Keeping my fork up to date.

Merge https://github.com/certbot/certbot

README.rst

@@ -152,11 +152,12 @@ Current Features
 
 * Supports multiple web servers:
 
-  - apache/2.x (working on Debian 8+ and Ubuntu 12.04+)
-  - standalone (runs its own simple webserver to prove you control a domain)
+  - apache/2.x (beta support for auto-configuration)
+  - nginx/0.8.48+ (alpha support for auto-configuration)
   - webroot (adds files to webroot directories in order to prove control of
     domains and obtain certs)
-  - nginx/0.8.48+ (highly experimental, not included in certbot-auto)
+  - standalone (runs its own simple webserver to prove you control a domain)
+  - other server software via `third party plugins <https://certbot.eff.org/docs/using.html#third-party-plugins>`_
 
 * The private key is generated locally on your system.
 * Can talk to the Let's Encrypt CA or optionally to other ACME

certbot-apache/certbot_apache/tests/constants_test.py

@@ -20,25 +20,25 @@ class ConstantsTest(unittest.TestCase):
         self.assertEqual(constants.os_constant("vhost_root"),
                          "/etc/httpd/conf.d")
 
+    @mock.patch("certbot.util.get_systemd_os_like")
     @mock.patch("certbot.util.get_os_info")
-    def test_get_default_value(self, os_info):
+    def test_get_default_values(self, os_info, os_like):
         os_info.return_value = ('Nonexistent Linux', '', '')
+        os_like.return_value = {}
+        self.assertFalse(constants.os_constant("handle_mods"))
+        self.assertEqual(constants.os_constant("server_root"), "/etc/apache2")
         self.assertEqual(constants.os_constant("vhost_root"),
                          "/etc/apache2/sites-available")
 
+    @mock.patch("certbot.util.get_systemd_os_like")
     @mock.patch("certbot.util.get_os_info")
-    def test_get_default_constants(self, os_info):
+    def test_get_darwin_like_values(self, os_info, os_like):
         os_info.return_value = ('Nonexistent Linux', '', '')
-        with mock.patch("certbot.util.get_systemd_os_like") as os_like:
-            # Get defaults
-            os_like.return_value = False
-            c_hm = constants.os_constant("handle_mods")
-            c_sr = constants.os_constant("server_root")
-            self.assertFalse(c_hm)
-            self.assertEqual(c_sr, "/etc/apache2")
-            # Use darwin as like test target
-            os_like.return_value = ["something", "nonexistent", "darwin"]
-            d_vr = constants.os_constant("vhost_root")
-            d_em = constants.os_constant("enmod")
-            self.assertFalse(d_em)
-            self.assertEqual(d_vr, "/etc/apache2/other")
+        os_like.return_value = ["something", "nonexistent", "darwin"]
+        self.assertFalse(constants.os_constant("enmod"))
+        self.assertEqual(constants.os_constant("vhost_root"),
+                         "/etc/apache2/other")
+
+
+if __name__ == "__main__":
+    unittest.main()  # pragma: no cover

certbot-auto

@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
 VENV_NAME="letsencrypt"
 VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
 VENV_BIN="$VENV_PATH/bin"
-LE_AUTO_VERSION="0.9.1"
+LE_AUTO_VERSION="0.9.3"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -761,18 +761,18 @@ letsencrypt==0.7.0 \
 
 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
 
-acme==0.9.1 \
-    --hash=sha256:83e6188d5f149678b77ff3c8f8f94983f3c448490ffa634c7e9f2e93e7351fb0 \
-    --hash=sha256:0effd08d144eedbfeb7dd784e9c8673ef3138cf48d35c8c33a1dd5bee9fd8207
-certbot==0.9.1 \
-    --hash=sha256:88237a4f6d337d40185a644407f9c7adb6eab87c43b8bf56c1edc02ce82a9d81 \
-    --hash=sha256:180354a3e95610ff8ba7f344011f2fcba1186d8efb7b25867266f47048e1e2f7
-certbot-apache==0.9.1 \
-    --hash=sha256:cb9931294d44a1d6d44eaa2e92cb30daf6f2e0f29f6e7f00849709f0dd408b40 \
-    --hash=sha256:1c09a6b4d087748f2aa143b0a7ced321458c3dd7ca70a80674f867b8b0e3cd6c
-certbot-nginx==0.9.1 \
-    --hash=sha256:3bd59a4f63a989eb31c04775107139bf45c2373a6f0b7bea4a3a1362da5c2ae7 \
-    --hash=sha256:22f277846ccf5c8787cac2b35a7897780f05f4022de02d8b4b731c2cd957354c
+acme==0.9.3 \
+    --hash=sha256:d18ce17a75ad24d27981dfaef0524aa905eab757b267e027162b56a8967ab8fb \
+    --hash=sha256:a6eff1f955eb2e4316abd9aa2fedb6d9345e6b5b8a2d64ea0ad35e05d6124099
+certbot==0.9.3 \
+    --hash=sha256:a87ef4c53c018df4e52ee2f2e906ad16bbb37789f29e6f284c495a2eb4d9b243 \
+    --hash=sha256:68149cb8392b29f5d5246e7226d25f913f2b10482bf3bc7368e8c8821d25f3b0
+certbot-apache==0.9.3 \
+    --hash=sha256:f379b1053e10709692654d7a6fcea9eaed19b66c49a753b61e31bd06a04b0aac \
+    --hash=sha256:a5d98cf972072de08f984db4e6a7f20269f3f023c43f6d4e781fe43be7c10086
+certbot-nginx==0.9.3 \
+    --hash=sha256:3c26f18f0b57550f069263bd9b2984ef33eab6693e7796611c1b2cc16574069c \
+    --hash=sha256:7337a2e90e0b28a1ab09e31d9fb81c6d78e6453500c824c0f18bab5d31b63058
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------

certbot-nginx/certbot_nginx/obj.py

@@ -69,7 +69,8 @@ class Addr(common.Addr):
 
         return cls(host, port, ssl, default)
 
-    def __str__(self):
+    def to_string(self, include_default=True):
+        """Return string representation of Addr"""
         parts = ''
         if self.tup[0] and self.tup[1]:
             parts = "%s:%s" % self.tup
@@ -78,13 +79,16 @@ class Addr(common.Addr):
         else:
             parts = self.tup[1]
 
-        if self.default:
+        if self.default and include_default:
             parts += ' default_server'
         if self.ssl:
             parts += ' ssl'
 
         return parts
 
+    def __str__(self):
+        return self.to_string()
+
     def __repr__(self):
         return "Addr(" + self.__str__() + ")"
 

certbot-nginx/certbot_nginx/tests/configurator_test.py

@@ -40,7 +40,7 @@ class NginxConfiguratorTest(util.NginxTest):
 
     def test_prepare(self):
         self.assertEqual((1, 6, 2), self.config.version)
-        self.assertEqual(6, len(self.config.parser.parsed))
+        self.assertEqual(7, len(self.config.parser.parsed))
         # ensure we successfully parsed a file for ssl_options
         self.assertTrue(self.config.parser.loc["ssl_options"])
 
@@ -68,7 +68,7 @@ class NginxConfiguratorTest(util.NginxTest):
         names = self.config.get_all_names()
         self.assertEqual(names, set(
             ["155.225.50.69.nephoscale.net", "www.example.org", "another.alias",
-             "migration.com", "summer.com", "geese.com"]))
+             "migration.com", "summer.com", "geese.com", "sslon.com"]))
 
     def test_supported_enhancements(self):
         self.assertEqual(['redirect', 'staple-ocsp'],
@@ -242,6 +242,7 @@ class NginxConfiguratorTest(util.NginxTest):
         nginx_conf = self.config.parser.abs_path('nginx.conf')
         example_conf = self.config.parser.abs_path('sites-enabled/example.com')
         migration_conf = self.config.parser.abs_path('sites-enabled/migration.com')
+        sslon_conf = self.config.parser.abs_path('sites-enabled/sslon.com')
 
         # Get the default SSL vhost
         self.config.deploy_cert(
@@ -269,6 +270,7 @@ class NginxConfiguratorTest(util.NginxTest):
             ('example/fullchain.pem', 'example/key.pem', example_conf),
             ('/etc/nginx/fullchain.pem', '/etc/nginx/key.pem', nginx_conf),
             ('migration/fullchain.pem', 'migration/key.pem', migration_conf),
+            ('snakeoil.cert', 'snakeoil.key', sslon_conf),
         ]), self.config.get_all_certs_keys())
 
     @mock.patch("certbot_nginx.configurator.tls_sni_01.NginxTlsSni01.perform")

certbot-nginx/certbot_nginx/tests/obj_test.py

@@ -55,6 +55,16 @@ class AddrTest(unittest.TestCase):
         self.assertEqual(str(self.addr5), "myhost")
         self.assertEqual(str(self.addr6), "80 default_server")
 
+    def test_to_string(self):
+        self.assertEqual(self.addr1.to_string(), "192.168.1.1")
+        self.assertEqual(self.addr2.to_string(), "192.168.1.1:* ssl")
+        self.assertEqual(self.addr3.to_string(), "192.168.1.1:80")
+        self.assertEqual(self.addr4.to_string(), "*:80 default_server ssl")
+        self.assertEqual(self.addr4.to_string(include_default=False), "*:80 ssl")
+        self.assertEqual(self.addr5.to_string(), "myhost")
+        self.assertEqual(self.addr6.to_string(), "80 default_server")
+        self.assertEqual(self.addr6.to_string(include_default=False), "80")
+
     def test_eq(self):
         from certbot_nginx.obj import Addr
         new_addr1 = Addr.fromstring("192.168.1.1 spdy")

certbot-nginx/certbot_nginx/tests/parser_test.py

@@ -48,7 +48,8 @@ class NginxParserTest(util.NginxTest):
                               ['foo.conf', 'nginx.conf', 'server.conf',
                                'sites-enabled/default',
                                'sites-enabled/example.com',
-                               'sites-enabled/migration.com']]),
+                               'sites-enabled/migration.com',
+                               'sites-enabled/sslon.com']]),
                          set(nparser.parsed.keys()))
         self.assertEqual([['server_name', 'somename  alias  another.alias']],
                          nparser.parsed[nparser.abs_path('server.conf')])
@@ -72,7 +73,7 @@ class NginxParserTest(util.NginxTest):
         parsed = nparser._parse_files(nparser.abs_path(
             'sites-enabled/example.com.test'))
         self.assertEqual(3, len(glob.glob(nparser.abs_path('*.test'))))
-        self.assertEqual(3, len(
+        self.assertEqual(4, len(
             glob.glob(nparser.abs_path('sites-enabled/*.test'))))
         self.assertEqual([[['server'], [['listen', '69.50.225.155:9000'],
                                         ['listen', '127.0.0.1'],
@@ -136,7 +137,7 @@ class NginxParserTest(util.NginxTest):
                                                   '*.www.example.com']),
                                  [], [2, 1, 0])
 
-        self.assertEqual(7, len(vhosts))
+        self.assertEqual(8, len(vhosts))
         example_com = [x for x in vhosts if 'example.com' in x.filep][0]
         self.assertEqual(vhost3, example_com)
         default = [x for x in vhosts if 'default' in x.filep][0]
@@ -304,8 +305,10 @@ class NginxParserTest(util.NginxTest):
                                       replace=False)
         c_k = nparser.get_all_certs_keys()
         migration_file = nparser.abs_path('sites-enabled/migration.com')
+        sslon_file = nparser.abs_path('sites-enabled/sslon.com')
         self.assertEqual(set([('foo.pem', 'bar.key', filep),
-                              ('cert.pem', 'cert.key', migration_file)
+                              ('cert.pem', 'cert.key', migration_file),
+                              ('snakeoil.cert', 'snakeoil.key', sslon_file)
                              ]), c_k)
 
     def test_parse_server_ssl(self):

certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com

@@ -0,0 +1,6 @@
+server {
+	server_name sslon.com;
+	ssl on;
+	ssl_certificate snakeoil.cert;
+	ssl_certificate_key snakeoil.key;
+}

certbot-nginx/certbot_nginx/tests/tls_sni_01_test.py

@@ -39,6 +39,10 @@ class TlsSniPerformTest(util.NginxTest):
                           "\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4"
                 ), "pending"),
             domain="www.example.org", account_key=account_key),
+        achallenges.KeyAuthorizationAnnotatedChallenge(
+            challb=acme_util.chall_to_challb(
+                challenges.TLSSNI01(token="kNdwjxOeX0I_A8DXt9Msmg"), "pending"),
+            domain="sslon.com", account_key=account_key),
     ]
 
     def setUp(self):
@@ -100,7 +104,7 @@ class TlsSniPerformTest(util.NginxTest):
 
         sni_responses = self.sni.perform()
 
-        self.assertEqual(mock_setup_cert.call_count, 3)
+        self.assertEqual(mock_setup_cert.call_count, 4)
 
         for index, achall in enumerate(self.achalls):
             self.assertEqual(
@@ -112,8 +116,8 @@ class TlsSniPerformTest(util.NginxTest):
         self.assertFalse(
             util.contains_at_depth(http, ['server_name', 'another.alias'], 3))
 
-        self.assertEqual(len(sni_responses), 3)
-        for i in xrange(3):
+        self.assertEqual(len(sni_responses), 4)
+        for i in xrange(4):
             self.assertEqual(sni_responses[i], acme_responses[i])
 
     def test_mod_config(self):
@@ -123,6 +127,7 @@ class TlsSniPerformTest(util.NginxTest):
         v_addr1 = [obj.Addr("69.50.225.155", "9000", True, False),
                    obj.Addr("127.0.0.1", "", False, False)]
         v_addr2 = [obj.Addr("myhost", "", False, True)]
+        v_addr2_print = [obj.Addr("myhost", "", False, False)]
         ll_addr = [v_addr1, v_addr2]
         self.sni._mod_config(ll_addr)  # pylint: disable=protected-access
 
@@ -142,7 +147,7 @@ class TlsSniPerformTest(util.NginxTest):
                 response = self.achalls[0].response(self.account_key)
             else:
                 response = self.achalls[2].response(self.account_key)
-                self.assertEqual(vhost.addrs, set(v_addr2))
+                self.assertEqual(vhost.addrs, set(v_addr2_print))
             self.assertEqual(vhost.names, set([response.z_domain]))
 
         self.assertEqual(len(vhs), 2)

certbot-nginx/certbot_nginx/tls_sni_01.py

@@ -47,7 +47,7 @@ class NginxTlsSni01(common.TLSSNI01):
             return []
 
         addresses = []
-        default_addr = "{0} default_server ssl".format(
+        default_addr = "{0} ssl".format(
             self.configurator.config.tls_sni_01_port)
 
         for achall in self.achalls:
@@ -59,12 +59,10 @@ class NginxTlsSni01(common.TLSSNI01):
                     achall.domain)
                 return None
 
-            for addr in vhost.addrs:
-                if addr.default:
-                    addresses.append([obj.Addr.fromstring(default_addr)])
-                    break
-            else:
+            if vhost.addrs:
                 addresses.append(list(vhost.addrs))
+            else:
+                addresses.append([obj.Addr.fromstring(default_addr)])
 
         # Create challenge certs
         responses = [self._setup_challenge_cert(x) for x in self.achalls]
@@ -141,7 +139,7 @@ class NginxTlsSni01(common.TLSSNI01):
         document_root = os.path.join(
             self.configurator.config.work_dir, "tls_sni_01_page")
 
-        block = [['listen', ' ', str(addr)] for addr in addrs]
+        block = [['listen', ' ', addr.to_string(include_default=False)] for addr in addrs]
 
         block.extend([['server_name', ' ',
                        achall.response(achall.account_key).z_domain],
@@ -155,5 +153,4 @@ class NginxTlsSni01(common.TLSSNI01):
                       ['ssl_certificate_key', ' ', self.get_key_path(achall)],
                       [['location', ' ', '/'], [['root', ' ', document_root]]]] +
                      self.configurator.parser.loc["ssl_options"])
-
         return [['server'], block]

certbot/display/ops.py

@@ -29,7 +29,7 @@ def get_email(invalid=False, optional=True):
 
     """
     invalid_prefix = "There seem to be problems with that address. "
-    msg = "Enter email address (used for urgent notices and lost key recovery)"
+    msg = "Enter email address (used for urgent renewal and security notices)"
     unsafe_suggestion = ("\n\nIf you really want to skip this, you can run "
                          "the client with --register-unsafely-without-email "
                          "but make sure you then backup your account key from "

certbot/plugins/util.py

@@ -91,6 +91,7 @@ def already_listening_socket(port, renewer=False):
 
     try:
         testsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+        testsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
         try:
             testsocket.bind(("", port))
         except socket.error:
@@ -129,8 +130,7 @@ def already_listening_psutil(port, renewer=False):
         return False
 
     listeners = [conn.pid for conn in net_connections
-                 if (conn.status == 'LISTEN' or
-                 conn.status == 'TIME_WAIT') and
+                 if conn.status == 'LISTEN' and
                  conn.type == socket.SOCK_STREAM and
                  conn.laddr[1] == port]
     try:

certbot/tests/cli_test.py

@@ -346,11 +346,12 @@ class CLITest(unittest.TestCase):  # pylint: disable=too-many-public-methods
         except errors.PluginSelectionError as e:
             self.assertTrue('The requested bad_auth plugin does not appear' in str(e))
 
+    def test_punycode_ok(self):
+        # Punycode is now legal, so no longer an error; instead check
+        # that it's _not_ an error (at the initial sanity check stage)
+        util.enforce_domain_sanity('this.is.xn--ls8h.tld')
+
     def test_check_config_sanity_domain(self):
-        # Punycode
-        self.assertRaises(errors.ConfigurationError,
-                          self._call,
-                          ['-d', 'this.is.xn--ls8h.tld'])
         # FQDN
         self.assertRaises(errors.ConfigurationError,
                           self._call,

certbot/tests/display/ops_test.py

@@ -244,8 +244,8 @@ class ChooseNamesTest(unittest.TestCase):
         all_valid = ["example.com", "second.example.com",
                      "also.example.com", "under_score.example.com",
                      "justtld"]
-        all_invalid = ["xn--ls8h.tld", "*.wildcard.com", "uniçodé.com"]
-        two_valid = ["example.com", "xn--ls8h.tld", "also.example.com"]
+        all_invalid = ["öóòps.net", "*.wildcard.com", "uniçodé.com"]
+        two_valid = ["example.com", "úniçøde.com", "also.example.com"]
         self.assertEqual(get_valid_domains(all_valid), all_valid)
         self.assertEqual(get_valid_domains(all_invalid), [])
         self.assertEqual(len(get_valid_domains(two_valid)), 2)
@@ -266,10 +266,6 @@ class ChooseNamesTest(unittest.TestCase):
             unicode_error = UnicodeEncodeError('mock', u'', 0, 1, 'mock')
             mock_sli.side_effect = unicode_error
             self.assertEqual(_choose_names_manually(), [])
-        # Punycode and no retry
-        mock_util().input.return_value = (display_util.OK,
-                                          "xn--ls8h.tld")
-        self.assertEqual(_choose_names_manually(), [])
         # Valid domains
         mock_util().input.return_value = (display_util.OK,
                                           ("example.com,"

certbot/util.py

@@ -437,19 +437,13 @@ def enforce_domain_sanity(domain):
     """
     if isinstance(domain, six.text_type):
         wildcard_marker = u"*."
-        punycode_marker = u"xn--"
     else:
         wildcard_marker = b"*."
-        punycode_marker = b"xn--"
 
     # Check if there's a wildcard domain
     if domain.startswith(wildcard_marker):
         raise errors.ConfigurationError(
             "Wildcard domains are not supported: {0}".format(domain))
-    # Punycode
-    if punycode_marker in domain:
-        raise errors.ConfigurationError(
-            "Punycode domains are not presently supported: {0}".format(domain))
 
     # Unicode
     try:

docs/cli-help.txt

@@ -307,6 +307,15 @@ plugins:
   --webroot             Obtain certs by placing files in a webroot directory.
                         (default: False)
 
+nginx:
+  Nginx Web Server plugin - Alpha
+
+  --nginx-server-root NGINX_SERVER_ROOT
+                        Nginx server root directory. (default: /etc/nginx)
+  --nginx-ctl NGINX_CTL
+                        Path to the 'nginx' binary, used for 'configtest' and
+                        retrieving nginx version number. (default: nginx)
+
 standalone:
   Spin up a temporary webserver
 
@@ -319,15 +328,6 @@ manual:
                         Automatically allows public IP logging. (default:
                         False)
 
-nginx:
-  Nginx Web Server plugin - Alpha
-
-  --nginx-server-root NGINX_SERVER_ROOT
-                        Nginx server root directory. (default: /etc/nginx)
-  --nginx-ctl NGINX_CTL
-                        Path to the 'nginx' binary, used for 'configtest' and
-                        retrieving nginx version number. (default: nginx)
-
 webroot:
   Place files in webroot directory
 

docs/using.rst

@@ -54,7 +54,7 @@ The ``certbot`` script on your web server might be named ``letsencrypt`` if your
 Other installation methods
 --------------------------
 If you are offline or your operating system doesn't provide a package, you can use
-an alternate method fo install ``certbot``.
+an alternate method for installing ``certbot``.
 
 Certbot-Auto
 ^^^^^^^^^^^^

letsencrypt-auto

@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
 VENV_NAME="letsencrypt"
 VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
 VENV_BIN="$VENV_PATH/bin"
-LE_AUTO_VERSION="0.9.1"
+LE_AUTO_VERSION="0.9.3"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -761,18 +761,18 @@ letsencrypt==0.7.0 \
 
 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
 
-acme==0.9.1 \
-    --hash=sha256:83e6188d5f149678b77ff3c8f8f94983f3c448490ffa634c7e9f2e93e7351fb0 \
-    --hash=sha256:0effd08d144eedbfeb7dd784e9c8673ef3138cf48d35c8c33a1dd5bee9fd8207
-certbot==0.9.1 \
-    --hash=sha256:88237a4f6d337d40185a644407f9c7adb6eab87c43b8bf56c1edc02ce82a9d81 \
-    --hash=sha256:180354a3e95610ff8ba7f344011f2fcba1186d8efb7b25867266f47048e1e2f7
-certbot-apache==0.9.1 \
-    --hash=sha256:cb9931294d44a1d6d44eaa2e92cb30daf6f2e0f29f6e7f00849709f0dd408b40 \
-    --hash=sha256:1c09a6b4d087748f2aa143b0a7ced321458c3dd7ca70a80674f867b8b0e3cd6c
-certbot-nginx==0.9.1 \
-    --hash=sha256:3bd59a4f63a989eb31c04775107139bf45c2373a6f0b7bea4a3a1362da5c2ae7 \
-    --hash=sha256:22f277846ccf5c8787cac2b35a7897780f05f4022de02d8b4b731c2cd957354c
+acme==0.9.3 \
+    --hash=sha256:d18ce17a75ad24d27981dfaef0524aa905eab757b267e027162b56a8967ab8fb \
+    --hash=sha256:a6eff1f955eb2e4316abd9aa2fedb6d9345e6b5b8a2d64ea0ad35e05d6124099
+certbot==0.9.3 \
+    --hash=sha256:a87ef4c53c018df4e52ee2f2e906ad16bbb37789f29e6f284c495a2eb4d9b243 \
+    --hash=sha256:68149cb8392b29f5d5246e7226d25f913f2b10482bf3bc7368e8c8821d25f3b0
+certbot-apache==0.9.3 \
+    --hash=sha256:f379b1053e10709692654d7a6fcea9eaed19b66c49a753b61e31bd06a04b0aac \
+    --hash=sha256:a5d98cf972072de08f984db4e6a7f20269f3f023c43f6d4e781fe43be7c10086
+certbot-nginx==0.9.3 \
+    --hash=sha256:3c26f18f0b57550f069263bd9b2984ef33eab6693e7796611c1b2cc16574069c \
+    --hash=sha256:7337a2e90e0b28a1ab09e31d9fb81c6d78e6453500c824c0f18bab5d31b63058
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------

letsencrypt-auto-source/certbot-auto.asc

@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
-iQEcBAABAgAGBQJX9shpAAoJEE0XyZXNl3XyeAUH/0928PysUZlLCQRpw3GPJnr0
-WgE1duULRfDKOdyoj8cIABEcxyK+rASyBju57Hx80Zuai9x4XSHJK7k9BXrZrU5k
-KHZWbaNOKLN+C7/HTSOqGwalGTLglRJLZMwcj4rs8jtftg6GiWXvtnWuwqoiZJe4
-sCdddm2gu4D2VLp/QpBU6Gepuls4PmtB7SzwRUC6SAkWf5ntwJ4mq65bwKLcTPaZ
-oRKoswo+eyiosH2SVVgiyAz7U96t2gxfK2pNoTdCUQGjuRaD6P2yBCdJA5h4L2l2
-W+/31zJpw/TgFErWpNuNYYoMh8cswaWXDNMUscsuduQ9KPLhSHQQ9JZ5f4w+9PM=
-=Zhq9
+iQEcBAABAgAGBQJYADL6AAoJEE0XyZXNl3XyZW8H/RgPxga4SZ8VoMGGOpzYGzaD
+C/VW6IZeHjD7urkAjfSiMMStkYKlZMGcT/3Pw1L39wIX/37jqQTTh01JL+TcqRMJ
+AUHmSgrErjUU42YV68u2c/wT9Dsid+OxpP/WSbJn5MomWtvGpFxffc/FK/W8ccFR
+r6ZhAt2rgkBmYjrC6w8V9KTzhp4+n7ZpQPxuMFxpJhyTmMzgj9K+aI2OuKDKT7iO
+nke74Lgx/xPatLDgygw5bRiFyZ+X65p/awalEXBcFW0zmlN2Fqp8om8UjtUtkVw9
+ixr9/kq9VhcHjho9cmKWl14IShbcxZZc60xL2y6gmkgoBpzVlHfvRNnxapodTsc=
+=jULW
 -----END PGP SIGNATURE-----

letsencrypt-auto-source/letsencrypt-auto

@@ -761,18 +761,18 @@ letsencrypt==0.7.0 \
 
 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
 
-acme==0.9.1 \
-    --hash=sha256:83e6188d5f149678b77ff3c8f8f94983f3c448490ffa634c7e9f2e93e7351fb0 \
-    --hash=sha256:0effd08d144eedbfeb7dd784e9c8673ef3138cf48d35c8c33a1dd5bee9fd8207
-certbot==0.9.1 \
-    --hash=sha256:88237a4f6d337d40185a644407f9c7adb6eab87c43b8bf56c1edc02ce82a9d81 \
-    --hash=sha256:180354a3e95610ff8ba7f344011f2fcba1186d8efb7b25867266f47048e1e2f7
-certbot-apache==0.9.1 \
-    --hash=sha256:cb9931294d44a1d6d44eaa2e92cb30daf6f2e0f29f6e7f00849709f0dd408b40 \
-    --hash=sha256:1c09a6b4d087748f2aa143b0a7ced321458c3dd7ca70a80674f867b8b0e3cd6c
-certbot-nginx==0.9.1 \
-    --hash=sha256:3bd59a4f63a989eb31c04775107139bf45c2373a6f0b7bea4a3a1362da5c2ae7 \
-    --hash=sha256:22f277846ccf5c8787cac2b35a7897780f05f4022de02d8b4b731c2cd957354c
+acme==0.9.3 \
+    --hash=sha256:d18ce17a75ad24d27981dfaef0524aa905eab757b267e027162b56a8967ab8fb \
+    --hash=sha256:a6eff1f955eb2e4316abd9aa2fedb6d9345e6b5b8a2d64ea0ad35e05d6124099
+certbot==0.9.3 \
+    --hash=sha256:a87ef4c53c018df4e52ee2f2e906ad16bbb37789f29e6f284c495a2eb4d9b243 \
+    --hash=sha256:68149cb8392b29f5d5246e7226d25f913f2b10482bf3bc7368e8c8821d25f3b0
+certbot-apache==0.9.3 \
+    --hash=sha256:f379b1053e10709692654d7a6fcea9eaed19b66c49a753b61e31bd06a04b0aac \
+    --hash=sha256:a5d98cf972072de08f984db4e6a7f20269f3f023c43f6d4e781fe43be7c10086
+certbot-nginx==0.9.3 \
+    --hash=sha256:3c26f18f0b57550f069263bd9b2984ef33eab6693e7796611c1b2cc16574069c \
+    --hash=sha256:7337a2e90e0b28a1ab09e31d9fb81c6d78e6453500c824c0f18bab5d31b63058
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------

letsencrypt-auto-source/pieces/letsencrypt-auto-requirements.txt

@@ -170,15 +170,15 @@ letsencrypt==0.7.0 \
 
 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
 
-acme==0.9.1 \
-    --hash=sha256:83e6188d5f149678b77ff3c8f8f94983f3c448490ffa634c7e9f2e93e7351fb0 \
-    --hash=sha256:0effd08d144eedbfeb7dd784e9c8673ef3138cf48d35c8c33a1dd5bee9fd8207
-certbot==0.9.1 \
-    --hash=sha256:88237a4f6d337d40185a644407f9c7adb6eab87c43b8bf56c1edc02ce82a9d81 \
-    --hash=sha256:180354a3e95610ff8ba7f344011f2fcba1186d8efb7b25867266f47048e1e2f7
-certbot-apache==0.9.1 \
-    --hash=sha256:cb9931294d44a1d6d44eaa2e92cb30daf6f2e0f29f6e7f00849709f0dd408b40 \
-    --hash=sha256:1c09a6b4d087748f2aa143b0a7ced321458c3dd7ca70a80674f867b8b0e3cd6c
-certbot-nginx==0.9.1 \
-    --hash=sha256:3bd59a4f63a989eb31c04775107139bf45c2373a6f0b7bea4a3a1362da5c2ae7 \
-    --hash=sha256:22f277846ccf5c8787cac2b35a7897780f05f4022de02d8b4b731c2cd957354c
+acme==0.9.3 \
+    --hash=sha256:d18ce17a75ad24d27981dfaef0524aa905eab757b267e027162b56a8967ab8fb \
+    --hash=sha256:a6eff1f955eb2e4316abd9aa2fedb6d9345e6b5b8a2d64ea0ad35e05d6124099
+certbot==0.9.3 \
+    --hash=sha256:a87ef4c53c018df4e52ee2f2e906ad16bbb37789f29e6f284c495a2eb4d9b243 \
+    --hash=sha256:68149cb8392b29f5d5246e7226d25f913f2b10482bf3bc7368e8c8821d25f3b0
+certbot-apache==0.9.3 \
+    --hash=sha256:f379b1053e10709692654d7a6fcea9eaed19b66c49a753b61e31bd06a04b0aac \
+    --hash=sha256:a5d98cf972072de08f984db4e6a7f20269f3f023c43f6d4e781fe43be7c10086
+certbot-nginx==0.9.3 \
+    --hash=sha256:3c26f18f0b57550f069263bd9b2984ef33eab6693e7796611c1b2cc16574069c \
+    --hash=sha256:7337a2e90e0b28a1ab09e31d9fb81c6d78e6453500c824c0f18bab5d31b63058

tests/letstest/scripts/test_tests.sh

@@ -0,0 +1,17 @@
+#!/bin/sh -xe
+
+MODULES="acme certbot certbot_apache certbot_nginx"
+VENV_NAME=venv
+
+# *-auto respects VENV_PATH
+VENV_PATH=$VENV_NAME letsencrypt/certbot-auto --debug --non-interactive --version
+. $VENV_NAME/bin/activate
+
+# change to an empty directory to ensure CWD doesn't affect tests
+cd $(mktemp -d)
+pip install nose
+
+for module in $MODULES ; do
+    echo testing $module
+    nosetests -v $module
+done