Merge pull request #7044 from certbot/candidate-0.34.2

Candidate 0.34.2

CHANGELOG.md

@@ -14,8 +14,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 ### Fixed
 
-* certbot-auto no longer writes a check_permissions.py script at the root
-  of the filesystem.
+*
 
 Despite us having broken lockstep, we are continuing to release new versions of
 all Certbot components during releases for the time being, however, the only
@@ -25,6 +24,19 @@ package with changes other than its version number was:
 
 More details about these changes can be found on our GitHub repo.
 
+## 0.34.2 - 2019-05-07
+
+### Fixed
+
+* certbot-auto no longer writes a check_permissions.py script at the root
+  of the filesystem.
+
+Despite us having broken lockstep, we are continuing to release new versions of
+all Certbot components during releases for the time being, however, the only
+changes in this release were to certbot-auto.
+
+More details about these changes can be found on our GitHub repo.
+
 ## 0.34.1 - 2019-05-06
 
 ### Fixed

certbot-auto

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.34.1"
+LE_AUTO_VERSION="0.34.2"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -953,6 +953,95 @@ if __name__ == '__main__':
 UNLIKELY_EOF
 }
 
+# Check that the given PATH_TO_CHECK has secured permissions.
+# Parameters: LE_PYTHON, PATH_TO_CHECK
+CheckPathPermissions() {
+    "$1" - "$2" << "UNLIKELY_EOF"
+"""Verifies certbot-auto cannot be modified by unprivileged users.
+
+This script takes the path to certbot-auto as its only command line
+argument.  It then checks that the file can only be modified by uid/gid
+< 1000 and if other users can modify the file, it prints a warning with
+a suggestion on how to solve the problem.
+
+Permissions on symlinks in the absolute path of certbot-auto are ignored
+and only the canonical path to certbot-auto is checked. There could be
+permissions problems due to the symlinks that are unreported by this
+script, however, issues like this were not caused by our documentation
+and are ignored for the sake of simplicity.
+
+All warnings are printed to stdout rather than stderr so all stderr
+output from this script can be suppressed to avoid printing messages if
+this script fails for some reason.
+
+"""
+from __future__ import print_function
+
+import os
+import stat
+import sys
+
+
+FORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'
+
+
+def has_safe_permissions(path):
+    """Returns True if the given path has secure permissions.
+
+    The permissions are considered safe if the file is only writable by
+    uid/gid < 1000.
+
+    The reason we allow more IDs than 0 is because on some systems such
+    as Debian, system users/groups other than uid/gid 0 are used for the
+    path we recommend in our instructions which is /usr/local/bin.  1000
+    was chosen because on Debian 0-999 is reserved for system IDs[1] and
+    on RHEL either 0-499 or 0-999 is reserved depending on the
+    version[2][3]. Due to these differences across different OSes, this
+    detection isn't perfect so we only determine permissions are
+    insecure when we can be reasonably confident there is a problem
+    regardless of the underlying OS.
+
+    [1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
+    [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups
+    [3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
+
+    :param str path: filesystem path to check
+    :returns: True if the path has secure permissions, otherwise, False
+    :rtype: bool
+
+    """
+    # os.stat follows symlinks before obtaining information about a file.
+    stat_result = os.stat(path)
+    if stat_result.st_mode & stat.S_IWOTH:
+        return False
+    if stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:
+        return False
+    if stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:
+        return False
+    return True
+
+
+def main(certbot_auto_path):
+    current_path = os.path.realpath(certbot_auto_path)
+    last_path = None
+    permissions_ok = True
+    # This loop makes use of the fact that os.path.dirname('/') == '/'.
+    while current_path != last_path and permissions_ok:
+        permissions_ok = has_safe_permissions(current_path)
+        last_path = current_path
+        current_path = os.path.dirname(current_path)
+
+    if not permissions_ok:
+        print('{0} has insecure permissions!'.format(certbot_auto_path))
+        print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))
+
+
+if __name__ == '__main__':
+    main(sys.argv[1])
+
+UNLIKELY_EOF
+}
+
 if [ "$1" = "--le-auto-phase2" ]; then
   # Phase 2: Create venv, install LE, and run.
 
@@ -1225,18 +1314,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.34.1 \
-    --hash=sha256:84b0990e9a0d1390f80467af4b29b6f65b80f6ed3b2b32aae6baba9d968e957f \
-    --hash=sha256:464f49371ed308aa17356a7152167defc342b67a8bbf8f4b8d9019788f6d4b52
-acme==0.34.1 \
-    --hash=sha256:6b989576dee7b57c25e391cbe93f817961cd9307aca1c429fe9fa36c1c3c95d3 \
-    --hash=sha256:7bdbdbfcec5c05834e91a2d950e964654401e0112a27afd34f5f03a5cadf23f1
-certbot-apache==0.34.1 \
-    --hash=sha256:a199202d212492fca92939e8424a1b312b0959843dd46c673888275407bb341d \
-    --hash=sha256:6223e61eb83ade317693e8542b480fc5ef9cd67fc54f8137a5ac13f0f75c62f7
-certbot-nginx==0.34.1 \
-    --hash=sha256:c115f5f3d47aacaa67790e5628148b0074b57d0e538cf0118231e832bc410e52 \
-    --hash=sha256:b92f457afa1a1c7596c2d22a6863b5917376677746996da73faa2b4e56692576
+certbot==0.34.2 \
+    --hash=sha256:238bb1c100d0d17f0bda147387435c307e128b2f1a8339eb85cef7fb99909cb9 \
+    --hash=sha256:30732ddcb10ccd8b8410c515a76ae0429ad907130b8bf8caa58b73826d0ec9bb
+acme==0.34.2 \
+    --hash=sha256:f2b3cec09270499211fa54e588571bac67a015d375a4806c6c23431c91fdf7e3 \
+    --hash=sha256:bd5b0dfcbca82a2be6fe12e7c7939721d6b3dacb7d8529ba519b56274060dc2a
+certbot-apache==0.34.2 \
+    --hash=sha256:c9cbbc2499084361a741f865a6f9af717296d5b0fec5fdd45819df2a56014a63 \
+    --hash=sha256:74c302b2099c9906dd4783cd57f546393235902dcc179302a2da280d83e72b96
+certbot-nginx==0.34.2 \
+    --hash=sha256:4883f638e703b8fbab0ec15df6d9f0ebbb3cd81e221521b65ca27cdc9e9d070d \
+    --hash=sha256:13d58e40097f6b36e323752c146dc90d06120dc69a313e141476e0bc1a74ee17
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------
@@ -1505,96 +1594,10 @@ else
   # Don't warn about file permissions if the user disabled the check or we
   # can't find an up-to-date Python.
   if [ "$PYVER" -ge "$MIN_PYVER" -a "$NO_PERMISSIONS_CHECK" != 1 ]; then
-    # ---------------------------------------------------------------------------
-    cat << "UNLIKELY_EOF" > "$TEMP_DIR/check_permissions.py"
-"""Verifies certbot-auto cannot be modified by unprivileged users.
-
-This script takes the path to certbot-auto as its only command line
-argument.  It then checks that the file can only be modified by uid/gid
-< 1000 and if other users can modify the file, it prints a warning with
-a suggestion on how to solve the problem.
-
-Permissions on symlinks in the absolute path of certbot-auto are ignored
-and only the canonical path to certbot-auto is checked. There could be
-permissions problems due to the symlinks that are unreported by this
-script, however, issues like this were not caused by our documentation
-and are ignored for the sake of simplicity.
-
-All warnings are printed to stdout rather than stderr so all stderr
-output from this script can be suppressed to avoid printing messages if
-this script fails for some reason.
-
-"""
-from __future__ import print_function
-
-import os
-import stat
-import sys
-
-
-FORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'
-
-
-def has_safe_permissions(path):
-    """Returns True if the given path has secure permissions.
-
-    The permissions are considered safe if the file is only writable by
-    uid/gid < 1000.
-
-    The reason we allow more IDs than 0 is because on some systems such
-    as Debian, system users/groups other than uid/gid 0 are used for the
-    path we recommend in our instructions which is /usr/local/bin.  1000
-    was chosen because on Debian 0-999 is reserved for system IDs[1] and
-    on RHEL either 0-499 or 0-999 is reserved depending on the
-    version[2][3]. Due to these differences across different OSes, this
-    detection isn't perfect so we only determine permissions are
-    insecure when we can be reasonably confident there is a problem
-    regardless of the underlying OS.
-
-    [1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
-    [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups
-    [3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
-
-    :param str path: filesystem path to check
-    :returns: True if the path has secure permissions, otherwise, False
-    :rtype: bool
-
-    """
-    # os.stat follows symlinks before obtaining information about a file.
-    stat_result = os.stat(path)
-    if stat_result.st_mode & stat.S_IWOTH:
-        return False
-    if stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:
-        return False
-    if stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:
-        return False
-    return True
-
-
-def main(certbot_auto_path):
-    current_path = os.path.realpath(certbot_auto_path)
-    last_path = None
-    permissions_ok = True
-    # This loop makes use of the fact that os.path.dirname('/') == '/'.
-    while current_path != last_path and permissions_ok:
-        permissions_ok = has_safe_permissions(current_path)
-        last_path = current_path
-        current_path = os.path.dirname(current_path)
-
-    if not permissions_ok:
-        print('{0} has insecure permissions!'.format(certbot_auto_path))
-        print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))
-
-
-if __name__ == '__main__':
-    main(sys.argv[1])
-
-UNLIKELY_EOF
-    # ---------------------------------------------------------------------------
     # If the script fails for some reason, don't break certbot-auto.
     set +e
     # Suppress unexpected error output.
-    CHECK_PERM_OUT=$("$LE_PYTHON" "$TEMP_DIR/check_permissions.py" "$0" 2>/dev/null)
+    CHECK_PERM_OUT=$(CheckPathPermissions "$LE_PYTHON" "$0" 2>/dev/null)
     CHECK_PERM_STATUS="$?"
     set -e
     # Only print output if the script ran successfully and it actually produced

docs/cli-help.txt

@@ -113,7 +113,7 @@ optional arguments:
                         case, and to know when to deprecate support for past
                         Python versions and flags. If you wish to hide this
                         information from the Let's Encrypt server, set this to
-                        "". (default: CertbotACMEClient/0.34.1
+                        "". (default: CertbotACMEClient/0.34.2
                         (certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX
                         Installer/YYY (SUBCOMMAND; flags: FLAGS)
                         Py/major.minor.patchlevel). The flags encoded in the

letsencrypt-auto

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.34.1"
+LE_AUTO_VERSION="0.34.2"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -953,6 +953,95 @@ if __name__ == '__main__':
 UNLIKELY_EOF
 }
 
+# Check that the given PATH_TO_CHECK has secured permissions.
+# Parameters: LE_PYTHON, PATH_TO_CHECK
+CheckPathPermissions() {
+    "$1" - "$2" << "UNLIKELY_EOF"
+"""Verifies certbot-auto cannot be modified by unprivileged users.
+
+This script takes the path to certbot-auto as its only command line
+argument.  It then checks that the file can only be modified by uid/gid
+< 1000 and if other users can modify the file, it prints a warning with
+a suggestion on how to solve the problem.
+
+Permissions on symlinks in the absolute path of certbot-auto are ignored
+and only the canonical path to certbot-auto is checked. There could be
+permissions problems due to the symlinks that are unreported by this
+script, however, issues like this were not caused by our documentation
+and are ignored for the sake of simplicity.
+
+All warnings are printed to stdout rather than stderr so all stderr
+output from this script can be suppressed to avoid printing messages if
+this script fails for some reason.
+
+"""
+from __future__ import print_function
+
+import os
+import stat
+import sys
+
+
+FORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'
+
+
+def has_safe_permissions(path):
+    """Returns True if the given path has secure permissions.
+
+    The permissions are considered safe if the file is only writable by
+    uid/gid < 1000.
+
+    The reason we allow more IDs than 0 is because on some systems such
+    as Debian, system users/groups other than uid/gid 0 are used for the
+    path we recommend in our instructions which is /usr/local/bin.  1000
+    was chosen because on Debian 0-999 is reserved for system IDs[1] and
+    on RHEL either 0-499 or 0-999 is reserved depending on the
+    version[2][3]. Due to these differences across different OSes, this
+    detection isn't perfect so we only determine permissions are
+    insecure when we can be reasonably confident there is a problem
+    regardless of the underlying OS.
+
+    [1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
+    [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups
+    [3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
+
+    :param str path: filesystem path to check
+    :returns: True if the path has secure permissions, otherwise, False
+    :rtype: bool
+
+    """
+    # os.stat follows symlinks before obtaining information about a file.
+    stat_result = os.stat(path)
+    if stat_result.st_mode & stat.S_IWOTH:
+        return False
+    if stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:
+        return False
+    if stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:
+        return False
+    return True
+
+
+def main(certbot_auto_path):
+    current_path = os.path.realpath(certbot_auto_path)
+    last_path = None
+    permissions_ok = True
+    # This loop makes use of the fact that os.path.dirname('/') == '/'.
+    while current_path != last_path and permissions_ok:
+        permissions_ok = has_safe_permissions(current_path)
+        last_path = current_path
+        current_path = os.path.dirname(current_path)
+
+    if not permissions_ok:
+        print('{0} has insecure permissions!'.format(certbot_auto_path))
+        print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))
+
+
+if __name__ == '__main__':
+    main(sys.argv[1])
+
+UNLIKELY_EOF
+}
+
 if [ "$1" = "--le-auto-phase2" ]; then
   # Phase 2: Create venv, install LE, and run.
 
@@ -1225,18 +1314,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.34.1 \
-    --hash=sha256:84b0990e9a0d1390f80467af4b29b6f65b80f6ed3b2b32aae6baba9d968e957f \
-    --hash=sha256:464f49371ed308aa17356a7152167defc342b67a8bbf8f4b8d9019788f6d4b52
-acme==0.34.1 \
-    --hash=sha256:6b989576dee7b57c25e391cbe93f817961cd9307aca1c429fe9fa36c1c3c95d3 \
-    --hash=sha256:7bdbdbfcec5c05834e91a2d950e964654401e0112a27afd34f5f03a5cadf23f1
-certbot-apache==0.34.1 \
-    --hash=sha256:a199202d212492fca92939e8424a1b312b0959843dd46c673888275407bb341d \
-    --hash=sha256:6223e61eb83ade317693e8542b480fc5ef9cd67fc54f8137a5ac13f0f75c62f7
-certbot-nginx==0.34.1 \
-    --hash=sha256:c115f5f3d47aacaa67790e5628148b0074b57d0e538cf0118231e832bc410e52 \
-    --hash=sha256:b92f457afa1a1c7596c2d22a6863b5917376677746996da73faa2b4e56692576
+certbot==0.34.2 \
+    --hash=sha256:238bb1c100d0d17f0bda147387435c307e128b2f1a8339eb85cef7fb99909cb9 \
+    --hash=sha256:30732ddcb10ccd8b8410c515a76ae0429ad907130b8bf8caa58b73826d0ec9bb
+acme==0.34.2 \
+    --hash=sha256:f2b3cec09270499211fa54e588571bac67a015d375a4806c6c23431c91fdf7e3 \
+    --hash=sha256:bd5b0dfcbca82a2be6fe12e7c7939721d6b3dacb7d8529ba519b56274060dc2a
+certbot-apache==0.34.2 \
+    --hash=sha256:c9cbbc2499084361a741f865a6f9af717296d5b0fec5fdd45819df2a56014a63 \
+    --hash=sha256:74c302b2099c9906dd4783cd57f546393235902dcc179302a2da280d83e72b96
+certbot-nginx==0.34.2 \
+    --hash=sha256:4883f638e703b8fbab0ec15df6d9f0ebbb3cd81e221521b65ca27cdc9e9d070d \
+    --hash=sha256:13d58e40097f6b36e323752c146dc90d06120dc69a313e141476e0bc1a74ee17
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------
@@ -1505,96 +1594,10 @@ else
   # Don't warn about file permissions if the user disabled the check or we
   # can't find an up-to-date Python.
   if [ "$PYVER" -ge "$MIN_PYVER" -a "$NO_PERMISSIONS_CHECK" != 1 ]; then
-    # ---------------------------------------------------------------------------
-    cat << "UNLIKELY_EOF" > "$TEMP_DIR/check_permissions.py"
-"""Verifies certbot-auto cannot be modified by unprivileged users.
-
-This script takes the path to certbot-auto as its only command line
-argument.  It then checks that the file can only be modified by uid/gid
-< 1000 and if other users can modify the file, it prints a warning with
-a suggestion on how to solve the problem.
-
-Permissions on symlinks in the absolute path of certbot-auto are ignored
-and only the canonical path to certbot-auto is checked. There could be
-permissions problems due to the symlinks that are unreported by this
-script, however, issues like this were not caused by our documentation
-and are ignored for the sake of simplicity.
-
-All warnings are printed to stdout rather than stderr so all stderr
-output from this script can be suppressed to avoid printing messages if
-this script fails for some reason.
-
-"""
-from __future__ import print_function
-
-import os
-import stat
-import sys
-
-
-FORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'
-
-
-def has_safe_permissions(path):
-    """Returns True if the given path has secure permissions.
-
-    The permissions are considered safe if the file is only writable by
-    uid/gid < 1000.
-
-    The reason we allow more IDs than 0 is because on some systems such
-    as Debian, system users/groups other than uid/gid 0 are used for the
-    path we recommend in our instructions which is /usr/local/bin.  1000
-    was chosen because on Debian 0-999 is reserved for system IDs[1] and
-    on RHEL either 0-499 or 0-999 is reserved depending on the
-    version[2][3]. Due to these differences across different OSes, this
-    detection isn't perfect so we only determine permissions are
-    insecure when we can be reasonably confident there is a problem
-    regardless of the underlying OS.
-
-    [1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
-    [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups
-    [3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
-
-    :param str path: filesystem path to check
-    :returns: True if the path has secure permissions, otherwise, False
-    :rtype: bool
-
-    """
-    # os.stat follows symlinks before obtaining information about a file.
-    stat_result = os.stat(path)
-    if stat_result.st_mode & stat.S_IWOTH:
-        return False
-    if stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:
-        return False
-    if stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:
-        return False
-    return True
-
-
-def main(certbot_auto_path):
-    current_path = os.path.realpath(certbot_auto_path)
-    last_path = None
-    permissions_ok = True
-    # This loop makes use of the fact that os.path.dirname('/') == '/'.
-    while current_path != last_path and permissions_ok:
-        permissions_ok = has_safe_permissions(current_path)
-        last_path = current_path
-        current_path = os.path.dirname(current_path)
-
-    if not permissions_ok:
-        print('{0} has insecure permissions!'.format(certbot_auto_path))
-        print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))
-
-
-if __name__ == '__main__':
-    main(sys.argv[1])
-
-UNLIKELY_EOF
-    # ---------------------------------------------------------------------------
     # If the script fails for some reason, don't break certbot-auto.
     set +e
     # Suppress unexpected error output.
-    CHECK_PERM_OUT=$("$LE_PYTHON" "$TEMP_DIR/check_permissions.py" "$0" 2>/dev/null)
+    CHECK_PERM_OUT=$(CheckPathPermissions "$LE_PYTHON" "$0" 2>/dev/null)
     CHECK_PERM_STATUS="$?"
     set -e
     # Only print output if the script ran successfully and it actually produced

letsencrypt-auto-source/certbot-auto.asc

@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAlzQmLAACgkQTRfJlc2X
-dfL04Af9E06u0S3Q+xroaysGFPUv2Jl1Mr1FMxk8LckuOzVQDf2hPE1WR7gJ4Csg
-s5wMh+inEws45QgpihbANjNvoMHJX3mzcjYkvMhwiW2q93pU6PEWjVnLV5qx79Jh
-L7gatx96S+fQ/e5LDLx7cTngDLJGYjJUbOWfHVBsYwMNotTFJNMPaTx8IAQAqaLN
-1LAZDsZq/EJpdE+JhR+pXJ2xhCjWmxjmsPvUVjBhlM+gTpFw2CwKhJJtmKgV/0tG
-jf8Ot3ruRCNIvonB9tD6j67nStA7i6fMn9irW9rLCu9s2PXFAYPC/tB4nvKvP1wX
-OUyihTSztHA/vgm3JStXkoYA4T1tBA==
-=RfRc
+iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAlzR4cYACgkQTRfJlc2X
+dfKDMQf/RTQ53OV2UMp/9qc7Ig8GdHG0MT8h3d2dhFtfT3aAVYGxWXPnZp68Ut2l
+hL9qpoDX1VbMcG110oQp4SXGIfMfs/aUZXs6bsW1yfTHv63CT0j4oxycShZWy5vp
+mMj2T/huW/yXcaHPdIGUmYyxAKr/CyZ9o3jTg5YARoaO2q5VcSII6MpBtrvlPr2r
+3fNhvuQf0tjjpYec/iyR1sg/0cK/ZxdsqdSC7HpDUsxBNqwxLrXhW27KdB4GU5mI
+y6ngzrg32FEj2MDkna52/HFsVroqpoIbmdB6LdVxWH2xMRW5YbE3+p2ntT+T0NBt
+Us2cca3NgnM938Fo/oto4GNZU+bqaQ==
+=VxSR
 -----END PGP SIGNATURE-----

letsencrypt-auto-source/letsencrypt-auto

@@ -1314,18 +1314,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.34.1 \
-    --hash=sha256:84b0990e9a0d1390f80467af4b29b6f65b80f6ed3b2b32aae6baba9d968e957f \
-    --hash=sha256:464f49371ed308aa17356a7152167defc342b67a8bbf8f4b8d9019788f6d4b52
-acme==0.34.1 \
-    --hash=sha256:6b989576dee7b57c25e391cbe93f817961cd9307aca1c429fe9fa36c1c3c95d3 \
-    --hash=sha256:7bdbdbfcec5c05834e91a2d950e964654401e0112a27afd34f5f03a5cadf23f1
-certbot-apache==0.34.1 \
-    --hash=sha256:a199202d212492fca92939e8424a1b312b0959843dd46c673888275407bb341d \
-    --hash=sha256:6223e61eb83ade317693e8542b480fc5ef9cd67fc54f8137a5ac13f0f75c62f7
-certbot-nginx==0.34.1 \
-    --hash=sha256:c115f5f3d47aacaa67790e5628148b0074b57d0e538cf0118231e832bc410e52 \
-    --hash=sha256:b92f457afa1a1c7596c2d22a6863b5917376677746996da73faa2b4e56692576
+certbot==0.34.2 \
+    --hash=sha256:238bb1c100d0d17f0bda147387435c307e128b2f1a8339eb85cef7fb99909cb9 \
+    --hash=sha256:30732ddcb10ccd8b8410c515a76ae0429ad907130b8bf8caa58b73826d0ec9bb
+acme==0.34.2 \
+    --hash=sha256:f2b3cec09270499211fa54e588571bac67a015d375a4806c6c23431c91fdf7e3 \
+    --hash=sha256:bd5b0dfcbca82a2be6fe12e7c7939721d6b3dacb7d8529ba519b56274060dc2a
+certbot-apache==0.34.2 \
+    --hash=sha256:c9cbbc2499084361a741f865a6f9af717296d5b0fec5fdd45819df2a56014a63 \
+    --hash=sha256:74c302b2099c9906dd4783cd57f546393235902dcc179302a2da280d83e72b96
+certbot-nginx==0.34.2 \
+    --hash=sha256:4883f638e703b8fbab0ec15df6d9f0ebbb3cd81e221521b65ca27cdc9e9d070d \
+    --hash=sha256:13d58e40097f6b36e323752c146dc90d06120dc69a313e141476e0bc1a74ee17
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------

letsencrypt-auto-source/pieces/certbot-requirements.txt

@@ -1,12 +1,12 @@
-certbot==0.34.1 \
-    --hash=sha256:84b0990e9a0d1390f80467af4b29b6f65b80f6ed3b2b32aae6baba9d968e957f \
-    --hash=sha256:464f49371ed308aa17356a7152167defc342b67a8bbf8f4b8d9019788f6d4b52
-acme==0.34.1 \
-    --hash=sha256:6b989576dee7b57c25e391cbe93f817961cd9307aca1c429fe9fa36c1c3c95d3 \
-    --hash=sha256:7bdbdbfcec5c05834e91a2d950e964654401e0112a27afd34f5f03a5cadf23f1
-certbot-apache==0.34.1 \
-    --hash=sha256:a199202d212492fca92939e8424a1b312b0959843dd46c673888275407bb341d \
-    --hash=sha256:6223e61eb83ade317693e8542b480fc5ef9cd67fc54f8137a5ac13f0f75c62f7
-certbot-nginx==0.34.1 \
-    --hash=sha256:c115f5f3d47aacaa67790e5628148b0074b57d0e538cf0118231e832bc410e52 \
-    --hash=sha256:b92f457afa1a1c7596c2d22a6863b5917376677746996da73faa2b4e56692576
+certbot==0.34.2 \
+    --hash=sha256:238bb1c100d0d17f0bda147387435c307e128b2f1a8339eb85cef7fb99909cb9 \
+    --hash=sha256:30732ddcb10ccd8b8410c515a76ae0429ad907130b8bf8caa58b73826d0ec9bb
+acme==0.34.2 \
+    --hash=sha256:f2b3cec09270499211fa54e588571bac67a015d375a4806c6c23431c91fdf7e3 \
+    --hash=sha256:bd5b0dfcbca82a2be6fe12e7c7939721d6b3dacb7d8529ba519b56274060dc2a
+certbot-apache==0.34.2 \
+    --hash=sha256:c9cbbc2499084361a741f865a6f9af717296d5b0fec5fdd45819df2a56014a63 \
+    --hash=sha256:74c302b2099c9906dd4783cd57f546393235902dcc179302a2da280d83e72b96
+certbot-nginx==0.34.2 \
+    --hash=sha256:4883f638e703b8fbab0ec15df6d9f0ebbb3cd81e221521b65ca27cdc9e9d070d \
+    --hash=sha256:13d58e40097f6b36e323752c146dc90d06120dc69a313e141476e0bc1a74ee17