Merge branch 'master' into certbot-auto-sunset

.azure-pipelines/templates/changelog.yml

@@ -4,7 +4,7 @@ jobs:
       vmImage: vs2017-win2016
     steps:
       - bash: |
-          CERTBOT_VERSION="$(python -c "import certbot; print(certbot.__version__)")"
+          CERTBOT_VERSION="$(cd certbot && python -c "import certbot; print(certbot.__version__)" && cd ~-)"
           "${BUILD_REPOSITORY_LOCALPATH}\tools\extract_changelog.py" "${CERTBOT_VERSION}" >> "${BUILD_ARTIFACTSTAGINGDIRECTORY}/release_notes.md"
         displayName: Prepare changelog
       - task: PublishPipelineArtifact@1

CHANGELOG.md

@@ -0,0 +1 @@
+certbot/CHANGELOG.md

README.rst

@@ -1,131 +0,0 @@
-.. This file contains a series of comments that are used to include sections of this README in other files. Do not modify these comments unless you know what you are doing. tag:intro-begin
-
-Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.
-
-Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free, so there’s no need to arrange payment.
-
-How you use Certbot depends on the configuration of your web server. The best way to get started is to use our `interactive guide <https://certbot.eff.org>`_. It generates instructions based on your configuration settings. In most cases, you’ll need `root or administrator access <https://certbot.eff.org/faq/#does-certbot-require-root-administrator-privileges>`_ to your web server to run Certbot.
-
-Certbot is meant to be run directly on your web server, not on your personal computer. If you’re using a hosted service and don’t have direct access to your web server, you might not be able to use Certbot. Check with your hosting provider for documentation about uploading certificates or using certificates issued by Let’s Encrypt.
-
-Certbot is a fully-featured, extensible client for the Let's
-Encrypt CA (or any other CA that speaks the `ACME
-<https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md>`_
-protocol) that can automate the tasks of obtaining certificates and
-configuring webservers to use them. This client runs on Unix-based operating
-systems.
-
-To see the changes made to Certbot between versions please refer to our
-`changelog <https://github.com/certbot/certbot/blob/master/CHANGELOG.md>`_.
-
-Until May 2016, Certbot was named simply ``letsencrypt`` or ``letsencrypt-auto``,
-depending on install method. Instructions on the Internet, and some pieces of the
-software, may still refer to this older name.
-
-Contributing
-------------
-
-If you'd like to contribute to this project please read `Developer Guide
-<https://certbot.eff.org/docs/contributing.html>`_.
-
-This project is governed by `EFF's Public Projects Code of Conduct <https://www.eff.org/pages/eppcode>`_.
-
-.. _installation:
-
-How to run the client
----------------------
-
-The easiest way to install and run Certbot is by visiting `certbot.eff.org`_,
-where you can find the correct instructions for many web server and OS
-combinations.  For more information, see `Get Certbot
-<https://certbot.eff.org/docs/install.html>`_.
-
-.. _certbot.eff.org: https://certbot.eff.org/
-
-Understanding the client in more depth
---------------------------------------
-
-To understand what the client is doing in detail, it's important to
-understand the way it uses plugins.  Please see the `explanation of
-plugins <https://certbot.eff.org/docs/using.html#plugins>`_ in
-the User Guide.
-
-Links
-=====
-
-.. Do not modify this comment unless you know what you're doing. tag:links-begin
-
-Documentation: https://certbot.eff.org/docs
-
-Software project: https://github.com/certbot/certbot
-
-Notes for developers: https://certbot.eff.org/docs/contributing.html
-
-Main Website: https://certbot.eff.org
-
-Let's Encrypt Website: https://letsencrypt.org
-
-Community: https://community.letsencrypt.org
-
-ACME spec: http://ietf-wg-acme.github.io/acme/
-
-ACME working area in github: https://github.com/ietf-wg-acme/acme
-
-|build-status| |coverage| |docs| |container|
-
-.. |build-status| image:: https://travis-ci.com/certbot/certbot.svg?branch=master
-   :target: https://travis-ci.com/certbot/certbot
-   :alt: Travis CI status
-
-.. |coverage| image:: https://codecov.io/gh/certbot/certbot/branch/master/graph/badge.svg
-   :target: https://codecov.io/gh/certbot/certbot
-   :alt: Coverage status
-
-.. |docs| image:: https://readthedocs.org/projects/letsencrypt/badge/
-   :target: https://readthedocs.org/projects/letsencrypt/
-   :alt: Documentation status
-
-.. |container| image:: https://quay.io/repository/letsencrypt/letsencrypt/status
-   :target: https://quay.io/repository/letsencrypt/letsencrypt
-   :alt: Docker Repository on Quay.io
-
-.. Do not modify this comment unless you know what you're doing. tag:links-end
-
-System Requirements
-===================
-
-See https://certbot.eff.org/docs/install.html#system-requirements.
-
-.. Do not modify this comment unless you know what you're doing. tag:intro-end
-
-.. Do not modify this comment unless you know what you're doing. tag:features-begin
-
-Current Features
-=====================
-
-* Supports multiple web servers:
-
-  - apache/2.x
-  - nginx/0.8.48+
-  - webroot (adds files to webroot directories in order to prove control of
-    domains and obtain certs)
-  - standalone (runs its own simple webserver to prove you control a domain)
-  - other server software via `third party plugins <https://certbot.eff.org/docs/using.html#third-party-plugins>`_
-
-* The private key is generated locally on your system.
-* Can talk to the Let's Encrypt CA or optionally to other ACME
-  compliant services.
-* Can get domain-validated (DV) certificates.
-* Can revoke certificates.
-* Adjustable RSA key bit-length (2048 (default), 4096, ...).
-* Can optionally install a http -> https redirect, so your site effectively
-  runs https only (Apache only)
-* Fully automated.
-* Configuration changes are logged and can be reverted.
-* Supports an interactive text UI, or can be driven entirely from the
-  command line.
-* Free and Open Source Software, made with Python.
-
-.. Do not modify this comment unless you know what you're doing. tag:features-end
-
-For extensive documentation on using and contributing to Certbot, go to https://certbot.eff.org/docs. If you would like to contribute to the project or run the latest code from git, you should read our `developer guide <https://certbot.eff.org/docs/contributing.html>`_.

README.rst

@@ -0,0 +1 @@
+certbot/README.rst

acme/MANIFEST.in

@@ -3,4 +3,6 @@ include README.rst
 include pytest.ini
 recursive-include docs *
 recursive-include examples *
-recursive-include acme/testdata *
+recursive-include tests *
+global-exclude __pycache__
+global-exclude *.py[cod]

acme/readthedocs.org.requirements.txt

@@ -1,10 +1,10 @@
 # readthedocs.org gives no way to change the install command to "pip
-# install -e .[docs]" (that would in turn install documentation
+# install -e acme[docs]" (that would in turn install documentation
 # dependencies), but it allows to specify a requirements.txt file at
 # https://readthedocs.org/dashboard/letsencrypt/advanced/ (c.f. #259)
 
 # Although ReadTheDocs certainly doesn't need to install the project
-# in --editable mode (-e), just "pip install .[docs]" does not work as
-# expected and "pip install -e .[docs]" must be used instead
+# in --editable mode (-e), just "pip install acme[docs]" does not work as
+# expected and "pip install -e acme[docs]" must be used instead
 
 -e acme[docs]

acme/setup.py

@@ -3,7 +3,7 @@ from setuptools import find_packages
 from setuptools.command.test import test as TestCommand
 import sys
 
-version = '1.0.0.dev0'
+version = '1.1.0.dev0'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
@@ -14,8 +14,8 @@ install_requires = [
     # 1.1.0+ is required to avoid the warnings described at
     # https://github.com/certbot/josepy/issues/13.
     'josepy>=1.1.0',
-    # Connection.set_tlsext_host_name (>=0.13)
     'mock',
+    # Connection.set_tlsext_host_name (>=0.13)
     'PyOpenSSL>=0.13.1',
     'pyrfc3339',
     'pytz',

acme/tests/challenges_test.py

@@ -7,7 +7,7 @@ import requests
 
 from six.moves.urllib import parse as urllib_parse  # pylint: disable=relative-import
 
-from acme import test_util
+import test_util
 
 CERT = test_util.load_comparable_cert('cert.pem')
 KEY = jose.JWKRSA(key=test_util.load_rsa_private_key('rsa512_key.pem'))

acme/tests/client_test.py

@@ -16,10 +16,10 @@ from acme import challenges
 from acme import errors
 from acme import jws as acme_jws
 from acme import messages
-from acme import messages_test
-from acme import test_util
 from acme.magic_typing import Dict # pylint: disable=unused-import, no-name-in-module
 
+import messages_test
+import test_util
 
 CERT_DER = test_util.load_vector('cert.der')
 CERT_SAN_PEM = test_util.load_vector('cert-san.pem')

acme/tests/crypto_util_test.py

@@ -12,9 +12,9 @@ import josepy as jose
 import OpenSSL
 
 from acme import errors
-from acme import test_util
 from acme.magic_typing import List # pylint: disable=unused-import, no-name-in-module
 
+import test_util
 
 class SSLSocketAndProbeSNITest(unittest.TestCase):
     """Tests for acme.crypto_util.SSLSocket/probe_sni."""

acme/tests/jws_test.py

@@ -3,7 +3,7 @@ import unittest
 
 import josepy as jose
 
-from acme import test_util
+import test_util
 
 
 KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))

acme/tests/messages_test.py

@@ -5,9 +5,9 @@ import josepy as jose
 import mock
 
 from acme import challenges
-from acme import test_util
 from acme.magic_typing import Dict # pylint: disable=unused-import, no-name-in-module
 
+import test_util
 
 CERT = test_util.load_comparable_cert('cert.der')
 CSR = test_util.load_comparable_csr('csr.der')

acme/tests/standalone_test.py

@@ -11,9 +11,9 @@ import mock
 import requests
 
 from acme import challenges
-from acme import test_util
 from acme.magic_typing import Set # pylint: disable=unused-import, no-name-in-module
 
+import test_util
 
 class TLSServerTest(unittest.TestCase):
     """Tests for acme.standalone.TLSServer."""

certbot-apache/MANIFEST.in

@@ -1,6 +1,8 @@
 include LICENSE.txt
 include README.rst
-recursive-include certbot_apache/tests/testdata *
-include certbot_apache/centos-options-ssl-apache.conf
-include certbot_apache/options-ssl-apache.conf
-recursive-include certbot_apache/augeas_lens *.aug
+recursive-include tests *
+include certbot_apache/_internal/centos-options-ssl-apache.conf
+include certbot_apache/_internal/options-ssl-apache.conf
+recursive-include certbot_apache/_internal/augeas_lens *.aug
+global-exclude __pycache__
+global-exclude *.py[cod]

certbot-apache/certbot_apache/_internal/__init__.py

@@ -0,0 +1 @@
+"""Certbot Apache plugin."""

certbot-apache/certbot_apache/_internal/configurator.py

@@ -29,12 +29,12 @@ from certbot.plugins import common
 from certbot.plugins.util import path_surgery
 from certbot.plugins.enhancements import AutoHSTSEnhancement
 
-from certbot_apache import apache_util
-from certbot_apache import constants
-from certbot_apache import display_ops
-from certbot_apache import http_01
-from certbot_apache import obj
-from certbot_apache import parser
+from certbot_apache._internal import apache_util
+from certbot_apache._internal import constants
+from certbot_apache._internal import display_ops
+from certbot_apache._internal import http_01
+from certbot_apache._internal import obj
+from certbot_apache._internal import parser
 
 logger = logging.getLogger(__name__)
 
@@ -77,11 +77,11 @@ class ApacheConfigurator(common.Installer):
     :type config: :class:`~certbot.interfaces.IConfig`
 
     :ivar parser: Handles low level parsing
-    :type parser: :class:`~certbot_apache.parser`
+    :type parser: :class:`~certbot_apache._internal.parser`
 
     :ivar tup version: version of Apache
     :ivar list vhosts: All vhosts found in the configuration
-        (:class:`list` of :class:`~certbot_apache.obj.VirtualHost`)
+        (:class:`list` of :class:`~certbot_apache._internal.obj.VirtualHost`)
 
     :ivar dict assoc: Mapping between domains and vhosts
 
@@ -110,7 +110,7 @@ class ApacheConfigurator(common.Installer):
         handle_sites=False,
         challenge_location="/etc/apache2",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )
 
     def option(self, key):
@@ -391,7 +391,7 @@ class ApacheConfigurator(common.Installer):
             counterpart, should one get created
 
         :returns: List of VirtualHosts or None
-        :rtype: `list` of :class:`~certbot_apache.obj.VirtualHost`
+        :rtype: `list` of :class:`~certbot_apache._internal.obj.VirtualHost`
         """
 
         if self._wildcard_domain(domain):
@@ -566,7 +566,7 @@ class ApacheConfigurator(common.Installer):
             counterpart, should one get created
 
         :returns: vhost associated with name
-        :rtype: :class:`~certbot_apache.obj.VirtualHost`
+        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :raises .errors.PluginError: If no vhost is available or chosen
 
@@ -669,7 +669,7 @@ class ApacheConfigurator(common.Installer):
 
         :param str target_name: domain handled by the desired vhost
         :param vhosts: vhosts to consider
-        :type vhosts: `collections.Iterable` of :class:`~certbot_apache.obj.VirtualHost`
+        :type vhosts: `collections.Iterable` of :class:`~certbot_apache._internal.obj.VirtualHost`
         :param bool filter_defaults: whether a vhost with a _default_
             addr is acceptable
 
@@ -811,7 +811,7 @@ class ApacheConfigurator(common.Installer):
         """Helper function for get_virtual_hosts().
 
         :param host: In progress vhost whose names will be added
-        :type host: :class:`~certbot_apache.obj.VirtualHost`
+        :type host: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         """
 
@@ -830,7 +830,7 @@ class ApacheConfigurator(common.Installer):
         :param str path: Augeas path to virtual host
 
         :returns: newly created vhost
-        :rtype: :class:`~certbot_apache.obj.VirtualHost`
+        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         """
         addrs = set()
@@ -871,7 +871,7 @@ class ApacheConfigurator(common.Installer):
     def get_virtual_hosts(self):
         """Returns list of virtual hosts found in the Apache configuration.
 
-        :returns: List of :class:`~certbot_apache.obj.VirtualHost`
+        :returns: List of :class:`~certbot_apache._internal.obj.VirtualHost`
             objects found in configuration
         :rtype: list
 
@@ -928,7 +928,7 @@ class ApacheConfigurator(common.Installer):
         now NameVirtualHosts. If version is earlier than 2.4, check if addr
         has a NameVirtualHost directive in the Apache config
 
-        :param certbot_apache.obj.Addr target_addr: vhost address
+        :param certbot_apache._internal.obj.Addr target_addr: vhost address
 
         :returns: Success
         :rtype: bool
@@ -946,7 +946,7 @@ class ApacheConfigurator(common.Installer):
         """Adds NameVirtualHost directive for given address.
 
         :param addr: Address that will be added as NameVirtualHost directive
-        :type addr: :class:`~certbot_apache.obj.Addr`
+        :type addr: :class:`~certbot_apache._internal.obj.Addr`
 
         """
 
@@ -1125,10 +1125,10 @@ class ApacheConfigurator(common.Installer):
         .. note:: This function saves the configuration
 
         :param nonssl_vhost: Valid VH that doesn't have SSLEngine on
-        :type nonssl_vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type nonssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :returns: SSL vhost
-        :rtype: :class:`~certbot_apache.obj.VirtualHost`
+        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :raises .errors.PluginError: If more than one virtual host is in
             the file or if plugin is unable to write/read vhost files.
@@ -1499,7 +1499,7 @@ class ApacheConfigurator(common.Installer):
         https://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost
 
         :param vhost: New virtual host that was recently created.
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         """
         need_to_save = False
@@ -1534,7 +1534,7 @@ class ApacheConfigurator(common.Installer):
         :param str id_str: Id string for matching
 
         :returns: The matched VirtualHost or None
-        :rtype: :class:`~certbot_apache.obj.VirtualHost` or None
+        :rtype: :class:`~certbot_apache._internal.obj.VirtualHost` or None
 
         :raises .errors.PluginError: If no VirtualHost is found
         """
@@ -1551,7 +1551,7 @@ class ApacheConfigurator(common.Installer):
         used for keeping track of VirtualHost directive over time.
 
         :param vhost: Virtual host to add the id
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :returns: The unique ID or None
         :rtype: str or None
@@ -1573,7 +1573,7 @@ class ApacheConfigurator(common.Installer):
         If ID already exists, returns that instead.
 
         :param vhost: Virtual host to add or find the id
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :returns: The unique ID for vhost
         :rtype: str or None
@@ -1651,7 +1651,7 @@ class ApacheConfigurator(common.Installer):
         """Increase the AutoHSTS max-age value
 
         :param vhost: Virtual host object to modify
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :param str id_str: The unique ID string of VirtualHost
 
@@ -1735,13 +1735,13 @@ class ApacheConfigurator(common.Installer):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :param unused_options: Not currently used
         :type unused_options: Not Available
 
         :returns: Success, general_vhost (HTTP vhost)
-        :rtype: (bool, :class:`~certbot_apache.obj.VirtualHost`)
+        :rtype: (bool, :class:`~certbot_apache._internal.obj.VirtualHost`)
 
         """
         min_apache_ver = (2, 3, 3)
@@ -1791,14 +1791,14 @@ class ApacheConfigurator(common.Installer):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :param header_substring: string that uniquely identifies a header.
                 e.g: Strict-Transport-Security, Upgrade-Insecure-Requests.
         :type str
 
         :returns: Success, general_vhost (HTTP vhost)
-        :rtype: (bool, :class:`~certbot_apache.obj.VirtualHost`)
+        :rtype: (bool, :class:`~certbot_apache._internal.obj.VirtualHost`)
 
         :raises .errors.PluginError: If no viable HTTP host can be created or
             set with header header_substring.
@@ -1826,7 +1826,7 @@ class ApacheConfigurator(common.Installer):
         contains the string header_substring.
 
         :param ssl_vhost: vhost to check
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :param header_substring: string that uniquely identifies a header.
                 e.g: Strict-Transport-Security, Upgrade-Insecure-Requests.
@@ -1863,7 +1863,7 @@ class ApacheConfigurator(common.Installer):
         .. note:: This function saves the configuration
 
         :param ssl_vhost: Destination of traffic, an ssl enabled vhost
-        :type ssl_vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :param unused_options: Not currently used
         :type unused_options: Not Available
@@ -1948,7 +1948,7 @@ class ApacheConfigurator(common.Installer):
         delete certbot's old rewrite rules and set the new one instead.
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :raises errors.PluginEnhancementAlreadyPresent: When the exact
                 certbot redirection WriteRule exists in virtual host.
@@ -1990,7 +1990,7 @@ class ApacheConfigurator(common.Installer):
         """Checks if there exists a RewriteRule directive in vhost
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :returns: True if a RewriteRule directive exists.
         :rtype: bool
@@ -2004,7 +2004,7 @@ class ApacheConfigurator(common.Installer):
         """Checks if a RewriteEngine directive is on
 
         :param vhost: vhost to check
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         """
         rewrite_engine_path_list = self.parser.find_dir("RewriteEngine", "on",
@@ -2021,10 +2021,10 @@ class ApacheConfigurator(common.Installer):
         """Creates an http_vhost specifically to redirect for the ssl_vhost.
 
         :param ssl_vhost: ssl vhost
-        :type ssl_vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :returns: tuple of the form
-            (`success`, :class:`~certbot_apache.obj.VirtualHost`)
+            (`success`, :class:`~certbot_apache._internal.obj.VirtualHost`)
         :rtype: tuple
 
         """
@@ -2150,7 +2150,7 @@ class ApacheConfigurator(common.Installer):
                   of this method where available.
 
         :param vhost: vhost to enable
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :raises .errors.NotSupportedError: If filesystem layout is not
             supported.
@@ -2387,7 +2387,7 @@ class ApacheConfigurator(common.Installer):
         """Do the initial AutoHSTS deployment to a vhost
 
         :param ssl_vhost: The VirtualHost object to deploy the AutoHSTS
-        :type ssl_vhost: :class:`~certbot_apache.obj.VirtualHost` or None
+        :type ssl_vhost: :class:`~certbot_apache._internal.obj.VirtualHost` or None
 
         :raises errors.PluginEnhancementAlreadyPresent: When already enhanced
 

certbot-apache/certbot_apache/_internal/constants.py

@@ -1,6 +1,8 @@
 """Apache plugin constants."""
 import pkg_resources
 
+from certbot.compat import os
+
 
 MOD_SSL_CONF_DEST = "options-ssl-apache.conf"
 """Name of the mod_ssl config file as saved in `IConfig.config_dir`."""
@@ -27,7 +29,7 @@ ALL_SSL_OPTIONS_HASHES = [
 """SHA256 hashes of the contents of previous versions of all versions of MOD_SSL_CONF_SRC"""
 
 AUGEAS_LENS_DIR = pkg_resources.resource_filename(
-    "certbot_apache", "augeas_lens")
+    "certbot_apache", os.path.join("_internal", "augeas_lens"))
 """Path to the Augeas lens directory"""
 
 REWRITE_HTTPS_ARGS = [

certbot-apache/certbot_apache/_internal/display_ops.py

@@ -77,7 +77,7 @@ def _vhost_menu(domain, vhosts):
 
     if free_chars < 2:
         logger.debug("Display size is too small for "
-                     "certbot_apache.display_ops._vhost_menu()")
+                     "certbot_apache._internal.display_ops._vhost_menu()")
         # This runs the edge off the screen, but it doesn't cause an "error"
         filename_size = 1
         disp_name_size = 1

certbot-apache/certbot_apache/_internal/entrypoint.py

@@ -5,14 +5,14 @@ from distutils.version import LooseVersion  # pylint: disable=no-name-in-module,
 
 from certbot import util
 
-from certbot_apache import configurator
-from certbot_apache import override_arch
-from certbot_apache import override_fedora
-from certbot_apache import override_darwin
-from certbot_apache import override_debian
-from certbot_apache import override_centos
-from certbot_apache import override_gentoo
-from certbot_apache import override_suse
+from certbot_apache._internal import configurator
+from certbot_apache._internal import override_arch
+from certbot_apache._internal import override_fedora
+from certbot_apache._internal import override_darwin
+from certbot_apache._internal import override_debian
+from certbot_apache._internal import override_centos
+from certbot_apache._internal import override_gentoo
+from certbot_apache._internal import override_suse
 
 OVERRIDE_CLASSES = {
     "arch": override_arch.ArchConfigurator,

certbot-apache/certbot_apache/_internal/http_01.py

@@ -8,8 +8,8 @@ from certbot.compat import os
 from certbot.compat import filesystem
 from certbot.plugins import common
 
-from certbot_apache.obj import VirtualHost  # pylint: disable=unused-import
-from certbot_apache.parser import get_aug_path
+from certbot_apache._internal.obj import VirtualHost  # pylint: disable=unused-import
+from certbot_apache._internal.parser import get_aug_path
 
 logger = logging.getLogger(__name__)
 

certbot-apache/certbot_apache/_internal/obj.py

@@ -24,7 +24,7 @@ class Addr(common.Addr):
         return not self.__eq__(other)
 
     def __repr__(self):
-        return "certbot_apache.obj.Addr(" + repr(self.tup) + ")"
+        return "certbot_apache._internal.obj.Addr(" + repr(self.tup) + ")"
 
     def __hash__(self):  # pylint: disable=useless-super-delegation
         # Python 3 requires explicit overridden for __hash__ if __eq__ or

certbot-apache/certbot_apache/_internal/override_arch.py

@@ -4,8 +4,9 @@ import pkg_resources
 import zope.interface
 
 from certbot import interfaces
+from certbot.compat import os
 
-from certbot_apache import configurator
+from certbot_apache._internal import configurator
 
 @zope.interface.provider(interfaces.IPluginFactory)
 class ArchConfigurator(configurator.ApacheConfigurator):
@@ -27,5 +28,5 @@ class ArchConfigurator(configurator.ApacheConfigurator):
         handle_sites=False,
         challenge_location="/etc/httpd/conf",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )

certbot-apache/certbot_apache/_internal/override_centos.py

@@ -7,13 +7,14 @@ import zope.interface
 from certbot import errors
 from certbot import interfaces
 from certbot import util
+from certbot.compat import os
 from certbot.errors import MisconfigurationError
 
 from acme.magic_typing import List  # pylint: disable=unused-import, no-name-in-module
 
-from certbot_apache import apache_util
-from certbot_apache import configurator
-from certbot_apache import parser
+from certbot_apache._internal import apache_util
+from certbot_apache._internal import configurator
+from certbot_apache._internal import parser
 
 
 logger = logging.getLogger(__name__)
@@ -40,7 +41,7 @@ class CentOSConfigurator(configurator.ApacheConfigurator):
         handle_sites=False,
         challenge_location="/etc/httpd/conf.d",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "centos-options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "centos-options-ssl-apache.conf"))
     )
 
     def config_test(self):

certbot-apache/certbot_apache/_internal/override_darwin.py

@@ -4,8 +4,9 @@ import pkg_resources
 import zope.interface
 
 from certbot import interfaces
+from certbot.compat import os
 
-from certbot_apache import configurator
+from certbot_apache._internal import configurator
 
 @zope.interface.provider(interfaces.IPluginFactory)
 class DarwinConfigurator(configurator.ApacheConfigurator):
@@ -27,5 +28,5 @@ class DarwinConfigurator(configurator.ApacheConfigurator):
         handle_sites=False,
         challenge_location="/etc/apache2/other",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )

certbot-apache/certbot_apache/_internal/override_debian.py

@@ -10,8 +10,8 @@ from certbot import util
 from certbot.compat import filesystem
 from certbot.compat import os
 
-from certbot_apache import apache_util
-from certbot_apache import configurator
+from certbot_apache._internal import apache_util
+from certbot_apache._internal import configurator
 
 logger = logging.getLogger(__name__)
 
@@ -36,7 +36,7 @@ class DebianConfigurator(configurator.ApacheConfigurator):
         handle_sites=True,
         challenge_location="/etc/apache2",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )
 
     def enable_site(self, vhost):
@@ -46,7 +46,7 @@ class DebianConfigurator(configurator.ApacheConfigurator):
                   modules are enabled appropriately.
 
         :param vhost: vhost to enable
-        :type vhost: :class:`~certbot_apache.obj.VirtualHost`
+        :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
 
         :raises .errors.NotSupportedError: If filesystem layout is not
             supported.

certbot-apache/certbot_apache/_internal/override_fedora.py

@@ -5,10 +5,11 @@ import zope.interface
 from certbot import errors
 from certbot import interfaces
 from certbot import util
+from certbot.compat import os
 
-from certbot_apache import apache_util
-from certbot_apache import configurator
-from certbot_apache import parser
+from certbot_apache._internal import apache_util
+from certbot_apache._internal import configurator
+from certbot_apache._internal import parser
 
 
 @zope.interface.provider(interfaces.IPluginFactory)
@@ -33,7 +34,7 @@ class FedoraConfigurator(configurator.ApacheConfigurator):
         challenge_location="/etc/httpd/conf.d",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
             # TODO: eventually newest version of Fedora will need their own config
-            "certbot_apache", "centos-options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "centos-options-ssl-apache.conf"))
     )
 
     def config_test(self):

certbot-apache/certbot_apache/_internal/override_gentoo.py

@@ -4,10 +4,11 @@ import pkg_resources
 import zope.interface
 
 from certbot import interfaces
+from certbot.compat import os
 
-from certbot_apache import apache_util
-from certbot_apache import configurator
-from certbot_apache import parser
+from certbot_apache._internal import apache_util
+from certbot_apache._internal import configurator
+from certbot_apache._internal import parser
 
 @zope.interface.provider(interfaces.IPluginFactory)
 class GentooConfigurator(configurator.ApacheConfigurator):
@@ -30,7 +31,7 @@ class GentooConfigurator(configurator.ApacheConfigurator):
         handle_sites=False,
         challenge_location="/etc/apache2/vhosts.d",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )
 
     def _prepare_options(self):

certbot-apache/certbot_apache/_internal/override_suse.py

@@ -4,8 +4,9 @@ import pkg_resources
 import zope.interface
 
 from certbot import interfaces
+from certbot.compat import os
 
-from certbot_apache import configurator
+from certbot_apache._internal import configurator
 
 @zope.interface.provider(interfaces.IPluginFactory)
 class OpenSUSEConfigurator(configurator.ApacheConfigurator):
@@ -27,5 +28,5 @@ class OpenSUSEConfigurator(configurator.ApacheConfigurator):
         handle_sites=False,
         challenge_location="/etc/apache2/vhosts.d",
         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
-            "certbot_apache", "options-ssl-apache.conf")
+            "certbot_apache", os.path.join("_internal", "options-ssl-apache.conf"))
     )

certbot-apache/certbot_apache/_internal/parser.py

@@ -13,7 +13,7 @@ from acme.magic_typing import Dict, List, Set  # pylint: disable=unused-import,
 from certbot import errors
 from certbot.compat import os
 
-from certbot_apache import constants
+from certbot_apache._internal import constants
 
 logger = logging.getLogger(__name__)
 

certbot-apache/certbot_apache/tests/__init__.py

@@ -1 +0,0 @@
-"""Certbot Apache Tests"""

certbot-apache/setup.py

@@ -4,7 +4,7 @@ from setuptools.command.test import test as TestCommand
 import sys
 
 
-version = '1.0.0.dev0'
+version = '1.1.0.dev0'
 
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -71,7 +71,7 @@ setup(
     install_requires=install_requires,
     entry_points={
         'certbot.plugins': [
-            'apache = certbot_apache.entrypoint:ENTRYPOINT',
+            'apache = certbot_apache._internal.entrypoint:ENTRYPOINT',
         ],
     },
     test_suite='certbot_apache',

certbot-apache/tests/autohsts_test.py

@@ -1,5 +1,5 @@
 # pylint: disable=too-many-lines
-"""Test for certbot_apache.configurator AutoHSTS functionality"""
+"""Test for certbot_apache._internal.configurator AutoHSTS functionality"""
 import re
 import unittest
 import mock
@@ -7,8 +7,9 @@ import mock
 import six  # pylint: disable=unused-import
 
 from certbot import errors
-from certbot_apache import constants
-from certbot_apache.tests import util
+from certbot_apache._internal import constants
+
+import util
 
 
 class AutoHSTSTest(util.ApacheTest):
@@ -39,24 +40,24 @@ class AutoHSTSTest(util.ApacheTest):
                         head.replace("arg[3]", "arg[4]"))
         return None  # pragma: no cover
 
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.enable_mod")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.enable_mod")
     def test_autohsts_enable_headers_mod(self, mock_enable, _restart):
         self.config.parser.modules.discard("headers_module")
         self.config.parser.modules.discard("mod_header.c")
         self.config.enable_autohsts(mock.MagicMock(), ["ocspvhost.com"])
         self.assertTrue(mock_enable.called)
 
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
     def test_autohsts_deploy_already_exists(self, _restart):
         self.config.enable_autohsts(mock.MagicMock(), ["ocspvhost.com"])
         self.assertRaises(errors.PluginEnhancementAlreadyPresent,
                           self.config.enable_autohsts,
                           mock.MagicMock(), ["ocspvhost.com"])
 
-    @mock.patch("certbot_apache.constants.AUTOHSTS_FREQ", 0)
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.prepare")
+    @mock.patch("certbot_apache._internal.constants.AUTOHSTS_FREQ", 0)
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.prepare")
     def test_autohsts_increase(self, mock_prepare, _mock_restart):
         self.config._prepared = False
         maxage = "\"max-age={0}\""
@@ -74,8 +75,8 @@ class AutoHSTSTest(util.ApacheTest):
                           inc_val)
         self.assertTrue(mock_prepare.called)
 
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator._autohsts_increase")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator._autohsts_increase")
     def test_autohsts_increase_noop(self, mock_increase, _restart):
         maxage = "\"max-age={0}\""
         initial_val = maxage.format(constants.AUTOHSTS_STEPS[0])
@@ -89,8 +90,8 @@ class AutoHSTSTest(util.ApacheTest):
         self.assertFalse(mock_increase.called)
 
 
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
-    @mock.patch("certbot_apache.constants.AUTOHSTS_FREQ", 0)
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.constants.AUTOHSTS_FREQ", 0)
     def test_autohsts_increase_no_header(self, _restart):
         self.config.enable_autohsts(mock.MagicMock(), ["ocspvhost.com"])
         # Remove the header
@@ -102,8 +103,8 @@ class AutoHSTSTest(util.ApacheTest):
                           self.config.update_autohsts,
                           mock.MagicMock())
 
-    @mock.patch("certbot_apache.constants.AUTOHSTS_FREQ", 0)
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.constants.AUTOHSTS_FREQ", 0)
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
     def test_autohsts_increase_and_make_permanent(self, _mock_restart):
         maxage = "\"max-age={0}\""
         max_val = maxage.format(constants.AUTOHSTS_PERMANENT)
@@ -141,18 +142,18 @@ class AutoHSTSTest(util.ApacheTest):
         # Make sure that the execution does not continue when no entries in store
         self.assertFalse(self.config.storage.put.called)
 
-    @mock.patch("certbot_apache.display_ops.select_vhost")
+    @mock.patch("certbot_apache._internal.display_ops.select_vhost")
     def test_autohsts_no_ssl_vhost(self, mock_select):
         mock_select.return_value = self.vh_truth[0]
-        with mock.patch("certbot_apache.configurator.logger.warning") as mock_log:
+        with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
             self.assertRaises(errors.PluginError,
                               self.config.enable_autohsts,
                               mock.MagicMock(), "invalid.example.com")
             self.assertTrue(
                 "Certbot was not able to find SSL" in mock_log.call_args[0][0])
 
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.restart")
-    @mock.patch("certbot_apache.configurator.ApacheConfigurator.add_vhost_id")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart")
+    @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.add_vhost_id")
     def test_autohsts_dont_enhance_twice(self, mock_id, _restart):
         mock_id.return_value = "1234567"
         self.config.enable_autohsts(mock.MagicMock(),
@@ -177,7 +178,7 @@ class AutoHSTSTest(util.ApacheTest):
         self.config._autohsts_fetch_state()
         self.config._autohsts["orphan_id"] = {"laststep": 999, "timestamp": 0}
         self.config._autohsts_save_state()
-        with mock.patch("certbot_apache.configurator.logger.warning") as mock_log:
+        with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
             self.config.deploy_autohsts(mock.MagicMock())
             self.assertTrue(mock_log.called)
             self.assertTrue(

certbot-apache/tests/centos6_test.py

@@ -1,13 +1,14 @@
-"""Test for certbot_apache.configurator for CentOS 6 overrides"""
+"""Test for certbot_apache._internal.configurator for CentOS 6 overrides"""
 import unittest
 
 from certbot.compat import os
 from certbot.errors import MisconfigurationError
 
-from certbot_apache import obj
-from certbot_apache import override_centos
-from certbot_apache import parser
-from certbot_apache.tests import util
+from certbot_apache._internal import obj
+from certbot_apache._internal import override_centos
+from certbot_apache._internal import parser
+
+import util
 
 
 def get_vh_truth(temp_dir, config_name):

certbot-apache/tests/centos_test.py

@@ -1,4 +1,4 @@
-"""Test for certbot_apache.configurator for Centos overrides"""
+"""Test for certbot_apache._internal.configurator for Centos overrides"""
 import unittest
 
 import mock
@@ -7,9 +7,10 @@ from certbot import errors
 from certbot.compat import filesystem
 from certbot.compat import os
 
-from certbot_apache import obj
-from certbot_apache import override_centos
-from certbot_apache.tests import util
+from certbot_apache._internal import obj
+from certbot_apache._internal import override_centos
+
+import util
 
 
 def get_vh_truth(temp_dir, config_name):
@@ -55,7 +56,7 @@ class FedoraRestartTest(util.ApacheTest):
             self.config.config_test()
 
     def test_non_fedora_error(self):
-        c_test = "certbot_apache.configurator.ApacheConfigurator.config_test"
+        c_test = "certbot_apache._internal.configurator.ApacheConfigurator.config_test"
         with mock.patch(c_test) as mock_test:
             mock_test.side_effect = errors.MisconfigurationError
             with mock.patch("certbot.util.get_os_info") as mock_info:
@@ -64,7 +65,7 @@ class FedoraRestartTest(util.ApacheTest):
                                   self.config.config_test)
 
     def test_fedora_restart_error(self):
-        c_test = "certbot_apache.configurator.ApacheConfigurator.config_test"
+        c_test = "certbot_apache._internal.configurator.ApacheConfigurator.config_test"
         with mock.patch(c_test) as mock_test:
             # First call raises error, second doesn't
             mock_test.side_effect = [errors.MisconfigurationError, '']
@@ -74,7 +75,7 @@ class FedoraRestartTest(util.ApacheTest):
                                   self._run_fedora_test)
 
     def test_fedora_restart(self):
-        c_test = "certbot_apache.configurator.ApacheConfigurator.config_test"
+        c_test = "certbot_apache._internal.configurator.ApacheConfigurator.config_test"
         with mock.patch(c_test) as mock_test:
             with mock.patch("certbot.util.run_script") as mock_run:
                 # First call raises error, second doesn't
@@ -107,7 +108,7 @@ class MultipleVhostsTestCentOS(util.ApacheTest):
     def test_get_parser(self):
         self.assertIsInstance(self.config.parser, override_centos.CentOSParser)
 
-    @mock.patch("certbot_apache.parser.ApacheParser._get_runtime_cfg")
+    @mock.patch("certbot_apache._internal.parser.ApacheParser._get_runtime_cfg")
     def test_opportunistic_httpd_runtime_parsing(self, mock_get):
         define_val = (
             'Define: TEST1\n'
@@ -156,7 +157,7 @@ class MultipleVhostsTestCentOS(util.ApacheTest):
                 raise Exception("Missed: %s" % vhost)  # pragma: no cover
         self.assertEqual(found, 2)
 
-    @mock.patch("certbot_apache.parser.ApacheParser._get_runtime_cfg")
+    @mock.patch("certbot_apache._internal.parser.ApacheParser._get_runtime_cfg")
     def test_get_sysconfig_vars(self, mock_cfg):
         """Make sure we read the sysconfig OPTIONS variable correctly"""
         # Return nothing for the process calls
@@ -177,13 +178,13 @@ class MultipleVhostsTestCentOS(util.ApacheTest):
         self.assertTrue("MOCK_NOSEP" in self.config.parser.variables.keys())
         self.assertEqual("NOSEP_VAL", self.config.parser.variables["NOSEP_TWO"])
 
-    @mock.patch("certbot_apache.configurator.util.run_script")
+    @mock.patch("certbot_apache._internal.configurator.util.run_script")
     def test_alt_restart_works(self, mock_run_script):
         mock_run_script.side_effect = [None, errors.SubprocessError, None]
         self.config.restart()
         self.assertEqual(mock_run_script.call_count, 3)
 
-    @mock.patch("certbot_apache.configurator.util.run_script")
+    @mock.patch("certbot_apache._internal.configurator.util.run_script")
     def test_alt_restart_errors(self, mock_run_script):
         mock_run_script.side_effect = [None,
                                        errors.SubprocessError,