* organize cert_manager.py
* add delete files to cert manager and storage
* add tests
* add to main and cli
* Clean up all related files we can find, even if some are missing.
* error messages, debug logs, and remove RenewerConfiguration
* add logs for failure to remove
* remove renewer_config_file
* Begin fixing incorrect defaults
* Fix more defaults
* Make more defaults correct
* Update cli-help.txt
(To show what this PR does)
* Lint
* Extend argparse rather than vendoring it
* lint
* Move sample User Agent generation into the same module as UA generation
* Revert cli-help.txt to previous release version
* Slightly more consistent linebreaks
* Start reorganising -h output
* Fix the --debug flag
- Currently exceptions are often caught and burried in log files, even
if this flag is provided!
* Explain the insanity
* Parallalelise nosetests from tox (#3836)
* Parallalelise nosetests from tox
* Parallelise even more things, break even more things
* Now unbreak all the tests that aren't ready for ||ism
* Try to pass tests!
- Remove non-working hack in reporter_test
- also be selective about ||ism in the cover environment
* Try again
* certbot-apache tests also work, given enough time
* Nginx may need more time in Travis's cloud
* Unbreak reporter_test under ||ism
* More timeout
* Working again?
* This goes way faster
* Another big win
* Split a couple more large test suites
* A last improvement
* More ||ism!
* ||ise lint too
* Allow nosetests to figure out how many cores to use
* simplify merge
* Mark the new CLI tests as ||izable
* Simplify reporter_test changes
* Rationalise ||ism flags
* Re-up coverage
* Clean up reporter tests
* Stop modifying testdata during tests
* remove unused os
* Improve the "certbot certificates" output (#3846)
* Begin making "certbot certificates" future safe
* Handle the case where a renewal conf file has no "server" entry
* Improvements, tweaks
* Capitalise on things
* Print the command summary for -h and -h all, but not otherwise
Also, update nginx not installed CLI hint
* Add a "certificates" help section
* Clean up usage string construction
* Greatly improve "certbot -h TOPIC"
- subcommands now get their own usage headings if they want them
- added "certbot -h commands"
* A few more cli formatting tests
* Auto-populate the verb subgroups from the docs
* Show the new help output
* Lint, tweak
* More lint, and cleanup
* Infinite lint
* Add rename to command summary; sort "-h commands" output
* Use fancy string formatting
* More space
* Implement --help manage
Also, implement a general mechanism for documenting subcommands within
topics
* Remove one comma
* Only create weird parser structures if -h is provided :)
* Update sample cli out
* Lint
* Revert cli-help.txt to previous release version
* Grammar & style
* Fix the --debug flag
- Currently exceptions are often caught and burried in log files, even
if this flag is provided!
* Explain the insanity
* Make things slightly nicer
* Rename and simplify main functions
* pass certname to auth method
* find cert by certname flag
* Implement --cert-name command
* don't ask to confirm new cert when we have domains and no existing certs with the lineage name
* Refactor and add --new-cert-name flag
* add interactivity to rename verb
* allow noninteractive and more descriptive function names
* Parallalelise nosetests from tox
* Parallelise even more things, break even more things
* Now unbreak all the tests that aren't ready for ||ism
* Try to pass tests!
- Remove non-working hack in reporter_test
- also be selective about ||ism in the cover environment
* Try again
* certbot-apache tests also work, given enough time
* Nginx may need more time in Travis's cloud
* Unbreak reporter_test under ||ism
* More timeout
* Working again?
* This goes way faster
* Another big win
* Split a couple more large test suites
* A last improvement
* More ||ism!
* ||ise lint too
* Allow nosetests to figure out how many cores to use
* simplify merge
* Mark the new CLI tests as ||izable
* Simplify reporter_test changes
* Rationalise ||ism flags
* Re-up coverage
* Clean up reporter tests
* Stop modifying testdata during tests
* remove unused os
* Added support for shells without default variable support
* Added support for BusyBox installs that do not have `command` but has `which`
* Style fixes as suggested by reviewer
* Renamed `WHERE_IS` to `EXISTS` as suggested by review
* Removed expansion of `$LE_AUTO_SUDO` to `x` as the `-n` can check empty strings.
* Added `EXISTS` to debian bootstrap as suggested in review
* Move parse_server to be a method of NginxParser
* add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future
* add addr:normalized_tuple method
* mark addresses listening sslishly due to another server block listening sslishly on that address
* test turning on ssl globally
* add docstring
* lint and remove extra file
* certbot-auto: Print link to doc on debugging pip install error
Also, update the doc to teach the user to workaround problem on a low
memory system.
* Correct formatting
* grep the PIP_OUT and print useful info if the problem is about memory allocation
* Fix logic on string to grep
* Begin breaking out cli_test.py
* simplify main
* refactor porse tests
* move determine account tests to main_test.py
* move duplicate cert test to main_test.py
* move cli stuff out of the way
* add test_renewal.py
* move error test into error_handler_test.py
* move test_read_file
* move test_no_gui out of MainTest
* move test_install_abspath to parsetest
* Move main tests into main_test.py
* move cli tests back into cli_test.py
* clean up cli_test.py
* move punycode test to util_test.py
* Fix NameError from missing plugins_disco
* Fix linting errors
* test_renewal.py -> renewal_test.py
* rm not_cli_test.py
* Move main._handle_exception test to main_test.py
* Move renewal import in renewal_test.py
from @ohemorange comments
* certbot.tests.test_util -> certbot.tests.util
* Fix issues from rebasing.
* Fix testing issue with option_was_set
* fix linting issue
Test farm tests should test the version of letsencrypt-auto that's in the git tree, not the one from the previous release.
* Test the new leauto, not the previously released one
* Stop passing around config and refactor tests
* Refactor and warn during enhance_config
* Use mock.ANY to make new Pythons happy
* Remove verbose enhance_config from test names
* Fix spacing in warning
* Ensure tests pass with openssl 1.1
A bunch of the acme.standalone and acme.crypto_util tests were using
weak crypto that is now prohibited :/
* lint
* lintlint
* Fix symlink
* pin requests version in py26-oldest
* Determine requests security deps dynamically
Starting with requests 2.12, pyasn1 and ndg-httpsclient are no longer
needed to inject pyopenssl into urllib3. This change allows us to
determine whether or not these dependencies are required at install
time. If an older version of requests is used, these packages are
still installed. If a new version of requests is used, they are not
reducing the number of dependencies we have.
* Bump requests version in certbot-auto
* Use pkg_resources in activate test
Due to pip's lack of dependency resolution, the change to use
requests[extras] causes errors in acme.util_test because pkg_resources
accurately detects the "missing" dependency.
There isn't a real problem here. The problem comes from a brand new
requests and ancient pyopenssl as well as a unit test for
functionality we plan to remove in our next release. I modified
the unit test to fix the problem for now.
* Use six instead of pkg_resources for test
* Require requests<=2.11.1 in py27-oldest test
If we don't do this, we get test failures for the certbot package
which is actually a good thing! pkg_resources is catching the
unlikely but possible problem I describe in #3803 and erroring out
saying it is missing the necessary dependencies to run certbot.
Good job package resources.
* Undo changes to acme.util_test
Certbot currently silently allows a user to specify enhancements that are
unsupported by the chosen plugin. This adds an early warning message
indicating when a selected enhancement isn't supported by a plugin.
* Output status for `revoke` operation. Fixes#2819.
- Added method to `certbot.display.ops` to output confirmation of `revoke`.
- Wrapped call to `acme.client.Client.revoke` in a try to statement to
handle possible error.
- Added test for `main.revoke`.
* Added test for failure of certificate revocation.
Moved creation of mocks into RevokeTest setup function.
Stopped mocks in RevokeTest teardown function.
* Fixed lint errors.
* Do not call `unittest.TestCase.assertRaises` as a context manager (to work with py26).
* Fixed spelling error in successful revocation notification.
Added test for the notification.
* disallow binary (wheel) install for pycparser
pycparser has uploaded a broken wheel for 2.14, failing for two reasons
1. sha mismatch, due to not instructing pip which dist to install
2. bug in the wheel itself
* regen letsencrypt-auto-source/letsencrypt-auto
* Changed informational messages because of confusing message on reinstallation.
Certbot prompts the user when it detects that an appropriately fresh certificate
is already available:
You have an existing certificate that contains exactly the same domains you requested and isn't close to expiry.
(ref: <path>)
What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
On selecting '1' (reinstall), the resulting message is:
-------------------------------------------------------------------------------
Your existing certificate has been successfully reinstalled, and the new
certificate has been installed.
The new certificate covers the following domains: https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
"Your existing certificate has been successfully reinstalled" <-- Okay
"and the new certificate has been installed." <-- Wait, what?
The issue appears to come from assumptions in certbot/certbot/main.py
It uses `len(lineage.available_versions("cert"))` to determine if this was a
fresh install or renewal, and then calls either `display_ops.success_renewal()`
(which produces the "existing certificate ... and the new certificate" language)
or `display_ops.success_installation()` (which has no messaging about existing
vs. new certificates).
The len(lineage) test isn't the right way to make this choice. The certificate's
lineage length doesn't imply anything about whether we've just obtained a new
certificate, because there is no new certificate in the case of a "reinstall"
action.
The new logic calls `display_ops.success_installation()` on all "reinstall"
actions, and otherwise employs the existing `len(lineage)` test.
Additionally the `display_ops.success_installation()` has been enhanced to
accept an action parameter, and has the message reworded slightly to make
sense regardless of the action passed. The messaging is mostly unchanged if it's
called without the action parameter:
Original message:
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
New message on initial install:
-------------------------------------------------------------------------------
Congratulations! You have successfully installed a certificate for
https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
New message on re-install:
-------------------------------------------------------------------------------
Congratulations! You have successfully reinstalled a certificate for
https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
* Typo in display message.
* Typo, characters transposed.
* undo changes to certbot/display/ops.py
* remove invalid todos
* Test success_installation() called for reinstall
* Simplify display_ops.success* functions
* refactor and expand run() tests
