| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3/dist-packages/certbot/_internal/__pycache__/ |
Upload File : |
o
����6��aI��������������������
���@���s���d�Z�ddlmZ�ddlZddlZddlZddlmZ�ddlm Z �ddlm
Z
�ddlm
Z
�ddlm
Z
�dd lm
Z
�dd
lmZ�ddlZddlZddlZddlZdd
lmZ�ddlZdd
lmZ�dd
lmZ�dd
lmZ�ddlmZ�ddlm
Z
�ddl
m
Z
�ddl
m Z �ddl
m Z �ddl
m!Z!�ddl
m"Z"�ddl
m#Z#�ddl
m$Z$�ddl
m%Z%�ddl
m&Z&�ddl
m'Z'�ddl
m(Z(�ddl
m)Z)�dd
l
m*Z*�dd
l+m,Z-�ddl+m
Z.�dd
l/m0Z1�dd l/m2Z3�dd l4m5Z5�dd!l4m6Z6�dd"l4m7Z7�dd#l8m9Z:�ddl8m
Z;�dd$l<m=Z=�d%Z>e�?e@�ZAd&d'��ZBd�d(d)�ZCd*ejDd+e)jEd,dfd-d.�ZFd*ejDd/e
eG�d+e)jEd,e
eGe
e)jE�f�fd0d1�ZHd*ejDd2e)jEd,e
eGe
e)jE�f�fd3d4�ZId5d6��ZJd7d8��ZKd*ejDd/e
eG�d9eGd,e
eGe
e)jE�f�fd:d;�ZLd<d=��ZMd>d?��ZNd@dA��ZOd�dBdC�ZP Dd�d*ejDdEe
ejQ�d2e
e)jE�dFeRd,df
dGdH�ZS d�d*ejDdIe
eG�dJe
eG�dKe
eG�d,df
dLdM�ZTd*ejDd,eRfdNdO�ZUd*ejDdIe
eG�dPe
eG�dJe
eG�fdQdR�ZVdSdT��ZWdUdV��ZXdWdX��ZYdYdZ��ZZd[d\��Z[d]d^��Z\d*ejDd2e
e)jE�d,e
eG�fd_d`�Z]d�dadb�Z^dcdd��Z_dedf��Z`dgdh��Zadidj��Zbdkdl��Zcdmdn��Zddodp��Zedqdr��Zfdsdt��Zgdudv��Zhdwe1jid,e
eG�fdxdy�Zjdzd{��Zkd*ejDd|e!jld,e
e
eG�e
eG�e
eG�f�fd}d~�Zmdd���Znd�d���Zod�d���Zpd�d���Zqed*ejDd,eee;jre;jsf�ddf�fd�d���Ztd�d�d��ZudS�)�zCertbot main entry point.�����)�contextmanagerN)� Generator)�IO)�Iterable)�List)�Optional)�Tuple)�Union)�errors)�
configuration)�
crypto_util)�
interfaces)�util)�account)�
cert_manager)�cli)�client)� constants)�eff)�hooks)�log)�renewal)�reporter)�
snap_config)�storage)�updater)�obj)�disco)� selection)�
filesystem)�misc)�os)�ops)�
enhancementsz?User chose to cancel the operation and may reinvoke the client.c�����������������C���s4���|�j�dksJ��|�js
|�jrdS�tjtjddd��dS�)z�Potentially suggest a donation to support Certbot.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:returns: `None`
:rtype: None
�renewNz�If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-leF��pause)�verb�staging�quietr����atexit_register�
display_util�
notification��config��r/����8/usr/lib/python3/dist-packages/certbot/_internal/main.py� _suggest_donation_if_appropriate;���s���
�r1���c�������������� ���C���s����t��|��zp|dur)t�dj|jrdndt�|p|����d���t �
|||�|��n=|dus/J��t�dj|jr8dndt�|�d���|��
||�}|du�rPt
�
d ��|durnt��||���|j��W�t��|��|S�W�t��|��|S�W�t��|��|S�t��|��w�)
a,��Authenticate and enroll certificate.
This method finds the relevant lineage, figures out what to do with it,
then performs that action. Includes calls to hooks, various reports,
checks, and requests for user input.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param domains: List of domain names to get a certificate. Defaults to `None`
:type domains: `list` of `str`
:param certname: Name of new certificate. Defaults to `None`
:type certname: str
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: the issued certificate or `None` if doing a dry run
:rtype: storage.RenewableCert or None
:raises errors.Error: if certificate could not be obtained
N�{action} for {domains}z-Simulating renewal of an existing certificatez Renewing an existing certificate��action�domains� Simulating a certificate request�Requesting a certificateFz!Certificate could not be obtained)r����pre_hookr+����notify�format�dry_run�internal_display_util�summarize_domain_list�namesr����
renew_cert�
obtain_and_enroll_certificater
����Error�
deploy_hook�live_dir� post_hook)� le_clientr.���r5����certname�lineager/���r/���r0����_get_and_save_certU���sD���
���
��
�
�
�rH���r.����cert�returnc�����������������C���sV���t��d�r
t��d�s)|�j���}|j���}||kr'd}|�|j||�}t�|��dS�dS�)a|��
This function ensures that the user will not implicitly migrate an existing key
from one type to another in the situation where a certificate for that lineage
already exist and they have not provided explicitly --key-type and --cert-name.
:param config: Current configuration provided by the client
:param cert: Matching certificate that could be renewed
�key_typerF���z�Are you trying to change the key type of the certificate named {0} from {1} to {2}? Please provide both --cert-name and --key-type on the command line to confirm the change you are trying to make.N) r����
set_by_clirK����upper�private_key_typer:����
lineagenamer
���rA���)r.���rI����
new_key_type�
cur_key_type�msgr/���r/���r0����%_handle_unexpected_key_type_migration����s���
��rS���r5���c��������������
���C���s����t�|�|��d�|����}dj|jj|d�|�tjd�}|�js+|�j s+t
j
|ddddd�r/d |fS�t
�
d
j|t
jd
�tjd
d
���tjd���t�t��)a��Figure out what to do if a previous cert had a subset of the names now requested
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param cert: Certificate object
:type cert: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" | "reinstall"
:rtype: `tuple` of `str`
z, a ��You have an existing certificate that contains a portion of the domains you requested (ref: {0}){br}{br}It contains these names: {1}{br}{br}You requested these names for the new certificate: {2}.{br}{br}Do you want to expand and replace this existing certificate with the new certificate?��br�Expand�Cancelz--expandT��cli_flag�force_interactiver$���z�To obtain a new certificate that contains these names without replacing your existing certificate for {0}, you must use the --duplicate option.{br}{br}For example:{br}{br}{1} --duplicate {2}� ����N)rS����joinr>���r:����
configfile�filenamer!����linesep�expand�renew_by_defaultr+����yesnor9���r����
cli_command�sys�argvr
���rA����USER_CANCELLED)r.���r5���rI����existing�questionr/���r/���r0����_handle_subset_cert_request����s*���
�
���
rj���rG���c�����������������C���s����t�|�|��|���s
d|fS�t�|�|�rd|fS�|�jr
d|fS�dj|jjtj d�}|�j
dkr0d}n|�j
dkr7d}|d g}t
j
||d
d
d
�}|d
�t
j
krPt�d
��|d�d
krZd|fS�|d�dkrdd|fS�td��)a���Figure out what to do if a lineage has the same names as a previously obtained one
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname
action can be: "newcert" | "renew" | "reinstall"
:rtype: `tuple` of `str`
� reinstallr$���z�You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.{br}(ref: {0}){br}{br}What would you like to do?rT����runz.Attempt to reinstall this existing certificate�certonlyz%Keep the existing certificate for nowzBRenew & replace the certificate (may be subject to CA rate limits)r���T)�defaultrZ���z.Operation canceled. You may re-run the client.r\���zThis is impossible)rS����ensure_deployedr����
should_renewrk���r:���r^���r_���r!���r`���r'���r+����menu�CANCELr
���rA����AssertionError)r.���rG���ri����keep_opt�choices�responser/���r/���r0����
_handle_identical_cert_request����s:���
�
���
rw���c�����������������C���sX���|�j�rdS�t�|�|�\}}|du�r|du�rdS�|dur t|�|�S�|dur*t|�||�S�dS�)a��Determine whether there are duplicated names and how to handle
them (renew, reinstall, newcert, or raising an error to stop
the client run if the user chooses to cancel the operation when
prompted).
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param domains: List of domain names
:type domains: `list` of `str`
:returns: Two-element tuple containing desired new-certificate behavior as
a string token ("reinstall", "renew", or "newcert"), plus either
a RenewableCert instance or `None` if renewal shouldn't occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
��newcertNN�NN)� duplicater����find_duplicative_certsrw���rj���)r.���r5����ident_names_cert�subset_names_certr/���r/���r0����_find_lineage_for_domains
��s���
r���c�����������������C���s.���t�|�||�\}}|dkrt�d��|dk|fS�)ab��Finds an existing certificate object given domains and/or a certificate name.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple of a boolean that indicates if this function should be
followed by a call to fetch a certificate from the server, and either a
RenewableCert instance or None.
:rtype: `tuple` of `bool` and :class:`storage.RenewableCert` or `None`
rk���z Keeping the existing certificate)�&_find_lineage_for_domains_and_certname�logger�info)r.���r5���rF���r4���rG���r/���r/���r0����
_find_cert3��s���
r����rF���c�����������������C���s����|st�|�|�S�t�|�|�}|r4|r/tt�|�|��t|�kr/t|�|��t|�|||�����d|fS�t|�|�S�|r8dS�t �
d�
|���)a���Find appropriate lineage based on given domains and/or certname.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param domains: List of domain names
:type domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:returns: Two-element tuple containing desired new-certificate behavior as
a string token ("reinstall", "renew", or "newcert"), plus either
a RenewableCert instance or None if renewal should not occur.
:rtype: `tuple` of `str` and :class:`storage.RenewableCert` or `None`
:raises errors.Error: If the user would like to rerun the client again.
r$���rx���z}No certificate with name {0} found. Use -d to specify domains, or run certbot certificates to see possible certificate names.)
r���r����lineage_for_certname�set�domains_for_certnamerS����
_ask_user_to_confirm_new_namesr>���rw���r
����ConfigurationErrorr:���)r.���r5���rF���rG���r/���r/���r0���r����K��s"���
�
�r����c�����������������C���s@���t�t|��t|���}t�t|�t|����}|����|����||fS�)zWGet lists of items removed from `before`
and a lists of items added to `after`
)�listr�����sort)�after�before�added�removedr/���r/���r0����_get_added_removedu��s
���r����c�����������������C���s(���|sd}ndd��|��}|j|�tjd�S�)z%Format list with given character
z
{br}(None)z {br}{ch} )�chrU���)r]���r:���r!���r`���)� character�strings� formattedr/���r/���r0����
_format_list��s����r����c�����������������C���sX���|�j�rdS�t||�\}}dj|td|�td|�tjd�}tj|dddd �s*t� d
��dS�)
a��Ask user to confirm update cert certname to contain new_domains.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param new_domains: List of new domain names
:type new_domains: `list` of `str`
:param certname: Name of certificate
:type certname: str
:param old_domains: List of old domain names
:type old_domains: `list` of `str`
:returns: None
:rtype: None
:raises errors.ConfigurationError: if cert name and domains mismatch
Nz�You are updating certificate {0} to include new domain(s): {1}{br}{br}You are also removing previously included domain(s): {2}{br}{br}Did you intend to make this change?�+�-rT���zUpdate certificaterW���T)rn���z2Specified mismatched certificate name and domains.)
�renew_with_new_domainsr����r:���r����r!���r`���r+���rc���r
���r����)r.����
new_domainsrF����
old_domainsr����r����rR���r/���r/���r0���r�������s����
�r����c�����������������C���sR���d}|�j�}|�jr
|�j}n|rt�|�|�}|s
t�||�}|s%|s%t�d��||fS�)a��Retrieve domains and certname from config or user input.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param installer: Installer object
:type installer: interfaces.Installer
:param `str` question: Overriding default question to ask the user if asked
to choose from domain names.
:returns: Two-part tuple of domains and certname
:rtype: `tuple` of list of `str` and `str`
:raises errors.Error: Usage message, if parameters are not used correctly
Nz�Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.)rF���r5���r���r�����
display_ops�
choose_namesr
���rA���)r.���� installerri���r5���rF���r/���r/���r0����_find_domains_or_certname���s���
r����T�
installer_err�new_or_renewed_certc����������� ���
������s����g�}|r|��d��j��dtj��dt��|������|r9��jr"|��d��nt���r1|��dtj��d���n��js9|��d��|s=dS���fd d
�tj d
tj
fD��\}}}t
||d
��t
�
d
��t
|dd
��|D�]
}t
�
d|�����qa|rst
���dS�dS�)a���Displays post-run/certonly advice to the user about renewal and installation.
The output varies by runtime configuration and any errors encountered during installation.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param installer_err: The installer/enhancement error encountered, if any.
:type error: Optional[errors.Error]
:param lineage: The resulting certificate lineage from the issuance, if any.
:type lineage: Optional[storage.RenewableCert]
:param bool new_or_renewed_cert: Whether the verb execution resulted in a certificate
being saved (created or renewed).
zBThe certificate was saved, but could not be installed (installer: zM). After fixing the error shown below, try installing it again by running:
z install --cert-name z�Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.z�This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same z. command before the certificate's expiry date.z�The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.Nc��������������������s$���g�|�]}t�j���r��js|nd��qS�)��)re����stdout�isattyr)���)�.0�cr-���r/���r0����
<listcomp>��s����
�z&_report_next_steps.<locals>.<listcomp>�
)�endz
NEXT STEPS:r����z- )�appendr����r���rd����!_cert_name_from_config_or_lineage�csr�_is_interactive_only_auth�preconfigured_renewalr����
ANSI_SGR_BOLD�ANSI_SGR_RESET�printr+���r9���) r.���r����rG���r�����steps�bold_on�nl�bold_off�stepr/���r-���r0����_report_next_steps���sN�����������
�
�r����� cert_path�fullchain_path�key_pathc�������������� ���C���s~���|�j�r
t�d��dS�|r|sJ�d��d}|�jr
t|��s
d}t�dj|t�|����|r/d�|�nd||�j dkr8d ndd
���dS�)
a���Reports the creation of a new certificate to the user.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param cert_path: path to certificate
:type cert_path: str
:param fullchain_path: path to full chain
:type fullchain_path: str
:param key_path: path to private key, if available
:type key_path: str
:returns: `None`
:rtype: None
�The dry run was successful.N� No certificates saved to report.r����z_
Certbot has set up a scheduled task to automatically renew this certificate in the background.z�
Successfully received certificate.
Certificate is saved at: {cert_path}
{key_msg}This certificate expires on {expiry}.
These files will be updated when the certificate renews.{renewal_msg}{nl}z
Key is saved at: {}
rl���r����)r�����expiry�key_msg�
renewal_msgr����)
r;���r+���r9���r����r����r:���r
����notAfter�dater'���)r.���r����r����r����r����r/���r/���r0����_report_new_cert ��s"���
��r����c�����������������C���s
���|�j�dkr
|�jdu�r
dS�dS�)zP Whether the current authenticator params only support interactive renewal.
�manualNTF)�
authenticator�manual_auth_hookr-���r/���r/���r0���r����L��s���r�����
chain_pathc�����������������C���sN���|�j�r
t�d��dS�|r|sJ�d��t�|����}t�dj||||d���dS�)a��� --csr variant of _report_new_cert.
Until --csr is overhauled (#8332) this is transitional function to report the creation
of a new certificate using --csr.
TODO: remove this function and just call _report_new_cert when --csr is overhauled.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param str cert_path: path to cert.pem
:param str chain_path: path to chain.pem
:param str fullchain_path: path to fullchain.pem
r����Nr����z�
Successfully received certificate.
Certificate is saved at: {cert_path}
Intermediate CA chain is saved at: {chain_path}
Full certificate chain is saved at: {fullchain_path}
This certificate expires on {expiry}.)r����r����r����r����)r;���r+���r9���r
���r����r����r:���)r.���r����r����r����r����r/���r/���r0����_csr_report_new_certV��s���
��r����c��������������������s������fdd�}t�����}d}��j�dur|���j��}nV|���}t|�dkr)t�|�}nFt|�dkr4|d�}n;��jdu�rA��jsAt� ����_zt
j
��||d�\}}t
�
d��W�n
�tjy[������tjyn���tjdd d
��t�d
��w�|j��_�||fS�)
a���Determine which account to use.
If ``config.account`` is ``None``, it will be updated based on the
user input. Same for ``config.email``.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:returns: Account and optionally ACME client API (biproduct of new
registration).
:rtype: tuple of :class:`certbot._internal.account.Account` and :class:`acme.client.Client`
:raises errors.Error: If unable to register an account with ACME server
c��������������������s6�����j�rdS�d�|��}tj|ddd�}|st�d��d�S�)NTzpPlease read the Terms of Service at {0}. You must agree in order to register with the ACME server. Do you agree?z
--agree-tosrX���z?Registration cannot proceed without accepting Terms of Service.)�tosr:���r+���rc���r
���rA���)�terms_of_servicerR����resultr-���r/���r0����_tos_cb���s�����z#_determine_account.<locals>._tos_cbNr\���r���)�tos_cbzAccount registered.r����T)�exc_infoz.Unable to register an account with ACME server)r����AccountFileStorage�load�find_all�lenr�����choose_account�email� register_unsafely_without_email� get_emailr����registerr+���r9���r
����MissingCommandlineFlagrA���r�����debug�id)r.���r�����account_storage�acme�acc�accountsr/���r-���r0����_determine_account|��s6���
���r����c��������������
������s���|�j�}|du�rd}tj|ddddd�}|sdS�|�js
J��|�js%t�|��|�_t�t j
t�
|�|�j�ddd�|�|�j���zt�
|���fd d
�gd
d
��d
d
����W�n-�t
jy\���t�d
����Y�dS��tyx�}�zd}|�|�j|�j��|�}t
�|��d}~ww�t�|���dS�)a���Does the user want to delete their now-revoked certs? If run in non-interactive mode,
deleting happens automatically.
:param config: parsed command line arguments
:type config: configuration.NamespaceConfig
:returns: `None`
:rtype: None
:raises errors.Error: If anything goes wrong, including bad user input, if an overlapping
archive dir is found for the specified lineage, etc ...
Nz{Would you like to delete the certificate(s) you just revoked, along with all earlier and later versions of the certificate?zYes (recommended)�NoT)� yes_label�no_labelrZ���rn���zutf-8)�encoding�default_encodingc��������������������s�����S��Nr/�����x��
archive_dirr/���r0����<lambda>��������z(_delete_if_appropriate.<locals>.<lambda>c�����������������S���s���|�j�S�r����r����r����r/���r/���r0���r�������s����c�����������������S���s���|�S�r����r/���r����r/���r/���r0���r�������r����zhNot deleting revoked certificates due to overlapping archive dirs. More than one certificate is using %sz_config.default_archive_dir: {0}, config.live_dir: {1}, archive_dir: {2},original exception: {3})�delete_after_revoker+���rc���r����rF���r����cert_path_to_lineager����full_archive_path� configobj� ConfigObj�renewal_file_for_certname�match_and_check_overlapsr
����OverlappingMatchFoundr�����warning� Exceptionr:����default_archive_dirrC���rA����delete)r.����attempt_deletionrR����er/���r����r0����_delete_if_appropriate���sD���
�
��
��
��r����c�����������������C���s>���|durt�|��\}}t�d|��nd\}}tj|�||||d�S�)a���Initialize Let's Encrypt Client
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param authenticator: Acme authentication handler
:type authenticator: Optional[interfaces.Authenticator]
:param installer: Installer object
:type installer: interfaces.Installer
:returns: client: Client object
:rtype: client.Client
NzPicked account: %rrz����r����)r����r����r����r����Client)r.���r����r����r����r����r/���r/���r0����_init_le_client���s
���
r����c�����������
������C���s����t��|��}|���}|s
dS�d}tj|dddd�}|s
dS�t|��\}}tj|�|dd|d �}|j� |j
��t��|��} | �
|�j���t�
d
��dS�)
a��Deactivate account on server
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
z.Could not find existing account to deactivate.zCAre you sure you would like to irrevocably deactivate your account?�
Deactivate�AbortT)r����r����rn���zDeactivation aborted.Nr����zAccount deactivated.)
r���r����r����r+���rc���r����r���r����r�����deactivate_registration�regrr����r9���)
r.����unused_pluginsr����r�����prompt�wants_deactivater����r����� cb_client�
account_filesr/���r/���r0����
unregister��s"���
�
r��c�����������������C���s&���t��|��}|���}|r
dS�t|���dS�)a=��Create accounts on the server.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or a string indicating and error
:rtype: None or str
zmThere is an existing account; registration of a duplicate account with this command is currently unsupported.N)r���r����r����r����)r.���r����r����r����r/���r/���r0���r����,��s
���
r����c����������� ������C���s����t��|��}|���}|s
dS�|�jdu�r
|�js
tjdd�|�_t|��\}}tj |�|dd|d�}d}|�jr<dd��|�j�
d �D��}|j
j
}|j
�|j
j|j
jj|d
�d
��|_
|j
j|d
�|_
|�||j
��|�jskt�d
��dS�t�|�|��t�d�|�j���dS�)a=��Modify accounts on the server.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or a string indicating and error
:rtype: None or str
z-Could not find an existing account to update.NF)�optionalr����r/���c�����������������S���s���g�|�]}d�|��qS�)zmailto:r/���)r����r����r/���r/���r0���r����g��s����z"update_account.<locals>.<listcomp>�,)�contact)�body)�urizFAny contact information associated with this account has been removed.z'Your e-mail address was updated to {0}.)r���r����r����r����r����r����r����r����r���r�����splitr����r ��r�����update_registration�updater���
update_regrr+���r9���r����prepare_subscriptionr:���) r.���r����r����r����r����r����r���
acc_contacts�
prev_regr_urir/���r/���r0����update_accountJ��s.���
�
�r��c�����������������C���s>���|r|j�S�|�jr
|�jS�zt�|��}|W�S��tjy
���Y�d�S�w�r����)rO���rF���r���r����r
���rA���)r.���rG���� cert_namer/���r/���r0���r����|��s���
�r����c�����������������C���sF���|r|n|�}|j�dus
J��|�||j|j�|j|j��|�||j��dS�)a���Install a cert
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param le_client: Client object
:type le_client: client.Client
:param domains: List of domains
:type domains: `list` of `str`
:param lineage: Certificate lineage object. Defaults to `None`
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
N)r�����deploy_certificater����r����r�����enhance_config)r.���rE���r5���rG����
path_providerr/���r/���r0����
_install_cert���s
���
�r��c�����������
���
���C���s&��z
t��|�|d�\}}W�n�tjy"�}�z
t|�W��Y�d}~S�d}~ww�|�jo(|�j}|�js<|s<d}tj |�dd|d�d�|�_t
�
|�|�sGt�
d��|�jrOt
|��}�n
t
�|��rYt�d��|�jrx|�jrxt|���t|�|�\}}t|�d|d �}t|�||��nt�d
��t
�|��r�t�|�|�j�} t
�| |||���dS�)
a
��Install a previously obtained cert in a server.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
�installNz,Which certificate would you like to install?F��allow_multiple�
custom_promptr����VOne ore more of the requested enhancements are not supported by the selected installerzLOne or more of the requested enhancements require --cert-name to be provided�r����r����z�Path to certificate or key was not defined. If your certificate is managed by Certbot, please use --cert-name to define which certificate you would like to install.)�plug_sel�choose_configurator_pluginsr
����PluginSelectionError�strr����r����rF���r����
get_certnamesr#����
are_supported�NotSupportedError�_populate_from_certname�
are_requestedr�����_check_certificate_and_keyr����r����r��r�����enable)
r.����pluginsr�����_r�����
custom_cert�certname_questionr5���rE���rG���r/���r/���r0���r�����s>�����
��
r��c�����������������C���sZ���t��|�|�j�}|s
|�S�|�js|j|�j_|�js|j|�j_|�js#|j|�j_|�js+|j|�j_|�S�)zfHelper function for install to populate missing config values from lineage
defined by --cert-name.)r���r����rF���r����� namespacer����r����r����)r.���rG���r/���r/���r0���r$�����s���
r$��c�����������������C���sP���t�j�t�|�j��st�d�|�j���t�j�t�|�j ��s&t�d�|�j ���d�S�)Nz-Error while reading certificate from path {0}z-Error while reading private key from path {0})
r!����path�isfiler ����realpathr����r
���r����r:���r����r-���r/���r/���r0���r&�����s������r&��c�����������������C���s����t��d|�j��|�jdu�rg�n|�j}|����|�}t��d|��tjtjdd�}|�js4|�j s4|t
|���dS�|�|���|�
|�}t��d|��|�j sO|t
|���dS�|� ���|�
��}t��d|��|t
|���dS�)z�List server software plugins.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
zExpected interfaces: %sNzFiltered plugins: %rFr%���zVerified plugins: %rzPrepared plugins: %s)
r����r�����ifaces�visible� functools�partialr+���r,����init�preparer ���verify� available)r.���r(��r0���filteredr9����verifiedr7��r/���r/���r0����
plugins_cmd���s$���
r:��c��������������
������sV��g�d�}t���fdd�|D���}t����s$|s$d}t�|tj��t�d��z
t �
��|d�\}}W�n�tj
yF�}�z
t
|�W��Y�d}~S�d}~ww�t�
��|�sRt�d��d }tj��dd
|d
�d
���_t�����j�} ��jrm| }
nd
}
t�| |
�}
|
s|t�d��t�����j�}
��js�|
j��_|r�t��d|d�}
|
j|
��jd
d��t����r�t�|
|
|����dS�)a��Add security enhancements to existing configuration
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
)�hsts�redirect�uir�staplec�����������������3���s�����|�]}t���|�V��qd�S�r����)�getattr)r�����enhr-���r/���r0���� <genexpr>.��s�����zenhance.<locals>.<genexpr>z|Please specify one or more enhancement types to configure. To list the available enhancement types, run:
%s --help enhance
z#No enhancements requested, exiting.�enhanceNr��zFWhich certificate would you like to use to enhance your configuration?Fr��r���zJWhich domain names would you like to enable the selected enhancements for?zAUser cancelled the domain selection. No domains defined, exiting.r
��)�redirect_default)
�anyr#���r%��r�����errorr���rd���r
����MisconfigurationErrorr
��r
��r ��r ��r"��r#��r���r!��rF���r�����noninteractive_moder�����
choose_valuesrA���r����r����r����r��r'��)r.���r(���supported_enhancements�
oldstyle_enhrR���r����r)��r����r+���
cert_domainsr5����domain_questionrG���rE���r/���r-���r0���rB�� ��sJ���
��
��
rB��c�����������������C���s���t��|�j|�j|�|��dS�)a��Rollback server configuration changes made during install.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r����rollbackr�����
checkpoints)r.���r(��r/���r/���r0���rM��Z��s���
rM��c�����������������C�������t��|���dS�)a���Update the certificate file family symlinks
Use the information in the config file to make symlinks point to
the correct archive directory.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r����update_live_symlinks�r.���r����r/���r/���r0����update_symlinksi������rR��c�����������������C���rO��)aZ��Rename a certificate
Use the information in the config file to rename an existing
lineage.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r����rename_lineagerQ��r/���r/���r0����rename{��rS��rU��c�����������������C���rO��)aZ��Delete a certificate
Use the information in the config file to delete an existing
lineage.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r���r����rQ��r/���r/���r0���r�������rS��r����c�����������������C���rO��)a.��Display information about certs configured with Certbot
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r����
certificatesrQ��r/���r/���r0���rV�����s���
rV��r����c�����������
���
���C���s���d�|�_�|�_|�jdu�r*|�jr*t�t�|�|�j�|��}|j|�_|jr)t� d�s)|j|�_n|�jr3|�jr8|�jr8t
�
d��|�j
durst
�d|�j|�j
��t�|�j|�j
��t|�j
d��}tj�|����}W�d����n1�sgw���Y��t�|�|�}nt
�d|�j��t|��\}}t�|�|j|j�}t|�jd��}t�|����d�}W�d����n1�s�w���Y��t
�d|�j
��z|�
t�
|�|�j
��t |���W�n�t j!y��} �z
t"| �W��Y�d} ~ S�d} ~ ww�t#�$|�j��dS�) aS��Revoke a previously obtained certificate.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or string indicating error in case of error
:rtype: None or str
N�serverzCError! Exactly one of --cert-path or --cert-name must be specified!z$Revoking %s using certificate key %s�rbz
Revoking %s using Account Keyr���z
Reason code for revocation: %s)%r����r����r����rF���r����
RenewableCertr����rW��r���rL���r
���rA���r����r����r����r
����
verify_cert_matches_priv_key�open�jose�JWKr�����readr����acme_from_config_keyr�����keyr�����pyopenssl_load_certificate�reason�revoke�ComparableX509r�����
acme_errors�
ClientErrorr ��r�����success_revocation)
r.���r����rG����fr`��r����r����r)��rI���r����r/���r/���r0���rc�����sH���
��
�
�
�
��
rc��c��������������
���C���s���z
t��|�|d�\}}W�n�tjy"�}�z
t|�W��Y�d}~S�d}~ww�t�|�|�s.t�d��t|�||�}t |�|�\}}t
|�||�\}} | }
|rOt
||�||| �}
|
rT|
j
nd}
|
r[|
j
nd}
|
rb|
jnd}
|rmt|�|
|
|
��d}zMz)t|�|||
��t�|��r�|
r�t�|
|||���| du�s�|s�t�|��nt�|��W�n�tjy��}�z|}W�Y�d}~nd}~ww�W�t|�||
|d��|r�|�n
t|�||
|d��|r�|�w�t|���t�|�|j��dS�)z�Obtain a certificate and install.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
rl���Nr���r����)
r
��r
��r
���r ��r ��r#���r"��r#��r����r����r����rH���r����r����r����r����r��r%��r'��r�����success_installation�success_renewalrA���r����r1���r����handle_subscriptionr���)r.���r(��r����r����r����rE���r5���rF����should_get_certrG����
new_lineager����r����r����r����r/���r/���r0���rl������sb�����
�
��������rl���rE���c�����������
��� ���C���s����|�j�\}}t�|j�}t�dj|�jrdndt� |�d���|�
|�\}}|�jr0t
�
d|�j
��dS�|�||tj�|�j
�tj�|�j�tj�|�j��\}}} ||| fS�)a@��Obtain a cert using a user-supplied CSR
This works differently in the CSR case (for now) because we don't
have the privkey, and therefore can't construct the files for a lineage.
So we just save the cert & chain to disk :/
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param client: Client object
:type client: client.Client
:returns: `cert_path`, `chain_path` and `fullchain_path` as absolute
paths to the actual files, or None for each if it's a dry-run.
:rtype: `tuple` of `str`
r2���r6���r7���r3���z*Dry run: skipping saving certificate to %s�NNN)�
actual_csrr
����get_names_from_req�datar+���r9���r:���r;���r<���r=����obtain_certificate_from_csrr����r����r�����save_certificater!���r-���normpathr����r����)
r.���rE���r����r)��� csr_namesrI����chainr����r����r����r/���r/���r0����_csr_get_and_save_cert,��s(���
���
�
rx��c�����������������C���sl���t��|�|d�\}}t|�||�}t||�|d�}|r2|�js4t�|�||��t�d|�j ��d���|�
���dS�dS�dS�)a���Renew & save an existing cert. Do not install it.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
:returns: `None`
:rtype: None
:raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass
rm���)rG���z
Reloading z! server after certificate renewalN)
r
��r
��r����rH���r;���r����run_renewal_deployerr+���r9���r�����restart)r.���r(��rG���r�����authrE����renewed_lineager/���r/���r0���r?���T��s���
�r?���c�����������
������C���s
��t��|�|d�\}}t|�||�}|�jr8t|�|�\}}}t|�|||��t|�dd|�j
�d��t|���t �
|�|j
��dS�t
|�|�\}} t
|�|| �\}
}
|
sRtjddd��dS�t||�|| |
�}
|
r_|
jnd}|
rf|
jnd}|
rm|
jnd}
t|�|||
��t|�d|
|
o|�j
�d��t|���t �
|�|j
��dS�)a��Authenticate & obtain cert, but do not install it.
This implements the 'certonly' subcommand.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param plugins: List of plugins
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
:raises errors.Error: If specified plugin could not be used
rm���Nri��z5Certificate not yet due for renewal; no action taken.Fr%���)r
��r
��r����r����rx��r����r����r;���r1���r���rl��r���r����r����r+���r,���rH���r����r����r����r����)
r.���r(��r����r{��rE���r����r����r����r5���rF���rm��rG���r����r/���r/���r0���rm���s��s4���
�
�rm���c�����������������C���s$���z
t��|���W�t����dS�t����w�)a
��Renew previously-obtained certificates.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
N)r����handle_renewal_requestr����run_saved_post_hooksrQ��r/���r/���r0���r$������s���
r$���c�����������������C���sV���t��|�jtj|�j��t��|�jtj|�j��|�j|�j|�j f}|D�]
}t�j
||�jd��q
dS�)z�Create or verify existence of config, work, and hook directories.
:param config: Configuration object
:type config: configuration.NamespaceConfig
:returns: `None`
:rtype: None
)�strictN)
r����set_up_core_dir�
config_dirr����CONFIG_DIRS_MODE�strict_permissions�work_dir�renewal_pre_hooks_dir�renewal_deploy_hooks_dir�renewal_post_hooks_dir�make_or_verify_dir)r.���� hook_dirs�hook_dirr/���r/���r0����make_or_verify_needed_dirs���s���
��r���c�����������������c���s������d}d}|�j�rd|�_ttjd�}t�|�}n|�jr!t�tj�}nt� tj|�j
�}z|V��W�|r6|�
���dS�dS�|r?|�
���w�w�)z�Creates a display object appropriate to the flags in the supplied config.
:param config: Configuration object
:returns: Display object
NT�w)
r)���rG��r[��r!����devnullr+����NoninteractiveDisplayre���r�����
FileDisplayrZ����close)r.���� displayerr���r/���r/���r0����make_displayer���s(����
�
�
�
�r���c�����������������C���sL��|�s t�jdd��}�t����tj�d�dkrt�|��}�t j
�
��}t
�
dtj��t
�
dt�jd���t
�
d|���t
�
d |��t����t�||��}t�|�}tj�|tj��t����z
t�
|��t
|��W�n�t
j yq���|j t!kro��Y�nw�t"�#|�}tj�|tj$��t%�&|j'��t(|��}t)�*|��|� ||�W��d����S�1�s�w���Y��dS�)
z�Run Certbot.
:param cli_args: command line to Certbot, defaults to ``sys.argv[1:]``
:type cli_args: `list` of `str`
:returns: value for `sys.exit` about the exit status of Certbot
:rtype: `str` or `int` or `None`
r\���N�CERTBOT_SNAPPED�Truezcertbot version: %sz#Location of certbot entry point: %sr���z
Arguments: %rzDiscovered plugins: %r)+re���rf���r����pre_arg_parse_setupr!����environ�getr����
prepare_env�
plugins_disco�PluginsRegistryr����r����r�����certbot�
__version__r ����prepare_virtual_consoler����prepare_and_parse_argsr
����NamespaceConfig�zope� component�provideUtilityr
����IConfig�+raise_for_non_administrative_windows_rights�post_arg_parse_setupr���r
���rA����funcr:��r����Reporter� IReporterr���r*����print_messagesr����
display_obj�
set_display)�cli_argsr(���argsr.����reportr���r/���r/���r0����main���s<���
��
$�r���ro��r����)T)v�__doc__�
contextlibr���r2���logging.handlers�loggingre����typingr���r���r���r���r���r���r ���r�����josepyr\���zope.componentr����zope.interfacer����r
���re��r���r
���r
���r
���r����certbot._internalr���r���r���r���r���r���r���r���r���r���r���r���r����certbot._internal.displayr
���r���r<����certbot._internal.pluginsr
���r���r
���r
���certbot.compatr ���r ���r!����certbot.displayr"���r����r+����certbot.pluginsr#���rg���� getLogger�__name__r����r1���rH���r���rY��rS���r ��rj���rw���r���r����r����r����r����r����r����rA����boolr����r����r����r����r����r����r����r��r����r��r����r��r��r$��r&��r:��rB��rM��rR��rU��r����rV��r���rc��rl���r����rx��r?���rm���r$���r���r���r���r���r���r/���r/���r/���r0����<module>���s$���
;�
���
�0�
�5(��
�*
%+���
�G���
�-
�
�&:4'
2�
�
;&;6F��
�( 3��
�