fix merge

.travis.yml

@@ -23,6 +23,7 @@ env:
   global:
     - GOPATH=/tmp/go
     - PATH=$GOPATH/bin:$PATH
+    - GO15VENDOREXPERIMENT=1  # Fixes problems with vendor directories
 
 matrix:
   include:

README.rst

@@ -3,9 +3,9 @@
 Disclaimer
 ==========
 
-Certbot is **BETA SOFTWARE**. It contains plenty of bugs and
-rough edges, and should be tested thoroughly in staging environments before use
-on production systems.
+Certbot (previously, the Let's Encrypt client) is **BETA SOFTWARE**. It
+contains plenty of bugs and rough edges, and should be tested thoroughly in
+staging environments before use on production systems.
 
 For more information regarding the status of the project, please see
 https://letsencrypt.org. Be sure to checkout the
@@ -138,16 +138,15 @@ System Requirements
 ===================
 
 The Let's Encrypt Client presently only runs on Unix-ish OSes that include
-Python 2.6 or 2.7; Python 3.x support will be added after the Public Beta
-launch. The client requires root access in order to write to
-``/etc/letsencrypt``, ``/var/log/letsencrypt``, ``/var/lib/letsencrypt``; to
-bind to ports 80 and 443 (if you use the ``standalone`` plugin) and to read and
-modify webserver configurations (if you use the ``apache`` or ``nginx``
-plugins).  If none of these apply to you, it is theoretically possible to run
-without root privileges, but for most users who want to avoid running an ACME
-client as root, either `letsencrypt-nosudo
-<https://github.com/diafygi/letsencrypt-nosudo>`_ or `simp_le
-<https://github.com/kuba/simp_le>`_ are more appropriate choices.
+Python 2.6 or 2.7; Python 3.x support will hopefully be added in the future. The
+client requires root access in order to write to ``/etc/letsencrypt``,
+``/var/log/letsencrypt``, ``/var/lib/letsencrypt``; to bind to ports 80 and 443
+(if you use the ``standalone`` plugin) and to read and modify webserver
+configurations (if you use the ``apache`` or ``nginx`` plugins).  If none of
+these apply to you, it is theoretically possible to run without root privileges,
+but for most users who want to avoid running an ACME client as root, either
+`letsencrypt-nosudo <https://github.com/diafygi/letsencrypt-nosudo>`_ or
+`simp_le <https://github.com/kuba/simp_le>`_ are more appropriate choices.
 
 The Apache plugin currently requires a Debian-based OS with augeas version
 1.0; this includes Ubuntu 12.04+ and Debian 7+.

certbot/cli.py

@@ -37,7 +37,7 @@ helpful_parser = None
 # should only be used for purposes where inability to detect letsencrypt-auto
 # fails safely
 
-fragment = os.path.join(".local", "share", "certbot")
+fragment = os.path.join(".local", "share", "letsencrypt")
 cli_command = "letsencrypt-auto" if fragment in sys.argv[0] else "certbot"
 
 # Argparse's help formatting has a lot of unhelpful peculiarities, so we want

certbot/client.py

@@ -245,8 +245,9 @@ class Client(object):
                 domains,
                 self.config.allow_subset_of_names)
 
-        domains = [a.body.identifier.value.encode('ascii')
-                                          for a in authzr]
+        auth_domains = set(a.body.identifier.value.encode('ascii')
+                           for a in authzr)
+        domains = [d for d in domains if d in auth_domains]
 
         # Create CSR from names
         key = crypto_util.init_save_key(

certbot/main.py

@@ -528,7 +528,7 @@ def obtain_cert(config, plugins, lineage=None):
             notify("new certificate deployed with reload of {0} server; fullchain is {1}".format(
                    config.installer, lineage.fullchain), pause=False)
     elif action == "reinstall" and config.verb == "certonly":
-        notify("Certificate not yet due for renewal; no action taken.")
+        notify("Certificate not yet due for renewal; no action taken.", pause=False)
     _suggest_donation_if_appropriate(config, action)
 
 

certbot/renewal.py

@@ -287,7 +287,7 @@ def _renew_describe_results(config, renew_successes, renew_failures,
     if parse_failures:
         notify("\nAdditionally, the following renewal configuration files "
                "were invalid: ")
-        notify(parse_failures, "parsefail")
+        notify(report(parse_failures, "parsefail"))
 
     if config.dry_run:
         notify("** DRY RUN: simulating 'certbot renew' close to cert expiry")

certbot/storage.py

@@ -78,6 +78,10 @@ def write_renewal_config(o_filename, n_filename, target, relevant_data):
         if k not in relevant_data:
             del config["renewalparams"][k]
 
+    if "renew_before_expiry" not in config:
+        default_interval = constants.RENEWER_DEFAULTS["renew_before_expiry"]
+        config.initial_comment = ["renew_before_expiry = " + default_interval]
+
     # TODO: add human-readable comments explaining other available
     #       parameters
     logger.debug("Writing new config %s.", n_filename)

certbot/tests/client_test.py

@@ -201,7 +201,8 @@ class ClientTest(unittest.TestCase):
 
         authzr = []
 
-        for domain in domains:
+        # domain ordering should not be affected by authorization order
+        for domain in reversed(domains):
             authzr.append(
                 mock.MagicMock(
                     body=mock.MagicMock(

certbot/tests/main_test.py

@@ -0,0 +1,48 @@
+"""Tests for certbot.main."""
+import unittest
+
+
+import mock
+
+
+from certbot import cli
+from certbot import configuration
+from certbot.plugins import disco as plugins_disco
+
+
+class ObtainCertTest(unittest.TestCase):
+    """Tests for certbot.main.obtain_cert."""
+
+    def setUp(self):
+        self.get_utility_patch = mock.patch(
+            'certbot.main.zope.component.getUtility')
+        self.mock_get_utility = self.get_utility_patch.start()
+
+    def tearDown(self):
+        self.get_utility_patch.stop()
+
+    def _call(self, args):
+        plugins = plugins_disco.PluginsRegistry.find_all()
+        config = configuration.NamespaceConfig(
+            cli.prepare_and_parse_args(plugins, args))
+
+        from certbot import main
+        with mock.patch('certbot.main._init_le_client') as mock_init:
+            main.obtain_cert(config, plugins)
+
+        return mock_init()  # returns the client
+
+    @mock.patch('certbot.main._auth_from_domains')
+    def test_no_reinstall_text_pause(self, mock_auth):
+        mock_notification = self.mock_get_utility().notification
+        mock_notification.side_effect = self._assert_no_pause
+        mock_auth.return_value = (mock.ANY, 'reinstall')
+        self._call('certonly --webroot -d example.com -t'.split())
+
+    def _assert_no_pause(self, message, height=42, pause=True):
+        # pylint: disable=unused-argument
+        self.assertFalse(pause)
+
+
+if __name__ == '__main__':
+    unittest.main()  # pragma: no cover

docs/using.rst

@@ -124,7 +124,7 @@ or ``--webroot-path /usr/share/nginx/html`` are two common webroot paths.
 
 If you're getting a certificate for many domains at once, the plugin
 needs to know where each domain's files are served from, which could
-potentially be a separate directory for each domain. When requested a
+potentially be a separate directory for each domain. When requesting a
 certificate for multiple domains, each domain will use the most recently
 specified ``--webroot-path``.  So, for instance,
 
@@ -184,11 +184,11 @@ be on a different computer.
 Nginx
 -----
 
-In the future, if you're running Nginx you can use this plugin to
-automatically obtain and install your certificate. The Nginx plugin
-is still experimental, however, and is not installed with
-certbot-auto_. If installed, you can select this plugin on the
-command line by including ``--nginx``.
+In the future, if you're running Nginx you will hopefully be able to use this
+plugin to automatically obtain and install your certificate. The Nginx plugin is
+still experimental, however, and is not installed with certbot-auto_. If
+installed, you can select this plugin on the command line by including
+``--nginx``.
 
 Third-party plugins
 -------------------
@@ -447,7 +447,13 @@ If you run Debian Stretch or Debian Sid, you can install letsencrypt packages.
 If you don't want to use the Apache plugin, you can omit the
 ``python-certbot-apache`` package.
 
-Packages for Debian Jessie are coming in the next few weeks.
+Packages exist for Debian Jessie via backports. First you'll have to follow the
+instructions at http://backports.debian.org/Instructions/ to enable the Jessie backports
+repo, if you have not already done so. Then run:
+
+.. code-block:: shell
+
+   sudo apt-get install certbot python-certbot-apache -t jessie-backports
 
 **Fedora**
 

setup.py

@@ -39,7 +39,7 @@ install_requires = [
     'ConfigArgParse>=0.9.3',
     'configobj',
     'cryptography>=0.7',  # load_pem_x509_certificate
-    'parsedatetime',
+    'parsedatetime>=1.3',  # Calendar.parseDT
     'psutil>=2.1.0',  # net_connections introduced in 2.1.0
     'PyOpenSSL',
     'pyrfc3339',

tests/letstest/multitester.py

@@ -349,7 +349,7 @@ def test_client_process(inqueue, outqueue):
         print(env.host_string)
 
         try:
-            install_and_launch_letsencrypt(instances[ii], boulder_url, target)
+            install_and_launch_certbot(instances[ii], boulder_url, target)
             outqueue.put((ii, target, 'pass'))
             print("%s - %s SUCCESS"%(target['ami'], target['name']))
         except:

tools/_venv_common.sh

@@ -18,7 +18,8 @@ virtualenv --no-site-packages $VENV_NAME $VENV_ARGS
 # Separately install setuptools and pip to make sure following
 # invocations use latest
 pip install -U setuptools
-pip install -U pip
+# --force-reinstall used to fix broken pip installation on some systems
+pip install --force-reinstall -U pip
 pip install "$@"
 
 set +x