3 گa@s:dZddlmZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z dd lm Z dd lmZdd lmZddlZddlZddlZddlZdd lmZdd lmZddlZddlmZddlmZdd lmZddlmZddlmZddl m!Z!ddl m"Z"ddl m#Z#dd l mZddl m$Z$ddl m%Z%ddl m&Z&ddl m'Z'ddl m(Z(ddl m)Z)ddl m*Z*ddl m+Z+ddl m,Z,ddl-m.Z/ddl-mZ0ddl1m2Z3dd l1m4Z5dd!l6m7Z7dd"l6m8Z8dd#l6m9Z9dd$l:m;Z<ddl:mZ=dd%l>m?Z?d&Z@ejAeBZCejDdd'd(d)ZEdejFejDe e eGe eGe e+jHe e+jHd*d+d,ZIejDe+jHdd-d.d/ZJejDe eGe+jHe eGe e+jHfd0d1d2ZKejDe+jHe eGe e+jHfd3d4d5ZLejDe eGe e eGe e+jHfd6d7d8ZMejDe eGeGe eNe e+jHfd9d:d;ZOejDe eGeGe e eGe e+jHfd9dZQe eQe eQe e eQe eQfd?d@dAZReGe eGeGdBdCdDZSejDe eGeGe eGddEdFdGZTdejDe ejUe eGe e eGeGfdHdIdJZVdejDe ejWe e+jHeNddLdMdNZXdejDe eGe eGe eGddOdPdQZYejDeNd'dRdSZZejDe eGe eGe eGddTdUdVZ[ejDe e!j\e ej]fd'dWdXZ^ejDdd'dYdZZ_ejDe ej`e ejUejFd[d\d]ZaejDe3jbe eGd^d_d`ZcejDe3jbe eGd^dadbZdejDe3jbe eGd^dcddZeejDe e+jHe eGd3dedfZfdejDejFe eGe e+jHddgdhdiZgejDe3jbe eGdjdkdlZhejDejDd'dmdnZiejDdd'dodpZjejDe3jbddjdqdrZkejDe3jbe eGdjdsdtZlejDe3jbddjdudvZmejDe3jbdd^dwdxZnejDe3jbdd^dydzZoejDe3jbdd^d{d|ZpejDe3jbdd^d}d~ZqejDe3jbe eGd^ddZrejDe3jbe eGdjddZsejDejFe e eGe eGe eGfdddZtejDe3jbe+jHddddZuejDe3jbddjddZvejDe3jbdd^ddZwejDdd'ddZxeejDeee=jye=jzfddfd'ddZ{de eGe eeGe|fdddZ}dS)zCertbot main entry point.)contextmanagerN) Generator)IO)Iterable)List)Optional)Tuple)TypeVar)Union)client)errors) configuration) crypto_util) interfaces)util)account) cert_manager)cli) constants)eff)hooks)log)renewal)reporter) snap_config)storage)updater)obj)disco) selection) filesystem)misc)os)ops) enhancementsz?User chose to cancel the operation and may reinvoke the client.)configreturncCs&|js |jrdStjtjddddS)zPotentially suggest a donation to support Certbot. :param config: Configuration object :type config: configuration.NamespaceConfig :returns: `None` :rtype: None NzIf you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-leF)pause)Zstagingquietratexit_register display_util notification)r%r,/usr/lib/python3.6/main.py _suggest_donation_if_appropriate=s  r.) le_clientr%domainscertnamelineager&c Cstj|z|dk rRtjdj|jr&dndtj|p6|jdt j ||||np|dkrdt j dtjdj|jrvdndtj|d|j ||}|d krt j d |dk rtj||j|jWdtj|X|S) a,Authenticate and enroll certificate. This method finds the relevant lineage, figures out what to do with it, then performs that action. Includes calls to hooks, various reports, checks, and requests for user input. :param config: Configuration object :type config: configuration.NamespaceConfig :param domains: List of domain names to get a certificate. Defaults to `None` :type domains: `list` of `str` :param certname: Name of new certificate. Defaults to `None` :type certname: str :param lineage: Certificate lineage object. Defaults to `None` :type lineage: storage.RenewableCert :returns: the issued certificate or `None` if doing a dry run :rtype: storage.RenewableCert or None :raises errors.Error: if certificate could not be obtained Nz{action} for {domains}z-Simulating renewal of an existing certificatez Renewing an existing certificate)actionr0z5Domain list cannot be none if the lineage is not set.z Simulating a certificate requestzRequesting a certificateFz!Certificate could not be obtained)rZpre_hookr*notifyformatdry_runinternal_display_utilsummarize_domain_listnamesr renew_certr ErrorZobtain_and_enroll_certificateZ deploy_hooklive_dirZ post_hook)r/r%r0r1r2r,r,r-_get_and_save_certWs,       r=)r%certr&cCsVtjd stjd rR|jj}|jj}||krRd}|j|j||}tj|dS)a| This function ensures that the user will not implicitly migrate an existing key from one type to another in the situation where a certificate for that lineage already exist and they have not provided explicitly --key-type and --cert-name. :param config: Current configuration provided by the client :param cert: Matching certificate that could be renewed key_typer1zAre you trying to change the key type of the certificate named {0} from {1} to {2}? Please provide both --cert-name and --key-type on the command line to confirm the change you are trying to make.N) r set_by_clir?upperZprivate_key_typer5 lineagenamer r;)r%r>Z new_key_typeZ cur_key_typemsgr,r,r-%_handle_unexpected_key_type_migrations   rD)r%r0r>r&cCst||dj|j}dj|jj|dj|tjd}|jsV|j sVt j |dddddr^d |fSt j d j|t jd jtjd d tjdtjtd S)aFigure out what to do if a previous cert had a subset of the names now requested :param config: Configuration object :type config: configuration.NamespaceConfig :param domains: List of domain names :type domains: `list` of `str` :param cert: Certificate object :type cert: storage.RenewableCert :returns: Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname action can be: "newcert" | "renew" | "reinstall" :rtype: `tuple` of `str` z, a You have an existing certificate that contains a portion of the domains you requested (ref: {0}){br}{br}It contains these names: {1}{br}{br}You requested these names for the new certificate: {2}.{br}{br}Do you want to expand and replace this existing certificate with the new certificate?)brZExpandCancelz--expandT)cli_flagforce_interactiverenewzTo obtain a new certificate that contains these names without replacing your existing certificate for {0}, you must use the --duplicate option.{br}{br}For example:{br}{br}{1} --duplicate {2} N)rDjoinr9r5 configfilefilenamer"linesepexpandZrenew_by_defaultr*yesnor4r cli_commandsysargvr r;USER_CANCELLED)r%r0r>Zexistingquestionr,r,r-_handle_subset_cert_requests    rW)r%r2r&cCst|||jsd|fStj||r.d|fS|jr#sz&_report_next_steps.. )endz NEXT STEPS:rz- )appendrzrrR!_cert_name_from_config_or_lineagecsr_is_interactive_only_authpreconfigured_renewalrZ ANSI_SGR_BOLDZANSI_SGR_RESETprintr*r4) r%r}r2r~ZstepsZbold_onnlZbold_offstepr,)r%r-_report_next_stepss2"     r)r% cert_pathfullchain_pathkey_pathr&cCsp|jrtjddSd}|jr,t| r,d}tjdj|tj|j|rPdj|nd||j dkrbdndd dS) aReports the creation of a new certificate to the user. :param config: Configuration object :type config: configuration.NamespaceConfig :param cert_path: path to certificate :type cert_path: str :param fullchain_path: path to full chain :type fullchain_path: str :param key_path: path to private key, if available :type key_path: str :returns: `None` :rtype: None zThe dry run was successful.Nrz_ Certbot has set up a scheduled task to automatically renew this certificate in the background.z Successfully received certificate. Certificate is saved at: {cert_path} {key_msg}This certificate expires on {expiry}. These files will be updated when the certificate renews.{renewal_msg}{nl}zKey is saved at: {} rYr)rexpiryZkey_msg renewal_msgr) r6r*r4rrr5rnotAfterdater\)r%rrrrr,r,r-_report_new_cert1s  rcCs|jdkr|jdkrdSdS)zP Whether the current authenticator params only support interactive renewal. ZmanualNTF) authenticatorZmanual_auth_hook)r%r,r,r-r^sr)r%r chain_pathrr&cCs>|jrtjddStj|j}tjdj||||ddS)a --csr variant of _report_new_cert. Until --csr is overhauled (#8332) this is transitional function to report the creation of a new certificate using --csr. TODO: remove this function and just call _report_new_cert when --csr is overhauled. :param config: Configuration object :type config: configuration.NamespaceConfig :param str cert_path: path to cert.pem :param str chain_path: path to chain.pem :param str fullchain_path: path to fullchain.pem zThe dry run was successful.Nz Successfully received certificate. Certificate is saved at: {cert_path} Intermediate CA chain is saved at: {chain_path} Full certificate chain is saved at: {fullchain_path} This certificate expires on {expiry}.)rrrr)r6r*r4rrrr5)r%rrrrr,r,r-_csr_report_new_cerths rc stddfdd }tj}d}jdk r:|jj}n|j}t|dkrltj|}|sftj d|}nt|dkr|d}nj dkrj rtj _ y"t j||d\}}tjd WnFtjk rYn0tj k rtjd d d tj d YnX|j_||fS)aDetermine which account to use. If ``config.account`` is ``None``, it will be updated based on the user input. Same for ``config.email``. :param config: Configuration object :type config: configuration.NamespaceConfig :returns: Account and optionally ACME client API (biproduct of new registration). :rtype: tuple of :class:`certbot._internal.account.Account` and :class:`acme.client.Client` :raises errors.Error: If unable to register an account with ACME server N)terms_of_servicer&cs6jr dSdj|}tj|ddd}|s2tjddS)NzpPlease read the Terms of Service at {0}. You must agree in order to register with the ACME server. Do you agree?z --agree-tosT)rGrHz?Registration cannot proceed without accepting Terms of Service.)Ztosr5r*rQr r;)rrCresult)r%r,r-_tos_cbsz#_determine_account.._tos_cbrKzNo account has been chosen.r)Ztos_cbzAccount registered.rT)exc_infoz.Unable to register an account with ACME server)strrAccountFileStorageloadfind_alllenr{Zchoose_accountr r;emailregister_unsafely_without_email get_emailr registerr*r4ZMissingCommandlineFlagrcdebugid)r%raccount_storageacmeaccaccountsZ potential_accr,)r%r-_determine_accounts6         rcs|j}|dkr&d}tj|ddddd}|s.dS|js@tj||_tjtj tj ||jddd||jy&tj |fd d gd d d d Wndt j k rtjd dStk r}z(d}|j|j|j|}t j|WYdd}~XnXtj|dS)aDoes the user want to delete their now-revoked certs? If run in non-interactive mode, deleting happens automatically. :param config: parsed command line arguments :type config: configuration.NamespaceConfig :returns: `None` :rtype: None :raises errors.Error: If anything goes wrong, including bad user input, if an overlapping archive dir is found for the specified lineage, etc ... Nz{Would you like to delete the certificate(s) you just revoked, along with all earlier and later versions of the certificate?zYes (recommended)ZNoT) yes_labelno_labelrHr[zutf-8)encodingZdefault_encodingcsS)Nr,)x) archive_dirr,r-sz(_delete_if_appropriate..cSs|jS)N)r)rr,r,r-rscSs|jS)N)rB)rr,r,r-rszhNot deleting revoked certificates due to overlapping archive dirs. More than one certificate is using %sz_config.default_archive_dir: {0}, config.live_dir: {1}, archive_dir: {2},original exception: {3})Zdelete_after_revoker*rQr1rcert_path_to_lineagerZfull_archive_path configobjZ ConfigObjrenewal_file_for_certnameZmatch_and_check_overlapsr ZOverlappingMatchFoundrcZwarning Exceptionr5Zdefault_archive_dirr<r;delete)r%Zattempt_deletionrCer,)rr-_delete_if_appropriates4      r)r%rrzr&cCs>|dk r"t|\}}tjd|nd\}}tj|||||dS)aInitialize Let's Encrypt Client :param config: Configuration object :type config: configuration.NamespaceConfig :param authenticator: Acme authentication handler :type authenticator: Optional[interfaces.Authenticator] :param installer: Installer object :type installer: interfaces.Installer :returns: client: Client object :rtype: client.Client NzPicked account: %r)r)NN)rrcrr Client)r%rrzrrr,r,r-_init_le_clients  r)r%unused_pluginsr&c Cstj|}|j}|sdSd}tj|dddd}|s8dSt|\}}tj||dd|d }|jsht j d |jj |j tj|} | j |jtjd dS) a:Deactivate account on server :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` or a string indicating an error :rtype: None or str z.Could not find existing account to deactivate.zCAre you sure you would like to irrevocably deactivate your account?Z DeactivateZAbortT)rrr[zDeactivation aborted.N)rzACME client is not set.zAccount deactivated.)rrrr*rQrr rrr r;Zdeactivate_registrationregrrr4) r%rrrpromptZwants_deactivaterr cb_clientZ account_filesr,r,r- unregisters$       rcCs&tj|}|j}|rdSt|dS)a=Create accounts on the server. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` or a string indicating and error :rtype: None or str zmThere is an existing account; registration of a duplicate account with this command is currently unsupported.N)rrrr)r%rrrr,r,r-rGs  rc Cstj|}|j}|sdS|jdkr:|j r:tjdd|_t|\}}tj ||dd|d}|j sjt j df}|jrdd|jj d D}|jj}|j j|jj|jjj|d d |_|jj|d |_|j||j |jstjd ntj||tjdj|jdS)a=Modify accounts on the server. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` or a string indicating and error :rtype: None or str z-Could not find an existing account to update.NF)Zoptional)rzACME client is not set.cSsg|] }d|qS)zmailto:r,)rrr,r,r-rsz"update_account..,)Zcontact)body)urizFAny contact information associated with this account has been removed.z'Your e-mail address was updated to {0}.)rrrrrr{rrr rrr r;splitrrZupdate_registrationupdaterZ update_regrr*r4rZprepare_subscriptionr5) r%rrrrrrZ acc_contactsZ prev_regr_urir,r,r-update_accountfs.      rc Cs@|r |jS|jr|jSytj|}|Stjk r:YnXdS)N)rBr1rrr r;)r%r2Z cert_namer,r,r-rs r)r%r/r0r2r&cCs8|r|n|}|j||j|j|j|j|j||jdS)aInstall a cert :param config: Configuration object :type config: configuration.NamespaceConfig :param le_client: Client object :type le_client: client.Client :param domains: List of domains :type domains: `list` of `str` :param lineage: Certificate lineage object. Defaults to `None` :type lineage: storage.RenewableCert :returns: `None` :rtype: None N)Zdeploy_certificaterrrrenhance_config)r%r/r0r2Z path_providerr,r,r- _install_certs  r)r%pluginsr&c Cs$ytj||d\}}Wn&tjk r<}zt|Sd}~XnX|joH|j}|j rt| rtd}tj |dd|dd|_t j ||stj d|jrt |}nt j|rtjd|jr|jrt|t||\}}t|d|d }t|||n tjd t j|r tj||j} t j| |||dS) a'Install a previously obtained cert in a server. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` or the error message :rtype: None or str installNz,Which certificate would you like to install?F)allow_multiple custom_promptrzVOne ore more of the requested enhancements are not supported by the selected installerzLOne or more of the requested enhancements require --cert-name to be provided)rrzzPath to certificate or key was not defined. If your certificate is managed by Certbot, please use --cert-name to define which certificate you would like to install.)plug_selchoose_configurator_pluginsr PluginSelectionErrorrrrr1r get_certnamesr$ are_supportedNotSupportedError_populate_from_certname are_requestedrj_check_certificate_and_keyr|rrrfenable) r%rrz_rZ custom_certcertname_questionr0r/r2r,r,r-rs4         rcCsZtj||j}|s|S|js&|j|j_|js6|j|j_|jsF|j|j_|jsV|j|j_|S)zfHelper function for install to populate missing config values from lineage defined by --cert-name.)rrfr1r namespacerrr)r%r2r,r,r-rs    rcCsPtjjtj|js&tjdj|jtjjtj|j sLtjdj|j dS)Nz-Error while reading certificate from path {0}z-Error while reading private key from path {0}) r"pathisfiler realpathrr rjr5r)r%r,r,r-rs  rcCstjd|j|jdkrgn|j}|jj|}tjd|tjtjdd}|j rl|j rl|t |dS|j||j |}tjd||j s|t |dS|j |j }tjd||t |dS)zList server software plugins. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None zExpected interfaces: %sNzFiltered plugins: %rF)r'zVerified plugins: %rzPrepared plugins: %s) rcrifacesZvisible functoolspartialr*r+ZinitZpreparerZverify available)r%rrZfilteredr4Zverifiedrr,r,r- plugins_cmd s$       rcsddddg}tfdd|D}tj rP| rPd}tj|tjtjdyt j |d \}}Wn&tj k r}zt |Sd }~XnXtj |stjd d }tjd d |dd_tjj} | d krtjdjr| } n d} tj| | } | s tjdtjj} | s*tjdjs:| j_|r`td |d} | j| jd dtjr|tj| | |d S)a6Add security enhancements to existing configuration :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` or a string indicating an error :rtype: None or str ZhstsZredirectZuirZstaplec3s|]}t|VqdS)N)getattr)rZenh)r%r,r- Wszenhance..z|Please specify one or more enhancement types to configure. To list the available enhancement types, run: %s --help enhance z#No enhancements requested, exiting.enhanceNzVOne ore more of the requested enhancements are not supported by the selected installerzFWhich certificate would you like to use to enhance your configuration?F)rrrzBCould not find the list of domains for the given certificate name.zJWhich domain names would you like to enable the selected enhancements for?zAUser cancelled the domain selection. No domains defined, exiting.z:Could not find the lineage for the given certificate name.)rrz)Zredirect_default)anyr$rrcerrorrrRr ZMisconfigurationErrorrrrrrrrrr1rgr;noninteractive_moder{Z choose_valuesrfrrrr)r%rZsupported_enhancementsZ oldstyle_enhrCrzrrrZ cert_domainsr0Zdomain_questionr2r/r,)r%r-rGsH         rcCstj|j|j||dS)aRollback server configuration changes made during install. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)r rollbackrzZ checkpoints)r%rr,r,r-rs rcCstj|dS)aUpdate the certificate file family symlinks Use the information in the config file to make symlinks point to the correct archive directory. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)rZupdate_live_symlinks)r%rr,r,r-update_symlinkssrcCstj|dS)aZRename a certificate Use the information in the config file to rename an existing lineage. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)rZrename_lineage)r%rr,r,r-renamesrcCstj|dS)aZDelete a certificate Use the information in the config file to delete an existing lineage. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)rr)r%rr,r,r-rsrcCstj|dS)a.Display information about certs configured with Certbot :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)r certificates)r%rr,r,r-rsrc Csd|_|_|jdkrV|jrVtjtj||j|}|j|_|jrttj d rt|j|_n|j sj|jrt|jrtt j d|j dk rt jd|j|j tj|j|j t|j d}tjj|j}WdQRXtj||}n,t jd|jt|\}}tj||j|j}t|jd}tj|jd}WdQRXt jd|jy |jtj||jt|Wn(t j!k r} zt"| Sd} ~ XnXt#j$|jdS) aSRevoke a previously obtained certificate. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` or string indicating error in case of error :rtype: None or str NserverzCError! Exactly one of --cert-path or --cert-name must be specified!z$Revoking %s using certificate key %srbzRevoking %s using Account KeyrzReason code for revocation: %s)%rzrrr1r RenewableCertrrrr@r r;rrcrrZverify_cert_matches_priv_keyopenjoseZJWKrreadr Zacme_from_config_keyrkeyrZpyopenssl_load_certificatereasonrevokeZComparableX509r acme_errorsZ ClientErrorrr{Zsuccess_revocation) r%rr2frrrrr>rr,r,r-rs:        rc)Csytj||d\}}Wn&tjk r<}zt|Sd}~XnXtj||sTtjdt|||}t ||\}}t |||\}} | } |rt ||||| } | r| j nd} | r| j nd} | r| jnd} |rt|| | | d}zyZt|||| tj|o| rtj| |||| dks| r&tj|n tj|Wn*tjk r\}z |}WYdd}~XnXWdt||| |d|r||Xt|tj||jdS)zObtain a certificate and install. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None rYNzVOne ore more of the requested enhancements are not supported by the selected installer)r~)rrr rrr$rrrr|rer=rrrrrrrr{Zsuccess_installationZsuccess_renewalr;rr.rhandle_subscriptionr)r%rrzrrr/r0r1should_get_certr2Z new_lineagerrrr}r,r,r-rYsF    rY)r%r/r&c Cs|j\}}tj|j}tjdj|jr(dndtj |d|j |\}}|jr`t j d|j dS|j||tjj|j tjj|jtjj|j\}}} ||| fS)a@Obtain a cert using a user-supplied CSR This works differently in the CSR case (for now) because we don't have the privkey, and therefore can't construct the files for a lineage. So we just save the cert & chain to disk :/ :param config: Configuration object :type config: configuration.NamespaceConfig :param client: Client object :type client: client.Client :returns: `cert_path`, `chain_path` and `fullchain_path` as absolute paths to the actual files, or None for each if it's a dry-run. :rtype: `tuple` of `str` z{action} for {domains}z Simulating a certificate requestzRequesting a certificate)r3r0z*Dry run: skipping saving certificate to %sN)NNN)Z actual_csrrZget_names_from_reqdatar*r4r5r6r7r8Zobtain_certificate_from_csrrcrrZsave_certificater"rnormpathrr) r%r/rrZ csr_namesr>chainrrrr,r,r-_csr_get_and_save_certbs     "r)r%rr2r&cCsttj||d\}}t|||}t|||d}|s:tjd|rp|j rptj|||t j d|j d|j dS)aRenew & save an existing cert. Do not install it. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :param lineage: Certificate lineage object :type lineage: storage.RenewableCert :returns: `None` :rtype: None :raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass rZ)r2z>An existing certificate for the given name could not be found.z Reloading z! server after certificate renewalN) rrrr=r r;r6rZrun_renewal_deployerr*r4rzZrestart)r%rr2rzauthr/Zrenewed_lineager,r,r-r:s   r:c Cs tj||d\}}t|||}|jrpt||\}}}t||||t|dd|j dt|t j ||j dSt ||\}} t ||| \} } | stjddddSt|||| | } | r| jnd}| r| jnd}| r| jnd} t|||| t|d| | o|j dt|t j ||j dS)aAuthenticate & obtain cert, but do not install it. This implements the 'certonly' subcommand. :param config: Configuration object :type config: configuration.NamespaceConfig :param plugins: List of plugins :type plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None :raises errors.Error: If specified plugin could not be used rZN)r~z5Certificate not yet due for renewal; no action taken.F)r')rrrrrrrr6r.rrrr|rer*r+r=rrrr) r%rrzrr/rrrr0r1rr2rr,r,r-rZs0 rZc Csztj|WdtjXdS)aRenew previously-obtained certificates. :param config: Configuration object :type config: configuration.NamespaceConfig :param unused_plugins: List of plugins (deprecated) :type unused_plugins: plugins_disco.PluginsRegistry :returns: `None` :rtype: None N)rZhandle_renewal_requestrZrun_saved_post_hooks)r%rr,r,r-rIsrIcCsZtj|jtj|jtj|jtj|j|j|j|j f}x|D]}tj ||jdq>WdS)zCreate or verify existence of config, work, and hook directories. :param config: Configuration object :type config: configuration.NamespaceConfig :returns: `None` :rtype: None )strictN) rZset_up_core_dirZ config_dirrZCONFIG_DIRS_MODEZstrict_permissionsZwork_dirZrenewal_pre_hooks_dirZrenewal_deploy_hooks_dirZrenewal_post_hooks_dirZmake_or_verify_dir)r%Z hook_dirsZhook_dirr,r,r-make_or_verify_needed_dirss  rc csnd}d}|jr,d|_ttjd}tj|}n$|jr@tjtj}ntj tj|j }z |VWd|rh|j XdS)zCreates a display object appropriate to the flags in the supplied config. :param config: Configuration object :returns: Display object NTw) r(rrr"devnullr*NoninteractiveDisplayrSr FileDisplayrHclose)r% displayerrr,r,r-make_displayers     r)cli_argsr&cCs6|stjdd}tjtjjddkr4tj|}t j j }t j dtjt j dtjdt j d|t j d |tjtj||}tj|}tjj|tjtjytj|t|Wn"tjk r|j t!krYnXt"j#|}tjj|tj$t%j&|j't(|}t)j*||j ||SQRXdS) zRun Certbot. :param cli_args: command line to Certbot, defaults to ``sys.argv[1:]`` :type cli_args: `list` of `str` :returns: value for `sys.exit` about the exit status of Certbot :rtype: `str` or `int` or `None` rKNZCERTBOT_SNAPPEDTruezcertbot version: %sz#Location of certbot entry point: %srz Arguments: %rzDiscovered plugins: %r)+rSrTrZpre_arg_parse_setupr"environgetrZ prepare_env plugins_discoPluginsRegistryrrcrcertbot __version__r!Zprepare_virtual_consolerZprepare_and_parse_argsr NamespaceConfigzopeZ componentZprovideUtilityrZIConfigZ+raise_for_non_administrative_windows_rightsZpost_arg_parse_setuprr r;funcrrZReporterZ IReporterrr)Zprint_messagesr display_objZ set_display)r rargsr%Zreportrr,r,r-main's6              r)NNN)N)T)N)N)N)~__doc__ contextlibrrZlogging.handlersZloggingrSZtypingrrrrrrr r rZjosepyrZzope.componentrZzope.interfacerr Z acme_clientr rrr rrrZcertbot._internalrrrrrrrrrrrrZcertbot._internal.displayrrr7Zcertbot._internal.pluginsrr rrZcertbot.compatr r!r"Zcertbot.displayr#r{r*Zcertbot.pluginsr$rUZ getLogger__name__rcrr.rrrr=rDrWr_raboolrerbrkrrruriZ Installerr|r;rrrrZAccountZClientV2rrZ AuthenticatorrrrrrrrrrrrrrrrrrrrYrr:rZrIrrrrintrr,r,r,r-s                                        "<-3  (  ")*  '.+&E&, %<4*5&< &?6F"&"2