Using ArgumentTypeError causes Certbot to report an unexpected error occurred
while using ArgumentError causes argparse to print more usage information and
call sys.exit().
* move install_ssl_options_conf functionality to common
* add no cover
* compute current hash instead of saving
* make current hash be computed; switch to list of all canonical hashes
* put message directly into assertion
* don't pass logger
* add docstring
* Add unit tests for certbot.plugins.common.install_ssl_options_conf
* Add OS X test
* Fix apache tests
* Use absolute path first so that certbot works with non-standard $PATH
Some tests use a fake $PATH, which prevents invoking `sw_vers`
* Also test Python 3 on Mac
* Set ulimit to fix "Too many open files"
This change refactors the release script to handle subpackages which are
not bundled as a part of cerbot-auto.
The script now allows developers to define subpackages as either being
included in certbot-auto, or not.
The script then uses one of three sets of subpackages for each operation:
* The version number is updated for all non-certbot subpackages
(and certbot itself is handled separately)
* sdists and wheels are created for all non-certbot subpackages
(and certbot itself is handled separately)
* Testing is performed for all subpackages
* Hashes are pinned for certbot-auto subpackages (including certbot)
* cert signature validation for certificates subcommand + a test
* refactoring validation + adding in a check for making sure that the private key matches the certificate
* adding testing certs
* assertIsNone(x) -> assertEqual(None,x) to unbreak the py2.6 tests
* modifying test_verifu_renewable_cert_failure to hopefully appease python 3 test timeouts
* updating cryptography to be >=1.2 so that we can use verify
* removing unused, old testing certificate
* adding better error handling/logging
* adding test for IOError
* switching to a 2048 bit rsa key
This change updates the setup script for the route53 plugin to more
closely match conventions from other packages in the repository.
Notable changes:
* The version number is bumped to match the rest of Certbot.
* The package now requires a matching version of ACME and core Certbot.
* Contact information is updated.
* Additional versions of Python are listed.
Implement an Authenticator which can fulfill a dns-01 challenge using
the NS1 DNS API. Applicable only for domains using NS1 DNS.
Testing Done:
* `tox -e py27`
* `tox -e lint`
* Manual testing:
* Used `certbot certonly --dns-nsone -d`, specifying a
credentials file as a command line argument. Verified that a
certificate was successfully obtained without user interaction.
* Used `certbot certonly --dns-nsone -d`, without specifying a
credentials file as a command line argument. Verified that the
user was prompted and that a certificate was successfully
obtained.
* Used `certbot certonly -d`. Verified that the user was prompted for
a credentials file after selecting dnsimple interactively and that
a certificate was successfully obtained.
* Used `certbot renew --force-renewal`. Verified that certificates
were renewed without user interaction.
* Negative testing:
* Path to non-existent credentials file.
* Credentials file with unsafe permissions (644).
* Path to credentials file with an invalid token.
* Path to credentials file without a token.
* Domain name not registered to NS1 account.
* Automatically delete temp log file when not used.
This allows close() calls in logging.shutdown() to cause the file to be
deleted when no logging output has been written to the file.
* Make certbot.log.MemoryHandler.flush() a noop.
This causes MemoryHandler.flush() calls in logging.shutdown to be a noop,
allowing us to control when the handler is actually flushed. This prevents log
records from being sent to a temporary file handler for things like
`certbot --version`.
* Keep reference to certbot.log.MemoryHandler.target
In Python 2.7+, the logging module only keeps weak references to created
logging handlers. Because of this, the MemoryHandler's target will not be
properly flushed and closed when logging.shutdown() is called on program exit
unless we keep a reference to it in the MemoryHandler.
* Fixes#4719.
This completes the changes necessary to fix#4719. Now temporary log files are
not created if sys.exit() is called before logging is fully set up. These files
are still created if Certbot crashes for any other reason.
* Document pre_arg_parse_except_hook args.
Fixes#4559.
* Update options-ssl-nginx.conf in prepare, if it hasn't been modified.
* add previous options-ssl-nginx.conf hashes
* InstallSslOptionsConfTest
* remove .new file and only print warning once
* save digest to /etc/letsencrypt
* add comment reminding devs to update hashes
* add comment and test for sha256sum
* treat hash file as text file because python3
* move constants and rename hidden digest file
Implement an Authenticator which can fulfill a dns-01 challenge using
the DNSimple DNS API. Applicable only for domains using DNSimple DNS.
Testing Done:
* `tox -e py27`
* `tox -e lint`
* Manual testing:
* Used `certbot certonly --dns-dnsimple -d`, specifying a
credentials file as a command line argument. Verified that a
certificate was successfully obtained without user interaction.
* Used `certbot certonly --dns-dnsimple -d`, without specifying a
credentials file as a command line argument. Verified that the
user was prompted and that a certificate was successfully
obtained.
* Used `certbot certonly -d`. Verified that the user was prompted for
a credentials file after selecting dnsimple interactively and that
a certificate was successfully obtained.
* Used `certbot renew --force-renewal`. Verified that certificates
were renewed without user interaction.
* Negative testing:
* Path to non-existent credentials file.
* Credentials file with unsafe permissions (644).
* Path to credentials file with an invalid token.
* Path to credentials file without a token.
* Domain name not registered to DNSimple account.
* Change wording of renew with new domains msg to allow clearer display.
* Further improve domain change message formatting.
* Fix text formatting tests
* Creates SupportedChallengesAction
This fixes#3987 as the call to set_by_default can be removed entirely.
Additionally, logger.warning can be used rather than writing to stderr directly
because #3184 has been resolved and we're guaranteed to having logging setup.
* Move validator to SupportedChallengesAction
supported_challenges_validator was moved to SupportedChallengesAction so
argparse.ArgumentError can be easily used to provide nice error output. Tests
in standalone_test.py were also updated so the module still has 100% test
coverage.
* Better document ArgumentError usage
Implement an Authenticator which can fulfill a dns-01 challenge using
the CloudXNS DNS API. Applicable only for domains using CloudXNS DNS.
Testing Done:
* `tox -e py27`
* `tox -e lint`
* Manual testing:
* Used `certbot certonly --dns-cloudxns -d`, specifying a
credentials file as a command line argument. Verified that a
certificate was successfully obtained without user interaction.
* Used `certbot certonly --dns-cloudxns -d`, without specifying a
credentials file as a command line argument. Verified that the
user was prompted and that a certificate was successfully
obtained.
* Used `certbot certonly -d`. Verified that the user was prompted for
a credentials file after selecting cloudxns interactively and that
a certificate was successfully obtained.
* Used `certbot renew --force-renewal`. Verified that certificates
were renewed without user interaction.
* Negative testing:
* Path to non-existent credentials file.
* Credentials file with unsafe permissions (644).
* Domain name not registered to CloudXNS account.
