* Output status for `revoke` operation. Fixes#2819.
- Added method to `certbot.display.ops` to output confirmation of `revoke`.
- Wrapped call to `acme.client.Client.revoke` in a try to statement to
handle possible error.
- Added test for `main.revoke`.
* Added test for failure of certificate revocation.
Moved creation of mocks into RevokeTest setup function.
Stopped mocks in RevokeTest teardown function.
* Fixed lint errors.
* Do not call `unittest.TestCase.assertRaises` as a context manager (to work with py26).
* Fixed spelling error in successful revocation notification.
Added test for the notification.
* disallow binary (wheel) install for pycparser
pycparser has uploaded a broken wheel for 2.14, failing for two reasons
1. sha mismatch, due to not instructing pip which dist to install
2. bug in the wheel itself
* regen letsencrypt-auto-source/letsencrypt-auto
* Changed informational messages because of confusing message on reinstallation.
Certbot prompts the user when it detects that an appropriately fresh certificate
is already available:
You have an existing certificate that contains exactly the same domains you requested and isn't close to expiry.
(ref: <path>)
What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
On selecting '1' (reinstall), the resulting message is:
-------------------------------------------------------------------------------
Your existing certificate has been successfully reinstalled, and the new
certificate has been installed.
The new certificate covers the following domains: https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
"Your existing certificate has been successfully reinstalled" <-- Okay
"and the new certificate has been installed." <-- Wait, what?
The issue appears to come from assumptions in certbot/certbot/main.py
It uses `len(lineage.available_versions("cert"))` to determine if this was a
fresh install or renewal, and then calls either `display_ops.success_renewal()`
(which produces the "existing certificate ... and the new certificate" language)
or `display_ops.success_installation()` (which has no messaging about existing
vs. new certificates).
The len(lineage) test isn't the right way to make this choice. The certificate's
lineage length doesn't imply anything about whether we've just obtained a new
certificate, because there is no new certificate in the case of a "reinstall"
action.
The new logic calls `display_ops.success_installation()` on all "reinstall"
actions, and otherwise employs the existing `len(lineage)` test.
Additionally the `display_ops.success_installation()` has been enhanced to
accept an action parameter, and has the message reworded slightly to make
sense regardless of the action passed. The messaging is mostly unchanged if it's
called without the action parameter:
Original message:
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
New message on initial install:
-------------------------------------------------------------------------------
Congratulations! You have successfully installed a certificate for
https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
New message on re-install:
-------------------------------------------------------------------------------
Congratulations! You have successfully reinstalled a certificate for
https://<whatever>
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=<whatever>
-------------------------------------------------------------------------------
* Typo in display message.
* Typo, characters transposed.
* undo changes to certbot/display/ops.py
* remove invalid todos
* Test success_installation() called for reinstall
* Simplify display_ops.success* functions
* refactor and expand run() tests
* Adding Debian 7 (Wheezy) to LE tests
* Adding Debian 8 (Jessie) to LE tests
* Fixing Debian Wheezy certificate addition error
* Adding packages to LEA Debian Jessie test and refining the code commenting
* Adding installing OpenSSL to the Debian Wheezy LEA test script
* Removing LEA tests for Debian Jessie
* Fixing nits
* Switch to using absolute path in symlink
* save archive_dir to config and read it back
* cli_config.archive_dir --> cli_config.default_archive_dir
* Use archive_dir specified in renewal config file
* add helpful broken symlink info
* add docstring to method
* Add tests
* remove extraneous test imports
* fix tests
* py2.6 syntax fix
* git problems
* Add list-certs command
* no dict comprehension in python2.6
* add test coverage
* More py26 wrangling
* update tests for py3 and lint
* remove extra dep from test
* test coverage
* test shouldn't be based on dict representation order
* Redo report UX and add tests to cover
* remove storage str test
* lint and use mock properly
* mock properly
* address code review comments
* lineage --> certificate name and print fullchain and privkey paths
* make py26 happy
* actually make py26 happy
* don't wrap text
* Script plugin initial commit
* Fix auth script path
* Return correct responses
* Added DNS-01 support
* Report the challenge pref correctly
* Use config root from certbot constants rather than hardcoded
* Remove prehook and rename posthook to cleanup for clarity
* Refactoring
* Docs
* Refactoring
* Refactoring continued, working now
* Use global preferred-challenges argument in favor of local
* Added http-01 as fallback challenge if not defined
* Do not continue if auth script not defined
* Skip unnecessary steps when running
* Read config values from correct places
* Tests and minor fixes
* Make Python 2.6 happy again
* Added CERTBOT_AUTH_OUTPUT and better tests
* Lint & Py3 fixes
* Make Python 2.6 happy again
* Doc changes
* Refactor hook execute and reuse in script plugin
* Refactored hook validation
* Added long_description for plugin help text
* Refactored env var writing
* Standardize arguments name for mode and chmod in the util API
* Handle OpenSSL pem as bytes objects only for Python3 compatibility
* Handle OpenSSL pem as bytes objects only (remaining bits)
* Manipulate bytes objects only when testing PEM-related functions
* Fix argument order when calling util.unique_file
* Fix non-ASCII domain check.
Previously, the code would convert to utf-8, check for non-ASCII, and then try
to use .format() to interpolate the result into an error message. This would
generate a second error that would cause the whole message to get dropped, and
the program to silently exit. The problem can be succinctly observed like so:
$ python
>>> "{0}".format("ウェブ.crud.net")
'\xe3\x82\xa6\xe3\x82\xa7\xe3\x83\x96.crud.net'
>>> "{0}".format(u"ウェブ.crud.net")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-2: ordinal not in range(128)
Note for the curious: This problem only seems to happen with .format():
>>> "%s" % ("ウェブ.crud.net")
'\xe3\x82\xa6\xe3\x82\xa7\xe3\x83\x96.crud.net'
>>> "%s" % (u"ウェブ.crud.net")
u'\u30a6\u30a7\u30d6.crud.net'
Not resetting OPTIND between each call of getopts skips all short args except the first one.
It fixes this automated command:
./certbot-auto certonly --webroot -w /tmp -d example.com --agree-tos --email contact@example.com -n
Where "-w" was parsed by getopts and not "-n"
* When getopts is called multiple time we need to reset OPTIND. Issue #3459
* Adding OPTIND reset in the certbot-auto source file
* Building new letsencrypt-auto from template
* Switch to using absolute path in symlink
* save archive_dir to config and read it back
* cli_config.archive_dir --> cli_config.default_archive_dir
* Use archive_dir specified in renewal config file
* add helpful broken symlink info
* add docstring to method
* Add tests
* remove extraneous test imports
* fix tests
* py2.6 syntax fix
* git problems
* no dict comprehension in python2.6
* add test coverage
* More py26 wrangling
Print request and response bodies with newlines, rather than all on one line.
Remove "Omitted empty field" log, which gets logged meaninglessly for every JSON
serialization.
Remove duplicated logging of responses.
Log the base64 version of the nonce, rather than turning it into bytes and
logging the backslash-escaped version of those bytes.
Only pass -vv in tests.
With #2403 and #3046, certbot gained the ability to parse CSRs
encoded as PEM and without a SAN extension. Update the CLI usage
docs to reflect this change.
