot.plugins import dns_common
+from certbot.plugins import dns_common_lexicon
+
+logger = logging.getLogger(__name__)
+
+APIKEY_URL = "https://secure.sakura.ad.jp/cloud/#!/apikey/top/"
+
+
+@zope.interface.implementer(interfaces.IAuthenticator)
+@zope.interface.provider(interfaces.IPluginFactory)
+class Authenticator(dns_common.DNSAuthenticator):
+ """DNS Authenticator for Sakura Cloud DNS
+
+ This Authenticator uses the Sakura Cloud API to fulfill a dns-01 challenge.
+ """
+
+ description = 'Obtain certificates using a DNS TXT record ' + \
+ '(if you are using Sakura Cloud for DNS).'
+ ttl = 60
+
+ def __init__(self, *args, **kwargs):
+ super(Authenticator, self).__init__(*args, **kwargs)
+ self.credentials = None
+
+ @classmethod
+ def add_parser_arguments(cls, add): # pylint: disable=arguments-differ
+ super(Authenticator, cls).add_parser_arguments(
+ add, default_propagation_seconds=90)
+ add('credentials', help='Sakura Cloud credentials file.')
+
+ def more_info(self): # pylint: disable=missing-docstring,no-self-use
+ return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \
+ 'the Sakura Cloud API.'
+
+ def _setup_credentials(self):
+ self.credentials = self._configure_credentials(
+ 'credentials',
+ 'Sakura Cloud credentials file',
+ {
+ 'api-token': \
+ 'API token for Sakura Cloud API obtained from {0}'.format(APIKEY_URL),
+ 'api-secret': \
+ 'API secret for Sakura Cloud API obtained from {0}'.format(APIKEY_URL),
+ }
+ )
+
+ def _perform(self, domain, validation_name, validation):
+ self._get_sakuracloud_client().add_txt_record(
+ domain, validation_name, validation)
+
+ def _cleanup(self, domain, validation_name, validation):
+ self._get_sakuracloud_client().del_txt_record(
+ domain, validation_name, validation)
+
+ def _get_sakuracloud_client(self):
+ return _SakuraCloudLexiconClient(
+ self.credentials.conf('api-token'),
+ self.credentials.conf('api-secret'),
+ self.ttl
+ )
+
+
+class _SakuraCloudLexiconClient(dns_common_lexicon.LexiconClient):
+ """
+ Encapsulates all communication with the Sakura Cloud via Lexicon.
+ """
+
+ def __init__(self, api_token, api_secret, ttl):
+ super(_SakuraCloudLexiconClient, self).__init__()
+
+ self.provider = sakuracloud.Provider({
+ 'auth_token': api_token,
+ 'auth_secret': api_secret,
+ 'ttl': ttl,
+ })
+
+ def _handle_http_error(self, e, domain_name):
+ if domain_name in str(e) and (str(e).startswith('404 Client Error: Not Found for url:')):
+ return # Expected errors when zone name guess is wrong
+ return super(_SakuraCloudLexiconClient, self)._handle_http_error(e, domain_name)
diff --git a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud_test.py b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud_test.py
new file mode 100644
index 000000000..84605d06f
--- /dev/null
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud_test.py
@@ -0,0 +1,55 @@
+"""Tests for certbot_dns_sakuracloud.dns_sakuracloud."""
+
+import os
+import unittest
+
+import mock
+from requests.exceptions import HTTPError
+
+from certbot.plugins import dns_test_common
+from certbot.plugins import dns_test_common_lexicon
+from certbot.plugins.dns_test_common import DOMAIN
+from certbot.tests import util as test_util
+
+API_TOKEN = '00000000-0000-0000-0000-000000000000'
+API_SECRET = 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw'
+
+class AuthenticatorTest(test_util.TempDirTestCase,
+ dns_test_common_lexicon.BaseLexiconAuthenticatorTest):
+
+ def setUp(self):
+ super(AuthenticatorTest, self).setUp()
+
+ from certbot_dns_sakuracloud.dns_sakuracloud import Authenticator
+
+ path = os.path.join(self.tempdir, 'file.ini')
+ dns_test_common.write(
+ {"sakuracloud_api_token": API_TOKEN, "sakuracloud_api_secret": API_SECRET},
+ path
+ )
+
+ self.config = mock.MagicMock(sakuracloud_credentials=path,
+ sakuracloud_propagation_seconds=0) # don't wait during tests
+
+ self.auth = Authenticator(self.config, "sakuracloud")
+
+ self.mock_client = mock.MagicMock()
+ # _get_sakuracloud_client | pylint: disable=protected-access
+ self.auth._get_sakuracloud_client = mock.MagicMock(return_value=self.mock_client)
+
+
+class NS1LexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):
+ DOMAIN_NOT_FOUND = HTTPError('404 Client Error: Not Found for url: {0}.'.format(DOMAIN))
+ LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: {0}.'.format(DOMAIN))
+
+ def setUp(self):
+ from certbot_dns_sakuracloud.dns_sakuracloud import _SakuraCloudLexiconClient
+
+ self.client = _SakuraCloudLexiconClient(API_TOKEN, API_SECRET, 0)
+
+ self.provider_mock = mock.MagicMock()
+ self.client.provider = self.provider_mock
+
+
+if __name__ == "__main__":
+ unittest.main() # pragma: no cover
diff --git a/certbot-dns-sakuracloud/docs/.gitignore b/certbot-dns-sakuracloud/docs/.gitignore
new file mode 100644
index 000000000..ba65b13af
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/.gitignore
@@ -0,0 +1 @@
+/_build/
diff --git a/certbot-dns-sakuracloud/docs/Makefile b/certbot-dns-sakuracloud/docs/Makefile
new file mode 100644
index 000000000..c2969dd98
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/Makefile
@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+SPHINXPROJ = certbot-dns-sakuracloud
+SOURCEDIR = .
+BUILDDIR = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file
diff --git a/certbot-dns-sakuracloud/docs/api.rst b/certbot-dns-sakuracloud/docs/api.rst
new file mode 100644
index 000000000..8668ec5d8
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/api.rst
@@ -0,0 +1,8 @@
+=================
+API Documentation
+=================
+
+.. toctree::
+ :glob:
+
+ api/**
diff --git a/certbot-dns-sakuracloud/docs/api/dns_sakuracloud.rst b/certbot-dns-sakuracloud/docs/api/dns_sakuracloud.rst
new file mode 100644
index 000000000..74692e15b
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/api/dns_sakuracloud.rst
@@ -0,0 +1,5 @@
+:mod:`certbot_dns_sakuracloud.dns_sakuracloud`
+----------------------------------------------
+
+.. automodule:: certbot_dns_sakuracloud.dns_sakuracloud
+ :members:
diff --git a/certbot-dns-sakuracloud/docs/conf.py b/certbot-dns-sakuracloud/docs/conf.py
new file mode 100644
index 000000000..e14fe1d4c
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/conf.py
@@ -0,0 +1,180 @@
+# -*- coding: utf-8 -*-
+#
+# certbot-dns-sakuracloud documentation build configuration file, created by
+# sphinx-quickstart on Wed May 10 18:30:40 2017.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = ['sphinx.ext.autodoc',
+ 'sphinx.ext.intersphinx',
+ 'sphinx.ext.todo',
+ 'sphinx.ext.coverage',
+ 'sphinx.ext.viewcode']
+
+autodoc_member_order = 'bysource'
+autodoc_default_flags = ['show-inheritance', 'private-members']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'certbot-dns-sakuracloud'
+copyright = u'2018, Certbot Project'
+author = u'Certbot Project'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = u'0'
+# The full version, including alpha/beta/rc tags.
+release = u'0'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'en'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This patterns also effect to html_static_path and html_extra_path
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+default_role = 'py:obj'
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+#
+
+# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
+# on_rtd is whether we are on readthedocs.org
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+if not on_rtd: # only import and set the theme if we're building docs locally
+ import sphinx_rtd_theme
+ html_theme = 'sphinx_rtd_theme'
+ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+# otherwise, readthedocs.org uses their theme by default, so no need to specify it
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+
+# -- Options for HTMLHelp output ------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'certbot-dns-sakuraclouddoc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+ # The paper size ('letterpaper' or 'a4paper').
+ #
+ # 'papersize': 'letterpaper',
+
+ # The font size ('10pt', '11pt' or '12pt').
+ #
+ # 'pointsize': '10pt',
+
+ # Additional stuff for the LaTeX preamble.
+ #
+ # 'preamble': '',
+
+ # Latex figure (float) alignment
+ #
+ # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+# author, documentclass [howto, manual, or own class]).
+latex_documents = [
+ (master_doc, 'certbot-dns-sakuracloud.tex', u'certbot-dns-sakuracloud Documentation',
+ u'Certbot Project', 'manual'),
+]
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ (master_doc, 'certbot-dns-sakuracloud', u'certbot-dns-sakuracloud Documentation',
+ [author], 1)
+]
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ (master_doc, 'certbot-dns-sakuracloud', u'certbot-dns-sakuracloud Documentation',
+ author, 'certbot-dns-sakuracloud', 'One line description of project.',
+ 'Miscellaneous'),
+]
+
+
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {
+ 'python': ('https://docs.python.org/', None),
+ 'acme': ('https://acme-python.readthedocs.org/en/latest/', None),
+ 'certbot': ('https://certbot.eff.org/docs/', None),
+}
diff --git a/certbot-dns-sakuracloud/docs/index.rst b/certbot-dns-sakuracloud/docs/index.rst
new file mode 100644
index 000000000..715028591
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/index.rst
@@ -0,0 +1,28 @@
+.. certbot-dns-sakuracloud documentation master file, created by
+ sphinx-quickstart on Wed May 10 18:30:40 2017.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Welcome to certbot-dns-sakuracloud's documentation!
+===================================================
+
+.. toctree::
+ :maxdepth: 2
+ :caption: Contents:
+
+.. toctree::
+ :maxdepth: 1
+
+ api
+
+.. automodule:: certbot_dns_sakuracloud
+ :members:
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
diff --git a/certbot-dns-sakuracloud/docs/make.bat b/certbot-dns-sakuracloud/docs/make.bat
new file mode 100644
index 000000000..0d7706bc7
--- /dev/null
+++ b/certbot-dns-sakuracloud/docs/make.bat
@@ -0,0 +1,36 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+set SPHINXPROJ=certbot-dns-sakuracloud
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd
diff --git a/certbot-dns-sakuracloud/readthedocs.org.requirements.txt b/certbot-dns-sakuracloud/readthedocs.org.requirements.txt
new file mode 100644
index 000000000..3f46d95ef
--- /dev/null
+++ b/certbot-dns-sakuracloud/readthedocs.org.requirements.txt
@@ -0,0 +1,12 @@
+# readthedocs.org gives no way to change the install command to "pip
+# install -e .[docs]" (that would in turn install documentation
+# dependencies), but it allows to specify a requirements.txt file at
+# https://readthedocs.org/dashboard/letsencrypt/advanced/ (c.f. #259)
+
+# Although ReadTheDocs certainly doesn't need to install the project
+# in --editable mode (-e), just "pip install .[docs]" does not work as
+# expected and "pip install -e .[docs]" must be used instead
+
+-e acme
+-e .
+-e certbot-dns-sakuracloud[docs]
diff --git a/certbot-dns-sakuracloud/setup.cfg b/certbot-dns-sakuracloud/setup.cfg
new file mode 100644
index 000000000..2a9acf13d
--- /dev/null
+++ b/certbot-dns-sakuracloud/setup.cfg
@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal = 1
diff --git a/certbot-dns-sakuracloud/setup.py b/certbot-dns-sakuracloud/setup.py
new file mode 100644
index 000000000..b7cfc15b5
--- /dev/null
+++ b/certbot-dns-sakuracloud/setup.py
@@ -0,0 +1,66 @@
+import sys
+
+from setuptools import setup
+from setuptools import find_packages
+
+
+version = '0.27.0.dev0'
+
+# Please update tox.ini when modifying dependency version requirements
+install_requires = [
+ 'acme>=0.21.1',
+ 'certbot>=0.21.1',
+ 'dns-lexicon>=2.1.23',
+ 'mock',
+ 'setuptools',
+ 'zope.interface',
+]
+
+docs_extras = [
+ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
+ 'sphinx_rtd_theme',
+]
+
+setup(
+ name='certbot-dns-sakuracloud',
+ version=version,
+ description="Sakura Cloud DNS Authenticator plugin for Certbot",
+ url='https://github.com/certbot/certbot',
+ author="Certbot Project",
+ author_email='client-dev@letsencrypt.org',
+ license='Apache License 2.0',
+ python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
+ classifiers=[
+ 'Development Status :: 3 - Alpha',
+ 'Environment :: Plugins',
+ 'Intended Audience :: System Administrators',
+ 'License :: OSI Approved :: Apache Software License',
+ 'Operating System :: POSIX :: Linux',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 2',
+ 'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Topic :: Security',
+ 'Topic :: System :: Installation/Setup',
+ 'Topic :: System :: Networking',
+ 'Topic :: System :: Systems Administration',
+ 'Topic :: Utilities',
+ ],
+
+ packages=find_packages(),
+ include_package_data=True,
+ install_requires=install_requires,
+ extras_require={
+ 'docs': docs_extras,
+ },
+ entry_points={
+ 'certbot.plugins': [
+ 'dns-sakuracloud = certbot_dns_sakuracloud.dns_sakuracloud:Authenticator',
+ ],
+ },
+ test_suite='certbot_dns_sakuracloud',
+)
diff --git a/certbot-nginx/certbot_nginx/configurator.py b/certbot-nginx/certbot_nginx/configurator.py
index b80d95613..d31a54c17 100644
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@@ -60,7 +60,7 @@ class NginxConfigurator(common.Installer):
"""
- description = "Nginx Web Server plugin - Alpha"
+ description = "Nginx Web Server plugin"
DEFAULT_LISTEN_PORT = '80'
diff --git a/certbot-nginx/setup.py b/certbot-nginx/setup.py
index b486b2778..4706f17bd 100644
--- a/certbot-nginx/setup.py
+++ b/certbot-nginx/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup
from setuptools import find_packages
-version = '0.26.0.dev0'
+version = '0.27.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@@ -31,7 +31,7 @@ setup(
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
classifiers=[
- 'Development Status :: 3 - Alpha',
+ 'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
'Intended Audience :: System Administrators',
'License :: OSI Approved :: Apache Software License',
@@ -43,6 +43,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot-postfix/certbot_postfix/tests/installer_test.py b/certbot-postfix/certbot_postfix/tests/installer_test.py
index 1bdd2c8b3..37b78bdca 100644
--- a/certbot-postfix/certbot_postfix/tests/installer_test.py
+++ b/certbot-postfix/certbot_postfix/tests/installer_test.py
@@ -253,7 +253,7 @@ class InstallerTest(certbot_test_util.ConfigTestCase):
fake_set.reset_mock()
installer.deploy_cert("example.com", "cert_path", "key_path",
"chain_path", "fullchain_path")
- fake_set.assert_not_called()
+ self.assertFalse(fake_set.called)
@certbot_test_util.patch_get_utility()
def test_deploy_already_secure(self, mock_util):
diff --git a/certbot-postfix/setup.py b/certbot-postfix/setup.py
index 4c53477d2..0ff2908df 100644
--- a/certbot-postfix/setup.py
+++ b/certbot-postfix/setup.py
@@ -40,6 +40,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Communications :: Email :: Mail Transport Agents',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/certbot/__init__.py b/certbot/__init__.py
index 3ae0e315b..3b0b77f6c 100644
--- a/certbot/__init__.py
+++ b/certbot/__init__.py
@@ -1,4 +1,4 @@
"""Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '0.26.0.dev0'
+__version__ = '0.27.0.dev0'
diff --git a/certbot/account.py b/certbot/account.py
index 5e9455048..59ceb42e0 100644
--- a/certbot/account.py
+++ b/certbot/account.py
@@ -1,5 +1,6 @@
"""Creates ACME accounts for server."""
import datetime
+import functools
import hashlib
import logging
import os
@@ -191,6 +192,11 @@ class AccountFileStorage(interfaces.AccountStorage):
def find_all(self):
return self._find_all_for_server_path(self.config.server_path)
+ def _symlink_to_account_dir(self, prev_server_path, server_path, account_id):
+ prev_account_dir = self._account_dir_path_for_server_path(account_id, prev_server_path)
+ new_account_dir = self._account_dir_path_for_server_path(account_id, server_path)
+ os.symlink(prev_account_dir, new_account_dir)
+
def _symlink_to_accounts_dir(self, prev_server_path, server_path):
accounts_dir = self.config.accounts_dir_for_server_path(server_path)
if os.path.islink(accounts_dir):
@@ -207,7 +213,12 @@ class AccountFileStorage(interfaces.AccountStorage):
prev_server_path = constants.LE_REUSE_SERVERS[server_path]
prev_loaded_account = self._load_for_server_path(account_id, prev_server_path)
# we didn't error so we found something, so create a symlink to that
- self._symlink_to_accounts_dir(prev_server_path, server_path)
+ accounts_dir = self.config.accounts_dir_for_server_path(server_path)
+ # If accounts_dir isn't empty, make an account specific symlink
+ if os.listdir(accounts_dir):
+ self._symlink_to_account_dir(prev_server_path, server_path, account_id)
+ else:
+ self._symlink_to_accounts_dir(prev_server_path, server_path)
return prev_loaded_account
else:
raise errors.AccountNotFound(
@@ -254,7 +265,61 @@ class AccountFileStorage(interfaces.AccountStorage):
if not os.path.isdir(account_dir_path):
raise errors.AccountNotFound(
"Account at %s does not exist" % account_dir_path)
- shutil.rmtree(account_dir_path)
+ # Step 1: Delete account specific links and the directory
+ self._delete_account_dir_for_server_path(account_id, self.config.server_path)
+
+ # Step 2: Remove any accounts links and directories that are now empty
+ if not os.listdir(self.config.accounts_dir):
+ self._delete_accounts_dir_for_server_path(self.config.server_path)
+
+ def _delete_account_dir_for_server_path(self, account_id, server_path):
+ link_func = functools.partial(self._account_dir_path_for_server_path, account_id)
+ nonsymlinked_dir = self._delete_links_and_find_target_dir(server_path, link_func)
+ shutil.rmtree(nonsymlinked_dir)
+
+ def _delete_accounts_dir_for_server_path(self, server_path):
+ link_func = self.config.accounts_dir_for_server_path
+ nonsymlinked_dir = self._delete_links_and_find_target_dir(server_path, link_func)
+ os.rmdir(nonsymlinked_dir)
+
+ def _delete_links_and_find_target_dir(self, server_path, link_func):
+ """Delete symlinks and return the nonsymlinked directory path.
+
+ :param str server_path: file path based on server
+ :param callable link_func: callable that returns possible links
+ given a server_path
+
+ :returns: the final, non-symlinked target
+ :rtype: str
+
+ """
+ dir_path = link_func(server_path)
+
+ # does an appropriate directory link to me? if so, make sure that's gone
+ reused_servers = {}
+ for k in constants.LE_REUSE_SERVERS:
+ reused_servers[constants.LE_REUSE_SERVERS[k]] = k
+
+ # is there a next one up?
+ possible_next_link = True
+ while possible_next_link:
+ possible_next_link = False
+ if server_path in reused_servers:
+ next_server_path = reused_servers[server_path]
+ next_dir_path = link_func(next_server_path)
+ if os.path.islink(next_dir_path) and os.readlink(next_dir_path) == dir_path:
+ possible_next_link = True
+ server_path = next_server_path
+ dir_path = next_dir_path
+
+ # if there's not a next one up to delete, then delete me
+ # and whatever I link to
+ while os.path.islink(dir_path):
+ target = os.readlink(dir_path)
+ os.unlink(dir_path)
+ dir_path = target
+
+ return dir_path
def _save(self, account, acme, regr_only):
account_dir_path = self._account_dir_path(account.id)
@@ -270,9 +335,12 @@ class AccountFileStorage(interfaces.AccountStorage):
if hasattr(acme.directory, "new-authz"):
regr = RegistrationResourceWithNewAuthzrURI(
new_authzr_uri=acme.directory.new_authz,
- body=regr.body,
- uri=regr.uri,
- terms_of_service=regr.terms_of_service)
+ body={},
+ uri=regr.uri)
+ else:
+ regr = messages.RegistrationResource(
+ body={},
+ uri=regr.uri)
regr_file.write(regr.json_dumps())
if not regr_only:
with util.safe_open(self._key_path(account_dir_path),
diff --git a/certbot/cli.py b/certbot/cli.py
index 5c4313ea4..2c4aa6530 100644
--- a/certbot/cli.py
+++ b/certbot/cli.py
@@ -1415,10 +1415,18 @@ def _plugins_parsing(helpful, plugins):
default=flag_default("dns_dnsmadeeasy"),
help=("Obtain certificates using a DNS TXT record (if you are"
"using DNS Made Easy for DNS)."))
+ helpful.add(["plugins", "certonly"], "--dns-gehirn", action="store_true",
+ default=flag_default("dns_gehirn"),
+ help=("Obtain certificates using a DNS TXT record "
+ "(if you are using Gehirn Infrastracture Service for DNS)."))
helpful.add(["plugins", "certonly"], "--dns-google", action="store_true",
default=flag_default("dns_google"),
help=("Obtain certificates using a DNS TXT record (if you are "
"using Google Cloud DNS)."))
+ helpful.add(["plugins", "certonly"], "--dns-linode", action="store_true",
+ default=flag_default("dns_linode"),
+ help=("Obtain certificates using a DNS TXT record (if you are "
+ "using Linode for DNS)."))
helpful.add(["plugins", "certonly"], "--dns-luadns", action="store_true",
default=flag_default("dns_luadns"),
help=("Obtain certificates using a DNS TXT record (if you are "
@@ -1427,6 +1435,10 @@ def _plugins_parsing(helpful, plugins):
default=flag_default("dns_nsone"),
help=("Obtain certificates using a DNS TXT record (if you are "
"using NS1 for DNS)."))
+ helpful.add(["plugins", "certonly"], "--dns-ovh", action="store_true",
+ default=flag_default("dns_ovh"),
+ help=("Obtain certificates using a DNS TXT record (if you are "
+ "using OVH for DNS)."))
helpful.add(["plugins", "certonly"], "--dns-rfc2136", action="store_true",
default=flag_default("dns_rfc2136"),
help="Obtain certificates using a DNS TXT record (if you are using BIND for DNS).")
@@ -1434,6 +1446,10 @@ def _plugins_parsing(helpful, plugins):
default=flag_default("dns_route53"),
help=("Obtain certificates using a DNS TXT record (if you are using Route53 for "
"DNS)."))
+ helpful.add(["plugins", "certonly"], "--dns-sakuracloud", action="store_true",
+ default=flag_default("dns_sakuracloud"),
+ help=("Obtain certificates using a DNS TXT record "
+ "(if you are using Sakura Cloud for DNS)."))
# things should not be reorder past/pre this comment:
# plugins_group should be displayed in --help before plugin
diff --git a/certbot/constants.py b/certbot/constants.py
index d31faa71c..a2de2d27a 100644
--- a/certbot/constants.py
+++ b/certbot/constants.py
@@ -88,7 +88,7 @@ CLI_DEFAULTS = dict(
config_dir="/etc/letsencrypt",
work_dir="/var/lib/letsencrypt",
logs_dir="/var/log/letsencrypt",
- server="https://acme-v01.api.letsencrypt.org/directory",
+ server="https://acme-v02.api.letsencrypt.org/directory",
# Plugins parsers
configurator=None,
@@ -104,11 +104,15 @@ CLI_DEFAULTS = dict(
dns_digitalocean=False,
dns_dnsimple=False,
dns_dnsmadeeasy=False,
+ dns_gehirn=False,
dns_google=False,
+ dns_linode=False,
dns_luadns=False,
dns_nsone=False,
+ dns_ovh=False,
dns_rfc2136=False,
- dns_route53=False
+ dns_route53=False,
+ dns_sakuracloud=False
)
STAGING_URI = "https://acme-staging-v02.api.letsencrypt.org/directory"
diff --git a/certbot/interfaces.py b/certbot/interfaces.py
index a5fb426e6..2e837d1d2 100644
--- a/certbot/interfaces.py
+++ b/certbot/interfaces.py
@@ -620,6 +620,9 @@ class GenericUpdater(object):
methods, and interfaces.GenericUpdater.register(InstallerClass) should
be called from the installer code.
+ The plugins implementing this enhancement are responsible of handling
+ the saving of configuration checkpoints as well as other calls to
+ interface methods of `interfaces.IInstaller` such as prepare() and restart()
"""
@abc.abstractmethod
diff --git a/certbot/main.py b/certbot/main.py
index 6078f87a6..2cba8745b 100644
--- a/certbot/main.py
+++ b/certbot/main.py
@@ -735,8 +735,13 @@ def register(config, unused_plugins):
cb_client = client.Client(config, acc, None, None, acme=acme)
# We rely on an exception to interrupt this process if it didn't work.
acc_contacts = ['mailto:' + email for email in config.email.split(',')]
+ prev_regr_uri = acc.regr.uri
acc.regr = cb_client.acme.update_registration(acc.regr.update(
body=acc.regr.body.update(contact=acc_contacts)))
+ # A v1 account being used as a v2 account will result in changing the uri to
+ # the v2 uri. Since it's the same object on disk, put it back to the v1 uri
+ # so that we can also continue to use the account object with acmev1.
+ acc.regr = acc.regr.update(uri=prev_regr_uri)
account_storage.save_regr(acc, cb_client.acme)
eff.handle_subscription(config)
add_msg("Your e-mail address was updated to {0}.".format(config.email))
@@ -1059,7 +1064,7 @@ def revoke(config, unused_plugins): # TODO: coop with renewal config
"""
# For user-agent construction
- config.installer = config.authenticator = "None"
+ config.installer = config.authenticator = None
if config.key_path is not None: # revocation by cert key
logger.debug("Revoking %s using cert key %s",
config.cert_path[0], config.key_path[0])
@@ -1199,11 +1204,11 @@ def renew_cert(config, plugins, lineage):
# In case of a renewal, reload server to pick up new certificate.
# In principle we could have a configuration option to inhibit this
# from happening.
+ # Run deployer
updater.run_renewal_deployer(config, renewed_lineage, installer)
installer.restart()
notify("new certificate deployed with reload of {0} server; fullchain is {1}".format(
config.installer, lineage.fullchain), pause=False)
- # Run deployer
def certonly(config, plugins):
"""Authenticate & obtain cert, but do not install it.
diff --git a/certbot/plugins/disco.py b/certbot/plugins/disco.py
index bf9f60e3b..7be320efc 100644
--- a/certbot/plugins/disco.py
+++ b/certbot/plugins/disco.py
@@ -30,11 +30,15 @@ class PluginEntryPoint(object):
"certbot-dns-digitalocean",
"certbot-dns-dnsimple",
"certbot-dns-dnsmadeeasy",
+ "certbot-dns-gehirn",
"certbot-dns-google",
+ "certbot-dns-linode",
"certbot-dns-luadns",
"certbot-dns-nsone",
+ "certbot-dns-ovh",
"certbot-dns-rfc2136",
"certbot-dns-route53",
+ "certbot-dns-sakuracloud",
"certbot-nginx",
"certbot-postfix",
]
diff --git a/certbot/plugins/enhancements.py b/certbot/plugins/enhancements.py
index 506abe433..7ca096610 100644
--- a/certbot/plugins/enhancements.py
+++ b/certbot/plugins/enhancements.py
@@ -88,7 +88,8 @@ class AutoHSTSEnhancement(object):
The plugins implementing new style enhancements are responsible of handling
the saving of configuration checkpoints as well as calling possible restarts
- of managed software themselves.
+ of managed software themselves. For update_autohsts method, the installer may
+ have to call prepare() to finalize the plugin initialization.
Methods:
enable_autohsts is called when the header is initially installed using a
@@ -112,6 +113,10 @@ class AutoHSTSEnhancement(object):
:param lineage: Certificate lineage object
:type lineage: certbot.storage.RenewableCert
+
+ .. note:: prepare() method inherited from `interfaces.IPlugin` might need
+ to be called manually within implementation of this interface method
+ to finalize the plugin initialization.
"""
@abc.abstractmethod
diff --git a/certbot/plugins/selection.py b/certbot/plugins/selection.py
index 030d5b6db..9c2138247 100644
--- a/certbot/plugins/selection.py
+++ b/certbot/plugins/selection.py
@@ -39,6 +39,35 @@ def pick_authenticator(
return pick_plugin(
config, default, plugins, question, (interfaces.IAuthenticator,))
+def get_unprepared_installer(config, plugins):
+ """
+ Get an unprepared interfaces.IInstaller object.
+
+ :param certbot.interfaces.IConfig config: Configuration
+ :param certbot.plugins.disco.PluginsRegistry plugins:
+ All plugins registered as entry points.
+
+ :returns: Unprepared installer plugin or None
+ :rtype: IPlugin or None
+ """
+
+ _, req_inst = cli_plugin_requests(config)
+ if not req_inst:
+ return None
+ installers = plugins.filter(lambda p_ep: p_ep.name == req_inst)
+ installers.init(config)
+ installers = installers.verify((interfaces.IInstaller,))
+ if len(installers) > 1:
+ raise errors.PluginSelectionError(
+ "Found multiple installers with the name %s, Certbot is unable to "
+ "determine which one to use. Skipping." % req_inst)
+ if installers:
+ inst = list(installers.values())[0]
+ logger.debug("Selecting plugin: %s", inst)
+ return inst.init(config)
+ else:
+ raise errors.PluginSelectionError(
+ "Could not select or initialize the requested installer %s." % req_inst)
def pick_plugin(config, default, plugins, question, ifaces):
"""Pick plugin.
@@ -135,13 +164,14 @@ def choose_plugin(prepared, question):
return None
noninstaller_plugins = ["webroot", "manual", "standalone", "dns-cloudflare", "dns-cloudxns",
- "dns-digitalocean", "dns-dnsimple", "dns-dnsmadeeasy", "dns-google",
- "dns-luadns", "dns-nsone", "dns-rfc2136", "dns-route53"]
+ "dns-digitalocean", "dns-dnsimple", "dns-dnsmadeeasy", "dns-gehirn",
+ "dns-google", "dns-linode", "dns-luadns", "dns-nsone", "dns-ovh",
+ "dns-rfc2136", "dns-route53", "dns-sakuracloud"]
def record_chosen_plugins(config, plugins, auth, inst):
"Update the config entries to reflect the plugins we actually selected."
- config.authenticator = plugins.find_init(auth).name if auth else "None"
- config.installer = plugins.find_init(inst).name if inst else "None"
+ config.authenticator = plugins.find_init(auth).name if auth else None
+ config.installer = plugins.find_init(inst).name if inst else None
logger.info("Plugins selected: Authenticator %s, Installer %s",
config.authenticator, config.installer)
@@ -259,16 +289,24 @@ def cli_plugin_requests(config): # pylint: disable=too-many-branches
req_auth = set_configurator(req_auth, "dns-dnsimple")
if config.dns_dnsmadeeasy:
req_auth = set_configurator(req_auth, "dns-dnsmadeeasy")
+ if config.dns_gehirn:
+ req_auth = set_configurator(req_auth, "dns-gehirn")
if config.dns_google:
req_auth = set_configurator(req_auth, "dns-google")
+ if config.dns_linode:
+ req_auth = set_configurator(req_auth, "dns-linode")
if config.dns_luadns:
req_auth = set_configurator(req_auth, "dns-luadns")
if config.dns_nsone:
req_auth = set_configurator(req_auth, "dns-nsone")
+ if config.dns_ovh:
+ req_auth = set_configurator(req_auth, "dns-ovh")
if config.dns_rfc2136:
req_auth = set_configurator(req_auth, "dns-rfc2136")
if config.dns_route53:
req_auth = set_configurator(req_auth, "dns-route53")
+ if config.dns_sakuracloud:
+ req_auth = set_configurator(req_auth, "dns-sakuracloud")
logger.debug("Requested authenticator %s and installer %s", req_auth, req_inst)
return req_auth, req_inst
diff --git a/certbot/plugins/selection_test.py b/certbot/plugins/selection_test.py
index ab480544a..44d64ab8e 100644
--- a/certbot/plugins/selection_test.py
+++ b/certbot/plugins/selection_test.py
@@ -6,10 +6,13 @@ import unittest
import mock
import zope.component
+from certbot import errors
+from certbot import interfaces
+
from acme.magic_typing import List # pylint: disable=unused-import, no-name-in-module
from certbot.display import util as display_util
+from certbot.plugins.disco import PluginsRegistry
from certbot.tests import util as test_util
-from certbot import interfaces
class ConveniencePickPluginTest(unittest.TestCase):
@@ -170,5 +173,48 @@ class ChoosePluginTest(unittest.TestCase):
self.assertTrue("default" in mock_util().menu.call_args[1])
+class GetUnpreparedInstallerTest(test_util.ConfigTestCase):
+ """Tests for certbot.plugins.selection.get_unprepared_installer."""
+
+ def setUp(self):
+ super(GetUnpreparedInstallerTest, self).setUp()
+ self.mock_apache_fail_ep = mock.Mock(
+ description_with_name="afail")
+ self.mock_apache_fail_ep.name = "afail"
+ self.mock_apache_ep = mock.Mock(
+ description_with_name="apache")
+ self.mock_apache_ep.name = "apache"
+ self.mock_apache_plugin = mock.MagicMock()
+ self.mock_apache_ep.init.return_value = self.mock_apache_plugin
+ self.plugins = PluginsRegistry({
+ "afail": self.mock_apache_fail_ep,
+ "apache": self.mock_apache_ep,
+ })
+
+ def _call(self):
+ from certbot.plugins.selection import get_unprepared_installer
+ return get_unprepared_installer(self.config, self.plugins)
+
+ def test_no_installer_defined(self):
+ self.config.configurator = None
+ self.assertEquals(self._call(), None)
+
+ def test_no_available_installers(self):
+ self.config.configurator = "apache"
+ self.plugins = PluginsRegistry({})
+ self.assertRaises(errors.PluginSelectionError, self._call)
+
+ def test_get_plugin(self):
+ self.config.configurator = "apache"
+ installer = self._call()
+ self.assertTrue(installer is self.mock_apache_plugin)
+
+ def test_multiple_installers_returned(self):
+ self.config.configurator = "apache"
+ # Two plugins with the same name
+ self.mock_apache_fail_ep.name = "apache"
+ self.assertRaises(errors.PluginSelectionError, self._call)
+
+
if __name__ == "__main__":
unittest.main() # pragma: no cover
diff --git a/certbot/storage.py b/certbot/storage.py
index 5b2293bd1..32d6771c2 100644
--- a/certbot/storage.py
+++ b/certbot/storage.py
@@ -239,10 +239,15 @@ def relevant_values(all_values):
:rtype dict:
"""
- return dict(
+ rv = dict(
(option, value)
for option, value in six.iteritems(all_values)
if _relevant(option) and cli.option_was_set(option, value))
+ # We always save the server value to help with forward compatibility
+ # and behavioral consistency when versions of Certbot with different
+ # server defaults are used.
+ rv["server"] = all_values["server"]
+ return rv
def lineagename_for_filename(config_filename):
"""Returns the lineagename for a configuration filename.
diff --git a/certbot/tests/account_test.py b/certbot/tests/account_test.py
index e7f82a5b8..b2be47d0f 100644
--- a/certbot/tests/account_test.py
+++ b/certbot/tests/account_test.py
@@ -249,6 +249,14 @@ class AccountFileStorageTest(test_util.ConfigTestCase):
account = self.storage.load(self.acc.id)
self.assertEqual(prev_account, account)
+ def test_upgrade_load_single_account(self):
+ self._set_server('https://acme-staging.api.letsencrypt.org/directory')
+ self.storage.save(self.acc, self.mock_client)
+ prev_account = self.storage.load(self.acc.id)
+ self._set_server_and_stop_symlink('https://acme-staging-v02.api.letsencrypt.org/directory')
+ account = self.storage.load(self.acc.id)
+ self.assertEqual(prev_account, account)
+
def test_load_ioerror(self):
self.storage.save(self.acc, self.mock_client)
mock_open = mock.mock_open()
@@ -273,6 +281,52 @@ class AccountFileStorageTest(test_util.ConfigTestCase):
def test_delete_no_account(self):
self.assertRaises(errors.AccountNotFound, self.storage.delete, self.acc.id)
+ def _assert_symlinked_account_removed(self):
+ # create v1 account
+ self._set_server('https://acme-staging.api.letsencrypt.org/directory')
+ self.storage.save(self.acc, self.mock_client)
+ # ensure v2 isn't already linked to it
+ with mock.patch('certbot.constants.LE_REUSE_SERVERS', {}):
+ self._set_server('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self.assertRaises(errors.AccountNotFound, self.storage.load, self.acc.id)
+
+ def _test_delete_folders(self, server_url):
+ # create symlinked servers
+ self._set_server('https://acme-staging.api.letsencrypt.org/directory')
+ self.storage.save(self.acc, self.mock_client)
+ self._set_server('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self.storage.load(self.acc.id)
+
+ # delete starting at given server_url
+ self._set_server(server_url)
+ self.storage.delete(self.acc.id)
+
+ # make sure we're gone from both urls
+ self._set_server('https://acme-staging.api.letsencrypt.org/directory')
+ self.assertRaises(errors.AccountNotFound, self.storage.load, self.acc.id)
+ self._set_server('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self.assertRaises(errors.AccountNotFound, self.storage.load, self.acc.id)
+
+ def test_delete_folders_up(self):
+ self._test_delete_folders('https://acme-staging.api.letsencrypt.org/directory')
+ self._assert_symlinked_account_removed()
+
+ def test_delete_folders_down(self):
+ self._test_delete_folders('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self._assert_symlinked_account_removed()
+
+ def _set_server_and_stop_symlink(self, server_path):
+ self._set_server(server_path)
+ with open(os.path.join(self.config.accounts_dir, 'foo'), 'w') as f:
+ f.write('bar')
+
+ def test_delete_shared_account_up(self):
+ self._set_server_and_stop_symlink('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self._test_delete_folders('https://acme-staging.api.letsencrypt.org/directory')
+
+ def test_delete_shared_account_down(self):
+ self._set_server_and_stop_symlink('https://acme-staging-v02.api.letsencrypt.org/directory')
+ self._test_delete_folders('https://acme-staging-v02.api.letsencrypt.org/directory')
if __name__ == "__main__":
unittest.main() # pragma: no cover
diff --git a/certbot/tests/main_test.py b/certbot/tests/main_test.py
index a2115a486..cc4e6c293 100644
--- a/certbot/tests/main_test.py
+++ b/certbot/tests/main_test.py
@@ -1493,17 +1493,17 @@ class MainTest(test_util.ConfigTestCase): # pylint: disable=too-many-public-met
self.assertTrue(mock_handle.called)
@mock.patch('certbot.plugins.selection.choose_configurator_plugins')
- def test_plugin_selection_error(self, mock_choose):
+ @mock.patch('certbot.updater._run_updaters')
+ def test_plugin_selection_error(self, mock_run, mock_choose):
mock_choose.side_effect = errors.PluginSelectionError
self.assertRaises(errors.PluginSelectionError, main.renew_cert,
None, None, None)
- with mock.patch('certbot.updater.logger.warning') as mock_log:
- self.config.dry_run = False
- updater.run_generic_updaters(self.config, None, None)
- self.assertTrue(mock_log.called)
- self.assertTrue("Could not choose appropriate plugin for updaters"
- in mock_log.call_args[0][0])
+ self.config.dry_run = False
+ updater.run_generic_updaters(self.config, None, None)
+ # Make sure we're returning None, and hence not trying to run the
+ # without installer
+ self.assertFalse(mock_run.called)
class UnregisterTest(unittest.TestCase):
diff --git a/certbot/tests/renewupdater_test.py b/certbot/tests/renewupdater_test.py
index c1b97843e..5a362072c 100644
--- a/certbot/tests/renewupdater_test.py
+++ b/certbot/tests/renewupdater_test.py
@@ -23,13 +23,15 @@ class RenewUpdaterTest(test_util.ConfigTestCase):
@mock.patch('certbot.main._get_and_save_cert')
@mock.patch('certbot.plugins.selection.choose_configurator_plugins')
+ @mock.patch('certbot.plugins.selection.get_unprepared_installer')
@test_util.patch_get_utility()
- def test_server_updates(self, _, mock_select, mock_getsave):
+ def test_server_updates(self, _, mock_geti, mock_select, mock_getsave):
mock_getsave.return_value = mock.MagicMock()
mock_generic_updater = self.generic_updater
# Generic Updater
mock_select.return_value = (mock_generic_updater, None)
+ mock_geti.return_value = mock_generic_updater
with mock.patch('certbot.main._init_le_client'):
main.renew_cert(self.config, None, mock.MagicMock())
self.assertTrue(mock_generic_updater.restart.called)
@@ -62,9 +64,9 @@ class RenewUpdaterTest(test_util.ConfigTestCase):
self.assertEquals(mock_log.call_args[0][0],
"Skipping renewal deployer in dry-run mode.")
- @mock.patch('certbot.plugins.selection.choose_configurator_plugins')
- def test_enhancement_updates(self, mock_select):
- mock_select.return_value = (self.mockinstaller, None)
+ @mock.patch('certbot.plugins.selection.get_unprepared_installer')
+ def test_enhancement_updates(self, mock_geti):
+ mock_geti.return_value = self.mockinstaller
updater.run_generic_updaters(self.config, mock.MagicMock(), None)
self.assertTrue(self.mockinstaller.update_autohsts.called)
self.assertEqual(self.mockinstaller.update_autohsts.call_count, 1)
@@ -74,10 +76,10 @@ class RenewUpdaterTest(test_util.ConfigTestCase):
self.mockinstaller)
self.assertTrue(self.mockinstaller.deploy_autohsts.called)
- @mock.patch('certbot.plugins.selection.choose_configurator_plugins')
- def test_enhancement_updates_not_called(self, mock_select):
+ @mock.patch('certbot.plugins.selection.get_unprepared_installer')
+ def test_enhancement_updates_not_called(self, mock_geti):
self.config.disable_renew_updates = True
- mock_select.return_value = (self.mockinstaller, None)
+ mock_geti.return_value = self.mockinstaller
updater.run_generic_updaters(self.config, mock.MagicMock(), None)
self.assertFalse(self.mockinstaller.update_autohsts.called)
@@ -87,8 +89,8 @@ class RenewUpdaterTest(test_util.ConfigTestCase):
self.mockinstaller)
self.assertFalse(self.mockinstaller.deploy_autohsts.called)
- @mock.patch('certbot.plugins.selection.choose_configurator_plugins')
- def test_enhancement_no_updater(self, mock_select):
+ @mock.patch('certbot.plugins.selection.get_unprepared_installer')
+ def test_enhancement_no_updater(self, mock_geti):
FAKEINDEX = [
{
"name": "Test",
@@ -98,7 +100,7 @@ class RenewUpdaterTest(test_util.ConfigTestCase):
"enable_function": "enable_autohsts"
}
]
- mock_select.return_value = (self.mockinstaller, None)
+ mock_geti.return_value = self.mockinstaller
with mock.patch("certbot.plugins.enhancements._INDEX", FAKEINDEX):
updater.run_generic_updaters(self.config, mock.MagicMock(), None)
self.assertFalse(self.mockinstaller.update_autohsts.called)
diff --git a/certbot/tests/storage_test.py b/certbot/tests/storage_test.py
index aa6c52ad4..53a976f8d 100644
--- a/certbot/tests/storage_test.py
+++ b/certbot/tests/storage_test.py
@@ -544,14 +544,23 @@ class RenewableCertTests(BaseRenewableCertTest):
self.assertFalse(os.path.exists(temp_config_file))
def _test_relevant_values_common(self, values):
- option = "rsa_key_size"
- mock_parser = mock.Mock(args=["--standalone"], verb="certonly",
- defaults={option: cli.flag_default(option)})
+ defaults = dict((option, cli.flag_default(option))
+ for option in ("authenticator", "installer",
+ "rsa_key_size", "server",))
+ mock_parser = mock.Mock(args=[], verb="plugins",
+ defaults=defaults)
+
+ # make a copy to ensure values isn't modified
+ values = values.copy()
+ values.setdefault("server", defaults["server"])
+ expected_server = values["server"]
from certbot.storage import relevant_values
with mock.patch("certbot.cli.helpful_parser", mock_parser):
- # make a copy to ensure values isn't modified
- return relevant_values(values.copy())
+ rv = relevant_values(values)
+ self.assertIn("server", rv)
+ self.assertEqual(rv.pop("server"), expected_server)
+ return rv
def test_relevant_values(self):
"""Test that relevant_values() can reject an irrelevant value."""
@@ -580,6 +589,11 @@ class RenewableCertTests(BaseRenewableCertTest):
self.assertEqual(
self._test_relevant_values_common(values), values)
+ def test_relevant_values_plugins_none(self):
+ self.assertEqual(
+ self._test_relevant_values_common(
+ {"authenticator": None, "installer": None}), {})
+
@mock.patch("certbot.cli.set_by_cli")
@mock.patch("certbot.plugins.disco.PluginsRegistry.find_all")
def test_relevant_values_namespace(self, mock_find_all, mock_set_by_cli):
@@ -589,6 +603,12 @@ class RenewableCertTests(BaseRenewableCertTest):
self.assertEqual(
self._test_relevant_values_common(values), values)
+ def test_relevant_values_server(self):
+ self.assertEqual(
+ # _test_relevant_values_common handles testing the server
+ # value and removes it
+ self._test_relevant_values_common({"server": "example.org"}), {})
+
@mock.patch("certbot.storage.relevant_values")
def test_new_lineage(self, mock_rv):
"""Test for new_lineage() class method."""
diff --git a/certbot/updater.py b/certbot/updater.py
index fb7c52f77..58df6fcb4 100644
--- a/certbot/updater.py
+++ b/certbot/updater.py
@@ -28,13 +28,13 @@ def run_generic_updaters(config, lineage, plugins):
logger.debug("Skipping updaters in dry-run mode.")
return
try:
- # installers are used in auth mode to determine domain names
- installer, _ = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
- except errors.PluginSelectionError as e:
+ installer = plug_sel.get_unprepared_installer(config, plugins)
+ except errors.Error as e:
logger.warning("Could not choose appropriate plugin for updaters: %s", e)
return
- _run_updaters(lineage, installer, config)
- _run_enhancement_updaters(lineage, installer, config)
+ if installer:
+ _run_updaters(lineage, installer, config)
+ _run_enhancement_updaters(lineage, installer, config)
def run_renewal_deployer(config, lineage, installer):
"""Helper function to run deployer interface method if supported by the used
diff --git a/docs/cli-help.txt b/docs/cli-help.txt
index 594bcfd04..931ea4c62 100644
--- a/docs/cli-help.txt
+++ b/docs/cli-help.txt
@@ -108,7 +108,7 @@ optional arguments:
case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to
- "". (default: CertbotACMEClient/0.25.1
+ "". (default: CertbotACMEClient/0.26.1
(certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX
Installer/YYY (SUBCOMMAND; flags: FLAGS)
Py/major.minor.patchlevel). The flags encoded in the
@@ -196,6 +196,8 @@ security:
--strict-permissions Require that all configuration files are owned by the
current user; only needed if your config is somewhere
unsafe like /tmp/ (default: False)
+ --auto-hsts Gradually increasing max-age value for HTTP Strict
+ Transport Security security header (default: False)
testing:
The following flags are meant for testing and integration purposes only.
@@ -249,7 +251,7 @@ paths:
--work-dir WORK_DIR Working directory. (default: /var/lib/letsencrypt)
--logs-dir LOGS_DIR Logs directory. (default: /var/log/letsencrypt)
--server SERVER ACME Directory Resource URI. (default:
- https://acme-v01.api.letsencrypt.org/directory)
+ https://acme-v02.api.letsencrypt.org/directory)
manage:
Various subcommands and flags are available for managing your
@@ -328,6 +330,7 @@ renew:
renew", regardless of if the certificate is renewed.
This setting does not apply to important TLS
configuration updates. (default: False)
+ --no-autorenew Disable auto renewal of certificates. (default: True)
certificates:
List certificates managed by Certbot
@@ -448,24 +451,35 @@ plugins:
using DNSimple for DNS). (default: False)
--dns-dnsmadeeasy Obtain certificates using a DNS TXT record (if you
areusing DNS Made Easy for DNS). (default: False)
+ --dns-gehirn Obtain certificates using a DNS TXT record (if you are
+ using Gehirn Infrastracture Service for DNS).
+ (default: False)
--dns-google Obtain certificates using a DNS TXT record (if you are
using Google Cloud DNS). (default: False)
+ --dns-linode Obtain certificates using a DNS TXT record (if you are
+ using Linode for DNS). (default: False)
--dns-luadns Obtain certificates using a DNS TXT record (if you are
using LuaDNS for DNS). (default: False)
--dns-nsone Obtain certificates using a DNS TXT record (if you are
using NS1 for DNS). (default: False)
+ --dns-ovh Obtain certificates using a DNS TXT record (if you are
+ using OVH for DNS). (default: False)
--dns-rfc2136 Obtain certificates using a DNS TXT record (if you are
using BIND for DNS). (default: False)
--dns-route53 Obtain certificates using a DNS TXT record (if you are
using Route53 for DNS). (default: False)
+ --dns-sakuracloud Obtain certificates using a DNS TXT record (if you are
+ using Sakura Cloud for DNS). (default: False)
apache:
Apache Web Server plugin - Beta
--apache-enmod APACHE_ENMOD
- Path to the Apache 'a2enmod' binary. (default: None)
+ Path to the Apache 'a2enmod' binary. (default:
+ a2enmod)
--apache-dismod APACHE_DISMOD
- Path to the Apache 'a2dismod' binary. (default: None)
+ Path to the Apache 'a2dismod' binary. (default:
+ a2dismod)
--apache-le-vhost-ext APACHE_LE_VHOST_EXT
SSL vhost configuration extension. (default: -le-
ssl.conf)
@@ -479,13 +493,13 @@ apache:
/var/log/apache2)
--apache-challenge-location APACHE_CHALLENGE_LOCATION
Directory path for challenge configuration. (default:
- /etc/apache2/other)
+ /etc/apache2)
--apache-handle-modules APACHE_HANDLE_MODULES
Let installer handle enabling required modules for
- you. (Only Ubuntu/Debian currently) (default: False)
+ you. (Only Ubuntu/Debian currently) (default: True)
--apache-handle-sites APACHE_HANDLE_SITES
Let installer handle enabling sites for you. (Only
- Ubuntu/Debian currently) (default: False)
+ Ubuntu/Debian currently) (default: True)
certbot-route53:auth:
Obtain certificates using a DNS TXT record (if you are using AWS Route53
@@ -551,6 +565,18 @@ dns-dnsmadeeasy:
--dns-dnsmadeeasy-credentials DNS_DNSMADEEASY_CREDENTIALS
DNS Made Easy credentials INI file. (default: None)
+dns-gehirn:
+ Obtain certificates using a DNS TXT record (if you are using Gehirn
+ Infrastracture Service for DNS).
+
+ --dns-gehirn-propagation-seconds DNS_GEHIRN_PROPAGATION_SECONDS
+ The number of seconds to wait for DNS to propagate
+ before asking the ACME server to verify the DNS
+ record. (default: 30)
+ --dns-gehirn-credentials DNS_GEHIRN_CREDENTIALS
+ Gehirn Infrastracture Service credentials file.
+ (default: None)
+
dns-google:
Obtain certificates using a DNS TXT record (if you are using Google Cloud
DNS for DNS).
@@ -568,6 +594,16 @@ dns-google:
control#permissions_and_roles for information about
therequired permissions.) (default: None)
+dns-linode:
+ Obtain certs using a DNS TXT record (if you are using Linode for DNS).
+
+ --dns-linode-propagation-seconds DNS_LINODE_PROPAGATION_SECONDS
+ The number of seconds to wait for DNS to propagate
+ before asking the ACME server to verify the DNS
+ record. (default: 960)
+ --dns-linode-credentials DNS_LINODE_CREDENTIALS
+ Linode credentials INI file. (default: None)
+
dns-luadns:
Obtain certificates using a DNS TXT record (if you are using LuaDNS for
DNS).
@@ -589,6 +625,16 @@ dns-nsone:
--dns-nsone-credentials DNS_NSONE_CREDENTIALS
NS1 credentials file. (default: None)
+dns-ovh:
+ Obtain certificates using a DNS TXT record (if you are using OVH for DNS).
+
+ --dns-ovh-propagation-seconds DNS_OVH_PROPAGATION_SECONDS
+ The number of seconds to wait for DNS to propagate
+ before asking the ACME server to verify the DNS
+ record. (default: 30)
+ --dns-ovh-credentials DNS_OVH_CREDENTIALS
+ OVH credentials INI file. (default: None)
+
dns-rfc2136:
Obtain certificates using a DNS TXT record (if you are using BIND for
DNS).
@@ -609,6 +655,17 @@ dns-route53:
before asking the ACME server to verify the DNS
record. (default: 10)
+dns-sakuracloud:
+ Obtain certificates using a DNS TXT record (if you are using Sakura Cloud
+ for DNS).
+
+ --dns-sakuracloud-propagation-seconds DNS_SAKURACLOUD_PROPAGATION_SECONDS
+ The number of seconds to wait for DNS to propagate
+ before asking the ACME server to verify the DNS
+ record. (default: 90)
+ --dns-sakuracloud-credentials DNS_SAKURACLOUD_CREDENTIALS
+ Sakura Cloud credentials file. (default: None)
+
manual:
Authenticate through manual configuration or custom shell scripts. When
using shell scripts, an authenticator script must be provided. The
@@ -635,7 +692,7 @@ manual:
Automatically allows public IP logging (default: Ask)
nginx:
- Nginx Web Server plugin - Alpha
+ Nginx Web Server plugin
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx or
diff --git a/docs/packaging.rst b/docs/packaging.rst
index 3d58ea92e..c13a14af3 100644
--- a/docs/packaging.rst
+++ b/docs/packaging.rst
@@ -17,8 +17,10 @@ We release packages and upload them to PyPI (wheels and source tarballs).
- https://pypi.python.org/pypi/certbot-dns-dnsimple
- https://pypi.python.org/pypi/certbot-dns-dnsmadeeasy
- https://pypi.python.org/pypi/certbot-dns-google
+- https://pypi.python.org/pypi/certbot-dns-linode
- https://pypi.python.org/pypi/certbot-dns-luadns
- https://pypi.python.org/pypi/certbot-dns-nsone
+- https://pypi.python.org/pypi/certbot-dns-ovh
- https://pypi.python.org/pypi/certbot-dns-rfc2136
- https://pypi.python.org/pypi/certbot-dns-route53
@@ -82,8 +84,20 @@ Fedora
In Fedora 23+.
-- https://admin.fedoraproject.org/pkgdb/package/certbot/
-- https://admin.fedoraproject.org/pkgdb/package/python-acme/
+- https://apps.fedoraproject.org/packages/python-acme
+- https://apps.fedoraproject.org/packages/certbot
+- https://apps.fedoraproject.org/packages/python-certbot-apache
+- https://apps.fedoraproject.org/packages/python-certbot-dns-cloudflare
+- https://apps.fedoraproject.org/packages/python-certbot-dns-cloudxns
+- https://apps.fedoraproject.org/packages/python-certbot-dns-digitalocean
+- https://apps.fedoraproject.org/packages/python-certbot-dns-dnsimple
+- https://apps.fedoraproject.org/packages/python-certbot-dns-dnsmadeeasy
+- https://apps.fedoraproject.org/packages/python-certbot-dns-google
+- https://apps.fedoraproject.org/packages/python-certbot-dns-luadns
+- https://apps.fedoraproject.org/packages/python-certbot-dns-nsone
+- https://apps.fedoraproject.org/packages/python-certbot-dns-rfc2136
+- https://apps.fedoraproject.org/packages/python-certbot-dns-route53
+- https://apps.fedoraproject.org/packages/python-certbot-nginx
FreeBSD
-------
diff --git a/docs/using.rst b/docs/using.rst
index 46599a06e..946c12bc6 100644
--- a/docs/using.rst
+++ b/docs/using.rst
@@ -203,8 +203,10 @@ Once installed, you can find documentation on how to use each plugin at:
* `certbot-dns-dnsimple `_
* `certbot-dns-dnsmadeeasy `_
* `certbot-dns-google `_
+* `certbot-dns-linode `_
* `certbot-dns-luadns `_
* `certbot-dns-nsone `_
+* `certbot-dns-ovh `_
* `certbot-dns-rfc2136 `_
* `certbot-dns-route53 `_
diff --git a/letsencrypt-auto b/letsencrypt-auto
index d2cfa672d..e097719db 100755
--- a/letsencrypt-auto
+++ b/letsencrypt-auto
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.25.1"
+LE_AUTO_VERSION="0.26.1"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -1060,37 +1060,26 @@ ConfigArgParse==0.12.0 \
configobj==5.0.6 \
--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902 \
--no-binary configobj
-cryptography==2.0.2 \
- --hash=sha256:187ae17358436d2c760f28c2aeb02fefa3f37647a9c5b6f7f7c3e83cd1c5a972 \
- --hash=sha256:19e43a13bbf52028dd1e810c803f2ad8880d0692d772f98d42e1eaf34bdee3d6 \
- --hash=sha256:da9291502cbc87dc0284a20c56876e4d2e68deac61cc43df4aec934e44ca97b1 \
- --hash=sha256:0954f8813095f581669330e0a2d5e726c33ac7f450c1458fac58bab54595e516 \
- --hash=sha256:d68b0cc40a8432ed3fc84876c519de704d6001800ec22b136e75ae841910c45b \
- --hash=sha256:2f8ad9580ab4da645cfea52a91d2da99a49a1e76616d8be68441a986fad652b0 \
- --hash=sha256:cc00b4511294f5f6b65c4e77a1a9c62f52490a63d2c120f3872176b40a82351e \
- --hash=sha256:cf896020f6a9f095a547b3d672c8db1ef2ed71fca11250731fa1d4a4cb8b1590 \
- --hash=sha256:e0fdb8322206fa02aa38f71519ff75dce2eb481b7e1110e2936795cb376bb6ee \
- --hash=sha256:277538466657ca5d6637f80be100242f9831d75138b788d718edd3aab34621f8 \
- --hash=sha256:2c77eb0560f54ce654ab82d6b2a64327a71ee969b29022bf9746ca311c9f5069 \
- --hash=sha256:755a7853b679e79d0a799351c092a9b0271f95ff54c8dd8823d8b527a2926a86 \
- --hash=sha256:77197a2d525e761cdd4c771180b4bd0d80703654c6385e4311cbbbe2beb56fa1 \
- --hash=sha256:eb8bb79d0ab00c931c8333b745f06fec481a51c52d70acd4ee95d6093ba5c386 \
- --hash=sha256:131f61de82ef28f3e20beb4bfc24f9692d28cecfd704e20e6c7f070f7793013a \
- --hash=sha256:ac35435974b2e27cd4520f29c191d7da36f4189aa3264e52c4c6c6d089ab6142 \
- --hash=sha256:04b6ea99daa2a8460728794213d76d45ad58ea247dc7e7ff148d7dd726e87863 \
- --hash=sha256:2b9442f8b4c3d575f6cc3db0e856034e0f5a9d55ecd636f52d8c496795b26952 \
- --hash=sha256:b3d3b3ecba1fe1bdb6f180770a137f877c8f07571f7b2934bb269475bcf0e5e8 \
- --hash=sha256:670a58c0d75cb0e78e73dd003bd96d4440bbb1f2bc041dcf7b81767ca4fb0ce9 \
- --hash=sha256:5af84d23bdb86b5e90aca263df1424b43f1748480bfcde3ac2a3cbe622612468 \
- --hash=sha256:ba22e8eefabdd7aca37d0c0c00d2274000d2cebb5cce9e5a710cb55bf8797b31 \
- --hash=sha256:b798b22fa7e92b439547323b8b719d217f1e1b7677585cfeeedf3b55c70bb7fb \
- --hash=sha256:59cff28af8cce96cb7e94a459726e1d88f6f5fa75097f9dcbebd99118d64ea4c \
- --hash=sha256:fe859e445abc9ba9e97950ddafb904e23234c4ecb76b0fae6c86e80592ce464a \
- --hash=sha256:655f3c474067f1e277430f23cc0549f0b1dc99b82aec6e53f80b9b2db7f76f11 \
- --hash=sha256:0ebc2be053c9a03a2f3e20a466e87bf12a51586b3c79bd2a22171b073a805346 \
- --hash=sha256:01e6e60654df64cca53733cda39446d67100c819c181d403afb120e0d2a71e1b \
- --hash=sha256:d46f4e5d455cb5563685c52ef212696f0a6cc1ea627603218eabbd8a095291d8 \
- --hash=sha256:3780b2663ee7ebb37cb83263326e3cd7f8b2ea439c448539d4b87de12c8d06ab
+cryptography==2.2.2 \
+ --hash=sha256:3f3b65d5a16e6b52fba63dc860b62ca9832f51f1a2ae5083c78b6840275f12dd \
+ --hash=sha256:5251e7de0de66810833606439ca65c9b9e45da62196b0c88bfadf27740aac09f \
+ --hash=sha256:551a3abfe0c8c6833df4192a63371aa2ff43afd8f570ed345d31f251d78e7e04 \
+ --hash=sha256:5cb990056b7cadcca26813311187ad751ea644712022a3976443691168781b6f \
+ --hash=sha256:60bda7f12ecb828358be53095fc9c6edda7de8f1ef571f96c00b2363643fa3cd \
+ --hash=sha256:64b5c67acc9a7c83fbb4b69166f3105a0ab722d27934fac2cb26456718eec2ba \
+ --hash=sha256:6fef51ec447fe9f8351894024e94736862900d3a9aa2961528e602eb65c92bdb \
+ --hash=sha256:77d0ad229d47a6e0272d00f6bf8ac06ce14715a9fd02c9a97f5a2869aab3ccb2 \
+ --hash=sha256:808fe471b1a6b777f026f7dc7bd9a4959da4bfab64972f2bbe91e22527c1c037 \
+ --hash=sha256:9b62fb4d18529c84b961efd9187fecbb48e89aa1a0f9f4161c61b7fc42a101bd \
+ --hash=sha256:9e5bed45ec6b4f828866ac6a6bedf08388ffcfa68abe9e94b34bb40977aba531 \
+ --hash=sha256:9fc295bf69130a342e7a19a39d7bbeb15c0bcaabc7382ec33ef3b2b7d18d2f63 \
+ --hash=sha256:abd070b5849ed64e6d349199bef955ee0ad99aefbad792f0c587f8effa681a5e \
+ --hash=sha256:ba6a774749b6e510cffc2fb98535f717e0e5fd91c7c99a61d223293df79ab351 \
+ --hash=sha256:c332118647f084c983c6a3e1dba0f3bcb051f69d12baccac68db8d62d177eb8a \
+ --hash=sha256:d6f46e862ee36df81e6342c2177ba84e70f722d9dc9c6c394f9f1f434c4a5563 \
+ --hash=sha256:db6013746f73bf8edd9c3d1d3f94db635b9422f503db3fc5ef105233d4c011ab \
+ --hash=sha256:f57008eaff597c69cf692c3518f6d4800f0309253bb138b526a37fe9ef0c7471 \
+ --hash=sha256:f6c821ac253c19f2ad4c8691633ae1d1a17f120d5b01ea1d256d7b602bc59887
enum34==1.1.2 ; python_version < '3.4' \
--hash=sha256:2475d7fcddf5951e92ff546972758802de5260bf409319a9f1934e6bbc8b1dc7 \
--hash=sha256:35907defb0f992b75ab7788f65fedc1cf20ffa22688e0e6f6f12afc06b3ea501
@@ -1103,9 +1092,9 @@ idna==2.5 \
ipaddress==1.0.16 \
--hash=sha256:935712800ce4760701d89ad677666cd52691fd2f6f0b340c8b4239a3c17988a5 \
--hash=sha256:5a3182b322a706525c46282ca6f064d27a02cffbd449f9f47416f1dc96aa71b0
-josepy==1.0.1 \
- --hash=sha256:354a3513038a38bbcd27c97b7c68a8f3dfaff0a135b20a92c6db4cc4ea72915e \
- --hash=sha256:9f48b88ca37f0244238b1cc77723989f7c54f7b90b2eee6294390bacfe870acc
+josepy==1.1.0 \
+ --hash=sha256:1309a25aac3caeff5239729c58ff9b583f7d022ffdb1553406ddfc8e5b52b76e \
+ --hash=sha256:fb5c62c77d26e04df29cb5ecd01b9ce69b6fcc9e521eb1ca193b7faa2afa7086
linecache2==1.0.0 \
--hash=sha256:e78be9c0a0dfcbac712fe04fbf92b96cddae80b1b842f24248214c8496f006ef \
--hash=sha256:4b26ff4e7110db76eeb6f5a7b64a82623839d595c2038eeda662f2a2db78e97c
@@ -1208,18 +1197,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
-certbot==0.25.1 \
- --hash=sha256:01689015364685fef3f1e1fb7832ba84eb3b0aa85bc5a71c96661f6d4c59981f \
- --hash=sha256:5c23e5186133bb1afd805be5e0cd2fb7b95862a8b0459c9ecad4ae60f933e54e
-acme==0.25.1 \
- --hash=sha256:26e641a01536705fe5f12d856703b8ef06e5a07981a7b6379d2771dcdb69a742 \
- --hash=sha256:47b5f3f73d69b7b1d13f918aa2cd75a8093069a68becf4af38e428e4613b2734
-certbot-apache==0.25.1 \
- --hash=sha256:a28b7c152cc11474bef5b5e7967aaea42b2c0aaf86fd82ee4082713d33cee5a9 \
- --hash=sha256:ed012465617073a0f1057fe854dc8d1eb6d2dd7ede1fb2eee765129fed2a095a
-certbot-nginx==0.25.1 \
- --hash=sha256:83f82c3ba08c0b1d4bf449ac24018e8e7dd34a6248d35466f2de7da1cd312e15 \
- --hash=sha256:68f98b41c54e0bf4218ef293079597176617bee3837ae3aa6528ce2ff0bf4f9c
+certbot==0.26.1 \
+ --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+ --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+ --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+ --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+ --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+ --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+ --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+ --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624
UNLIKELY_EOF
# -------------------------------------------------------------------------
diff --git a/letsencrypt-auto-source/certbot-auto.asc b/letsencrypt-auto-source/certbot-auto.asc
index 67bab66d4..9f6706931 100644
--- a/letsencrypt-auto-source/certbot-auto.asc
+++ b/letsencrypt-auto-source/certbot-auto.asc
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
-iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAlsgc/cACgkQTRfJlc2X
-dfLjBgf/bHZn/q+Dqn34uBXHymRSce7UxQn17izcKAt7hZBl4j4sebQ9+0jjuNur
-zrW8b0XJ0PsI10GG9qHR3ajC+04pWfRritnK1g4Ycb/pDcUkWo+8uRwr7skAVcvC
-oa8ToBS3iUbd3csFl1mu1BGACUHLvVs2cYdDtMuJj8wjsVZ7KnWBGKULAskwmU4Z
-VVUxeUrG9f+2kT35meEJUk91FS+4tmqNIVsVlBzf0Q0ZU1iQnV56dMwTqFRzdDJ2
-DBecE0GwuYnKXo2I7kIYaqACQmk9YFh55Sh0K9PbQxyv7YEZXZtkcdqFqyhxy3Nh
-EJ2kurFaM3/VmLljc/rW8QW8B3QNbw==
-=pkDz
+iQEcBAABCAAGBQJbTSv8AAoJEE0XyZXNl3Xy12sH/1FgV3SDVG0T1jgKQOYEUwrq
+cmpjdav8YPgFOSQDOcyFZG0DNcRfTskZt45IMkBLLnXq2PuPvkppc1+akP81vMoK
+NXHHS+PXDMjnBW4NFkexoM06KRF1SyHnvqsOg13w7UW2CjsAgtazGF5BucNCnjPH
+XJTwUf4uhKxeUb0Xkva1OPH++oTWz8+SYgWr/iMggkBrK8y04QUUJ6lyCO6MZgcE
+3JcECG7CwMK+hW0gCUkCSNZ0NzOBALCd9wCxNGszgkeJXrrW73oUpZmGC5BxIwYY
+o6lcF0qo7Jb92t4B3+7JhulMC5JoVoG4lpiXpKQFFCT0P4pZKotIomKNMATmnB4=
+=hzUL
-----END PGP SIGNATURE-----
diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto
index d571a5a8d..765072c3f 100755
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.26.0.dev0"
+LE_AUTO_VERSION="0.27.0.dev0"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -1092,9 +1092,9 @@ idna==2.5 \
ipaddress==1.0.16 \
--hash=sha256:935712800ce4760701d89ad677666cd52691fd2f6f0b340c8b4239a3c17988a5 \
--hash=sha256:5a3182b322a706525c46282ca6f064d27a02cffbd449f9f47416f1dc96aa71b0
-josepy==1.0.1 \
- --hash=sha256:354a3513038a38bbcd27c97b7c68a8f3dfaff0a135b20a92c6db4cc4ea72915e \
- --hash=sha256:9f48b88ca37f0244238b1cc77723989f7c54f7b90b2eee6294390bacfe870acc
+josepy==1.1.0 \
+ --hash=sha256:1309a25aac3caeff5239729c58ff9b583f7d022ffdb1553406ddfc8e5b52b76e \
+ --hash=sha256:fb5c62c77d26e04df29cb5ecd01b9ce69b6fcc9e521eb1ca193b7faa2afa7086
linecache2==1.0.0 \
--hash=sha256:e78be9c0a0dfcbac712fe04fbf92b96cddae80b1b842f24248214c8496f006ef \
--hash=sha256:4b26ff4e7110db76eeb6f5a7b64a82623839d595c2038eeda662f2a2db78e97c
@@ -1197,18 +1197,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
-certbot==0.25.1 \
- --hash=sha256:01689015364685fef3f1e1fb7832ba84eb3b0aa85bc5a71c96661f6d4c59981f \
- --hash=sha256:5c23e5186133bb1afd805be5e0cd2fb7b95862a8b0459c9ecad4ae60f933e54e
-acme==0.25.1 \
- --hash=sha256:26e641a01536705fe5f12d856703b8ef06e5a07981a7b6379d2771dcdb69a742 \
- --hash=sha256:47b5f3f73d69b7b1d13f918aa2cd75a8093069a68becf4af38e428e4613b2734
-certbot-apache==0.25.1 \
- --hash=sha256:a28b7c152cc11474bef5b5e7967aaea42b2c0aaf86fd82ee4082713d33cee5a9 \
- --hash=sha256:ed012465617073a0f1057fe854dc8d1eb6d2dd7ede1fb2eee765129fed2a095a
-certbot-nginx==0.25.1 \
- --hash=sha256:83f82c3ba08c0b1d4bf449ac24018e8e7dd34a6248d35466f2de7da1cd312e15 \
- --hash=sha256:68f98b41c54e0bf4218ef293079597176617bee3837ae3aa6528ce2ff0bf4f9c
+certbot==0.26.1 \
+ --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+ --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+ --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+ --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+ --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+ --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+ --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+ --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624
UNLIKELY_EOF
# -------------------------------------------------------------------------
diff --git a/letsencrypt-auto-source/letsencrypt-auto.sig b/letsencrypt-auto-source/letsencrypt-auto.sig
index f266c93e9..d1306d03d 100644
--- a/letsencrypt-auto-source/letsencrypt-auto.sig
+++ b/letsencrypt-auto-source/letsencrypt-auto.sig
@@ -1 +1,3 @@
-k��e�a[�1��x�yꥥ=.s4VS��? ODS� �9�"�L%��9-HJ<���mULu�k�2��H]�wW�!;Սp��B�Ô��|�X�UlEa�Jf!¬hh&ZXr��b�'_>%W�:;']yRS�7uM̸dȓ�sX;ap>,c5tb
\ No newline at end of file
+3p�Sj�ͻ��~@F-�*6�]("�A�,�8ߍ�=sO�c{ⅎEB\,IJ1
+»�Z*O/+k�+}�~l��d?]f(�r�?J�2Ԕ 4=�
K+K#���@�_[)4V8;ՠ�-K�W��rpwߊ2ۮx,�g�ڧw80;uC^̓ByI�ùX/�b
+�sZS
\ No newline at end of file
diff --git a/letsencrypt-auto-source/pieces/certbot-requirements.txt b/letsencrypt-auto-source/pieces/certbot-requirements.txt
index f53891ccd..feb3f1c3a 100644
--- a/letsencrypt-auto-source/pieces/certbot-requirements.txt
+++ b/letsencrypt-auto-source/pieces/certbot-requirements.txt
@@ -1,12 +1,12 @@
-certbot==0.25.1 \
- --hash=sha256:01689015364685fef3f1e1fb7832ba84eb3b0aa85bc5a71c96661f6d4c59981f \
- --hash=sha256:5c23e5186133bb1afd805be5e0cd2fb7b95862a8b0459c9ecad4ae60f933e54e
-acme==0.25.1 \
- --hash=sha256:26e641a01536705fe5f12d856703b8ef06e5a07981a7b6379d2771dcdb69a742 \
- --hash=sha256:47b5f3f73d69b7b1d13f918aa2cd75a8093069a68becf4af38e428e4613b2734
-certbot-apache==0.25.1 \
- --hash=sha256:a28b7c152cc11474bef5b5e7967aaea42b2c0aaf86fd82ee4082713d33cee5a9 \
- --hash=sha256:ed012465617073a0f1057fe854dc8d1eb6d2dd7ede1fb2eee765129fed2a095a
-certbot-nginx==0.25.1 \
- --hash=sha256:83f82c3ba08c0b1d4bf449ac24018e8e7dd34a6248d35466f2de7da1cd312e15 \
- --hash=sha256:68f98b41c54e0bf4218ef293079597176617bee3837ae3aa6528ce2ff0bf4f9c
+certbot==0.26.1 \
+ --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+ --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+ --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+ --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+ --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+ --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+ --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+ --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624
diff --git a/letsencrypt-auto-source/pieces/dependency-requirements.txt b/letsencrypt-auto-source/pieces/dependency-requirements.txt
index 54498cb3e..ae6079d96 100644
--- a/letsencrypt-auto-source/pieces/dependency-requirements.txt
+++ b/letsencrypt-auto-source/pieces/dependency-requirements.txt
@@ -96,9 +96,9 @@ idna==2.5 \
ipaddress==1.0.16 \
--hash=sha256:935712800ce4760701d89ad677666cd52691fd2f6f0b340c8b4239a3c17988a5 \
--hash=sha256:5a3182b322a706525c46282ca6f064d27a02cffbd449f9f47416f1dc96aa71b0
-josepy==1.0.1 \
- --hash=sha256:354a3513038a38bbcd27c97b7c68a8f3dfaff0a135b20a92c6db4cc4ea72915e \
- --hash=sha256:9f48b88ca37f0244238b1cc77723989f7c54f7b90b2eee6294390bacfe870acc
+josepy==1.1.0 \
+ --hash=sha256:1309a25aac3caeff5239729c58ff9b583f7d022ffdb1553406ddfc8e5b52b76e \
+ --hash=sha256:fb5c62c77d26e04df29cb5ecd01b9ce69b6fcc9e521eb1ca193b7faa2afa7086
linecache2==1.0.0 \
--hash=sha256:e78be9c0a0dfcbac712fe04fbf92b96cddae80b1b842f24248214c8496f006ef \
--hash=sha256:4b26ff4e7110db76eeb6f5a7b64a82623839d595c2038eeda662f2a2db78e97c
diff --git a/letshelp-certbot/setup.py b/letshelp-certbot/setup.py
index 28ce0e962..3e9e31725 100644
--- a/letshelp-certbot/setup.py
+++ b/letshelp-certbot/setup.py
@@ -35,6 +35,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/setup.py b/setup.py
index 9ef9ec0d2..fc87917fb 100644
--- a/setup.py
+++ b/setup.py
@@ -86,7 +86,7 @@ setup(
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*',
classifiers=[
- 'Development Status :: 3 - Alpha',
+ 'Development Status :: 5 - Production/Stable',
'Environment :: Console',
'Environment :: Console :: Curses',
'Intended Audience :: System Administrators',
@@ -99,6 +99,7 @@ setup(
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
+ 'Programming Language :: Python :: 3.7',
'Topic :: Internet :: WWW/HTTP',
'Topic :: Security',
'Topic :: System :: Installation/Setup',
diff --git a/tests/letstest/multitester.py b/tests/letstest/multitester.py
index 17740cde8..0ae9636d4 100644
--- a/tests/letstest/multitester.py
+++ b/tests/letstest/multitester.py
@@ -128,6 +128,7 @@ def make_instance(instance_name,
userdata=""): #userdata contains bash or cloud-init script
new_instance = EC2.create_instances(
+ BlockDeviceMappings=_get_block_device_mappings(ami_id),
ImageId=ami_id,
SecurityGroups=security_groups,
KeyName=keyname,
@@ -151,38 +152,21 @@ def make_instance(instance_name,
raise
return new_instance
-def terminate_and_clean(instances):
+def _get_block_device_mappings(ami_id):
+ """Returns the list of block device mappings to ensure cleanup.
+
+ This list sets connected EBS volumes to be deleted when the EC2
+ instance is terminated.
+
"""
- Some AMIs specify EBS stores that won't delete on instance termination.
- These must be manually deleted after shutdown.
- """
- volumes_to_delete = []
- for instance in instances:
- for bdmap in instance.block_device_mappings:
- if 'Ebs' in bdmap.keys():
- if not bdmap['Ebs']['DeleteOnTermination']:
- volumes_to_delete.append(bdmap['Ebs']['VolumeId'])
-
- for instance in instances:
- instance.terminate()
-
- # can't delete volumes until all attaching instances are terminated
- _ids = [instance.id for instance in instances]
- all_terminated = False
- while not all_terminated:
- all_terminated = True
- for _id in _ids:
- # necessary to reinit object for boto3 to get true state
- inst = EC2.Instance(id=_id)
- if inst.state['Name'] != 'terminated':
- all_terminated = False
- time.sleep(5)
-
- for vol_id in volumes_to_delete:
- volume = EC2.Volume(id=vol_id)
- volume.delete()
-
- return volumes_to_delete
+ # Not all devices use EBS, but the default value for DeleteOnTermination
+ # when the device does use EBS is true. See:
+ # * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-mapping.html
+ # * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html
+ return [{'DeviceName': mapping['DeviceName'],
+ 'Ebs': {'DeleteOnTermination': True}}
+ for mapping in EC2.Image(ami_id).block_device_mappings
+ if not mapping.get('Ebs', {}).get('DeleteOnTermination', True)]
# Helper Routines
@@ -370,10 +354,11 @@ def test_client_process(inqueue, outqueue):
def cleanup(cl_args, instances, targetlist):
print('Logs in ', LOGDIR)
if not cl_args.saveinstances:
- print('Terminating EC2 Instances and Cleaning Dangling EBS Volumes')
+ print('Terminating EC2 Instances')
if cl_args.killboulder:
boulder_server.terminate()
- terminate_and_clean(instances)
+ for instance in instances:
+ instance.terminate()
else:
# print login information for the boxes for debugging
for ii, target in enumerate(targetlist):
diff --git a/tools/dev_constraints.txt b/tools/dev_constraints.txt
index 777222ffb..5a16b8cba 100644
--- a/tools/dev_constraints.txt
+++ b/tools/dev_constraints.txt
@@ -26,7 +26,7 @@ ipython==5.5.0
ipython-genutils==0.2.0
Jinja2==2.9.6
jmespath==0.9.3
-josepy==1.0.1
+josepy==1.1.0
logger==1.4
logilab-common==1.4.1
MarkupSafe==1.0
@@ -51,7 +51,7 @@ pytest-forked==0.2
pytest-xdist==1.20.1
python-dateutil==2.6.1
python-digitalocean==1.11
-PyYAML==3.12
+PyYAML==3.13
repoze.sphinx.autointerface==0.8
requests-file==1.4.2
requests-toolbelt==0.8.0
diff --git a/tools/release.sh b/tools/release.sh
index 02c7ccca5..880563b4b 100755
--- a/tools/release.sh
+++ b/tools/release.sh
@@ -46,7 +46,7 @@ PORT=${PORT:-1234}
# subpackages to be released (the way developers think about them)
SUBPKGS_IN_AUTO_NO_CERTBOT="acme certbot-apache certbot-nginx"
-SUBPKGS_NOT_IN_AUTO="certbot-dns-cloudflare certbot-dns-cloudxns certbot-dns-digitalocean certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-google certbot-dns-luadns certbot-dns-nsone certbot-dns-rfc2136 certbot-dns-route53"
+SUBPKGS_NOT_IN_AUTO="certbot-dns-cloudflare certbot-dns-cloudxns certbot-dns-digitalocean certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-gehirn certbot-dns-google certbot-dns-linode certbot-dns-luadns certbot-dns-nsone certbot-dns-ovh certbot-dns-rfc2136 certbot-dns-route53 certbot-dns-sakuracloud"
# subpackages to be released (the way the script thinks about them)
SUBPKGS_IN_AUTO="certbot $SUBPKGS_IN_AUTO_NO_CERTBOT"
diff --git a/tools/venv.sh b/tools/venv.sh
index a623ec529..5692f9ebf 100755
--- a/tools/venv.sh
+++ b/tools/venv.sh
@@ -19,11 +19,15 @@ fi
-e certbot-dns-digitalocean \
-e certbot-dns-dnsimple \
-e certbot-dns-dnsmadeeasy \
+ -e certbot-dns-gehirn \
-e certbot-dns-google \
+ -e certbot-dns-linode \
-e certbot-dns-luadns \
-e certbot-dns-nsone \
+ -e certbot-dns-ovh \
-e certbot-dns-rfc2136 \
-e certbot-dns-route53 \
+ -e certbot-dns-sakuracloud \
-e certbot-nginx \
-e certbot-postfix \
-e letshelp-certbot \
diff --git a/tools/venv3.sh b/tools/venv3.sh
index 602118004..07512f370 100755
--- a/tools/venv3.sh
+++ b/tools/venv3.sh
@@ -18,10 +18,15 @@ fi
-e certbot-dns-digitalocean \
-e certbot-dns-dnsimple \
-e certbot-dns-dnsmadeeasy \
+ -e certbot-dns-gehirn \
-e certbot-dns-google \
+ -e certbot-dns-linode \
-e certbot-dns-luadns \
-e certbot-dns-nsone \
+ -e certbot-dns-ovh \
+ -e certbot-dns-rfc2136 \
-e certbot-dns-route53 \
+ -e certbot-dns-sakuracloud \
-e certbot-nginx \
-e certbot-postfix \
-e letshelp-certbot \
diff --git a/tox.cover.sh b/tox.cover.sh
index 4167699d6..6440d1b48 100755
--- a/tox.cover.sh
+++ b/tox.cover.sh
@@ -8,8 +8,10 @@
#
# -e makes sure we fail fast and don't submit coveralls submit
+NUMPROCESSES=${NUMPROCESSES:=auto}
+
if [ "xxx$1" = "xxx" ]; then
- pkgs="certbot acme certbot_apache certbot_dns_cloudflare certbot_dns_cloudxns certbot_dns_digitalocean certbot_dns_dnsimple certbot_dns_dnsmadeeasy certbot_dns_google certbot_dns_luadns certbot_dns_nsone certbot_dns_rfc2136 certbot_dns_route53 certbot_nginx certbot_postfix letshelp_certbot"
+ pkgs="certbot acme certbot_apache certbot_dns_cloudflare certbot_dns_cloudxns certbot_dns_digitalocean certbot_dns_dnsimple certbot_dns_dnsmadeeasy certbot_dns_gehirn certbot_dns_google certbot_dns_linode certbot_dns_luadns certbot_dns_nsone certbot_dns_ovh certbot_dns_rfc2136 certbot_dns_route53 certbot_dns_sakuracloud certbot_nginx certbot_postfix letshelp_certbot"
else
pkgs="$@"
fi
@@ -31,16 +33,24 @@ cover () {
min=98
elif [ "$1" = "certbot_dns_dnsmadeeasy" ]; then
min=99
+ elif [ "$1" = "certbot_dns_gehirn" ]; then
+ min=97
elif [ "$1" = "certbot_dns_google" ]; then
min=99
+ elif [ "$1" = "certbot_dns_linode" ]; then
+ min=98
elif [ "$1" = "certbot_dns_luadns" ]; then
min=98
elif [ "$1" = "certbot_dns_nsone" ]; then
min=99
+ elif [ "$1" = "certbot_dns_ovh" ]; then
+ min=97
elif [ "$1" = "certbot_dns_rfc2136" ]; then
min=99
elif [ "$1" = "certbot_dns_route53" ]; then
min=92
+ elif [ "$1" = "certbot_dns_sakuracloud" ]; then
+ min=97
elif [ "$1" = "certbot_nginx" ]; then
min=97
elif [ "$1" = "certbot_postfix" ]; then
@@ -53,7 +63,7 @@ cover () {
fi
pkg_dir=$(echo "$1" | tr _ -)
- pytest --cov "$pkg_dir" --cov-append --cov-report= --numprocesses auto --pyargs "$1"
+ pytest --cov "$pkg_dir" --cov-append --cov-report= --numprocesses "$NUMPROCESSES" --pyargs "$1"
coverage report --fail-under="$min" --include="$pkg_dir/*" --show-missing
}
diff --git a/tox.ini b/tox.ini
index b44d30449..0676a0da4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -14,32 +14,29 @@ pip_install = {toxinidir}/tools/pip_install_editable.sh
# before the script moves on to the next package. All dependencies are pinned
# to a specific version for increased stability for developers.
install_and_test = {toxinidir}/tools/install_and_test.sh
-python37_compatible_dns_packages =
+dns_packages =
+ certbot-dns-cloudflare \
certbot-dns-cloudxns \
certbot-dns-digitalocean \
certbot-dns-dnsimple \
certbot-dns-dnsmadeeasy \
+ certbot-dns-gehirn \
certbot-dns-google \
+ certbot-dns-linode \
certbot-dns-luadns \
certbot-dns-nsone \
+ certbot-dns-ovh \
certbot-dns-rfc2136 \
- certbot-dns-route53
-dns_packages =
- certbot-dns-cloudflare \
- {[base]python37_compatible_dns_packages}
-nondns_packages =
+ certbot-dns-route53 \
+ certbot-dns-sakuracloud
+all_packages =
acme[dev] \
.[dev] \
certbot-apache \
+ {[base]dns_packages} \
certbot-nginx \
certbot-postfix \
letshelp-certbot
-python37_compatible_packages =
- {[base]nondns_packages} \
- {[base]python37_compatible_dns_packages}
-all_packages =
- {[base]nondns_packages} \
- {[base]dns_packages}
install_packages =
{toxinidir}/tools/pip_install_editable.sh {[base]all_packages}
source_paths =
@@ -52,11 +49,15 @@ source_paths =
certbot-dns-digitalocean/certbot_dns_digitalocean
certbot-dns-dnsimple/certbot_dns_dnsimple
certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy
+ certbot-dns-gehirn/certbot_dns_gehirn
certbot-dns-google/certbot_dns_google
+ certbot-dns-linode/certbot_dns_linode
certbot-dns-luadns/certbot_dns_luadns
certbot-dns-nsone/certbot_dns_nsone
+ certbot-dns-ovh/certbot_dns_ovh
certbot-dns-rfc2136/certbot_dns_rfc2136
certbot-dns-route53/certbot_dns_route53
+ certbot-dns-sakuracloud/certbot_dns_sakuracloud
certbot-nginx/certbot_nginx
certbot-postfix/certbot_postfix
letshelp-certbot/letshelp_certbot
@@ -69,13 +70,6 @@ commands =
setenv =
PYTHONHASHSEED = 0
-[testenv:py37]
-commands =
- {[base]install_and_test} {[base]python37_compatible_packages}
- python tests/lock_test.py
-setenv =
- {[testenv]setenv}
-
[testenv:py27-oldest]
commands =
{[testenv]commands}
@@ -114,6 +108,12 @@ commands =
setenv =
{[testenv:py27-oldest]setenv}
+[testenv:py27-postfix-oldest]
+commands =
+ {[base]install_and_test} certbot-postfix
+setenv =
+ {[testenv:py27-oldest]setenv}
+
[testenv:py27_install]
basepython = python2.7
commands =
@@ -121,6 +121,7 @@ commands =
[testenv:cover]
basepython = python2.7
+passenv = NUMPROCESSES
commands =
{[base]install_packages}
./tox.cover.sh