Release Certbot 0.9.0 (#3583)

* Release 0.9.0 * Bump version to 0.10.0
2025-08-06 16:42:41 +03:00 · 2016-10-05 10:13:28 -07:00
parent da22e64563
commit 76a92d4cde
12 changed files with 303 additions and 231 deletions
--- a/acme/setup.py
+++ b/acme/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.9.0.dev0'
+version = '0.10.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-apache/setup.py
+++ b/certbot-apache/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.9.0.dev0'
+version = '0.10.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/157
+++ b/157
@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
 VENV_NAME="letsencrypt"
 VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
 VENV_BIN="$VENV_PATH/bin"
-LE_AUTO_VERSION="0.8.1"
+LE_AUTO_VERSION="0.9.0"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -34,6 +34,7 @@ Help for certbot itself cannot be provided until it is installed.
  -n, --non-interactive, --noninteractive   run without asking for user input
  --no-self-upgrade                         do not download updates
  --os-packages-only                        install OS dependencies and exit
+  -q, --quiet                               provide only update/error output
  -v, --verbose                             provide more output

 All arguments are accepted and forwarded to the Certbot client when run."
@@ -52,15 +53,19 @@ for arg in "$@" ; do
      HELP=1;;
    --noninteractive|--non-interactive)
      ASSUME_YES=1;;
+    --quiet)
+      QUIET=1;;
    --verbose)
      VERBOSE=1;;
    -[!-]*)
-      while getopts ":hnv" short_arg $arg; do
+      while getopts ":hnvq" short_arg $arg; do
        case "$short_arg" in
          h)
            HELP=1;;
          n)
            ASSUME_YES=1;;
+          q)
+            QUIET=1;;
          v)
            VERBOSE=1;;
        esac
@@ -121,7 +126,7 @@ ExperimentalBootstrap() {
      $2
    fi
  else
-    echo "WARNING: $1 support is very experimental at present..."
+    echo "FATAL: $1 support is very experimental at present..."
    echo "if you would like to work on improving it, please ensure you have backups"
    echo "and then run this script again with the --debug flag!"
    exit 1
@@ -276,6 +281,30 @@ BootstrapRpmCommon() {
    exit 1
  fi

+  if [ "$ASSUME_YES" = 1 ]; then
+    yes_flag="-y"
+  fi
+
+  if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then
+    echo "To use Certbot, packages from the EPEL repository need to be installed."
+    if ! $SUDO $tool list epel-release >/dev/null 2>&1; then
+      echo "Please enable this repository and try running Certbot again."
+      exit 1
+    fi
+    if [ "$ASSUME_YES" = 1 ]; then
+        /bin/echo -n "Enabling the EPEL repository in 3 seconds..."
+        sleep 1s
+        /bin/echo -ne "\e[0K\rEnabling the EPEL repository in 2 seconds..."
+        sleep 1s
+        /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..."
+        sleep 1s
+    fi
+    if ! $SUDO $tool install $yes_flag epel-release; then
+      echo "Could not enable EPEL. Aborting bootstrap!"
+      exit 1
+    fi
+  fi
+
  pkgs="
    gcc
    dialog
@@ -313,10 +342,6 @@ BootstrapRpmCommon() {
    "
  fi

-  if [ "$ASSUME_YES" = 1 ]; then
-    yes_flag="-y"
-  fi
-
  if ! $SUDO $tool install $yes_flag $pkgs; then
      echo "Could not install OS dependencies. Aborting bootstrap!"
      exit 1
@@ -565,8 +590,9 @@ if [ "$1" = "--le-auto-phase2" ]; then
    # -------------------------------------------------------------------------
    cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
 # This is the flattened list of packages certbot-auto installs. To generate
-# this, do `pip install --no-cache-dir -e acme -e . -e certbot-apache`, and
-# then use `hashin` or a more secure method to gather the hashes.
+# this, do
+# `pip install --no-cache-dir -e acme -e . -e certbot-apache -e certbot-nginx`,
+# and then use `hashin` or a more secure method to gather the hashes.

 argparse==1.4.0 \
    --hash=sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314 \
@@ -598,28 +624,29 @@ ConfigArgParse==0.10.0 \
    --hash=sha256:3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7
 configobj==5.0.6 \
    --hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
-cryptography==1.2.3 \
-    --hash=sha256:031938f73a5c5eb3e809e18ff7caeb6865351871417be6050cb8c86a9a202b9a \
-    --hash=sha256:a179a38d50f8d68b491d7a313db78f8cabe290842cecddddc7b34d408e59db0a \
-    --hash=sha256:906c88b2aadcf99cfabb24098263d1bf65ab0c8688acde10dae1f09d865920f1 \
-    --hash=sha256:6e706c5c6088770b1d1b634e959e21963e315b0255f5f4777125ad3d54082977 \
-    --hash=sha256:f5ebf8e31c48f8707921dca0e994de77813a9c9b9bf03c119c5ddf97bdcffe73 \
-    --hash=sha256:c7b89e42288cc7fbee3812e99ef5c744f22452e11d6822f6807afc6d6b3be83e \
-    --hash=sha256:8408d29865947109d8b68f1837a7cde1aa4dc86e0f79ca3ba58c0c44e443d6a5 \
-    --hash=sha256:c7e76cf3c3d925dd31fa238cfb806cffba718c0f08707d77a538768477969956 \
-    --hash=sha256:7d8de35380f31702758b7753bb5c40723832c73006dedb2f9099bf61a37f7287 \
-    --hash=sha256:5edbee71fae5469ee83fe0a37866b9398c8ce3a46325c24fcedfbf097bb48a19 \
-    --hash=sha256:594edafe4801c13bdc1cc305e7704a90c19617e95936f6ab457ee4ffe000ba50 \
-    --hash=sha256:b7fdb16a0a7f481be42da744bfe1ea2163025de21f90f2c688a316f3c354da9c \
-    --hash=sha256:207b8bf0fe0907336df38b733b487521cf9e138189aba9234ad54fe545dd0db8 \
-    --hash=sha256:509a2f05386270cf783993c90d49ffefb3dd62aee45bf1ea8ce3d2cde7271c21 \
-    --hash=sha256:ac69b65dd1af0179ede40c9f15788c88f73e628ea6c0519de3838e279bb388c6 \
-    --hash=sha256:8df6fad6c6ae12fd7004ea29357f0a2b4d3774eaeca7656530d08d2d90cd41aa \
-    --hash=sha256:0b8b96dd81cc1533a04f30382c0fe21c1972e189f794d0c4261a18cec08fd9b5 \
-    --hash=sha256:cae8fca1883f23c50ea78d89de6fe4fefdb4cea83177760f47177559414ded93 \
-    --hash=sha256:1a471ca576a9cdce1b1cd9f3a22b1d09ee44d46862037557de17919c0db44425 \
-    --hash=sha256:8ec4e8e3d453b3a1b63b5f57737a434dcf1ee4a2f26f6ff7c5a37c3f679104d2 \
-    --hash=sha256:8eb11c77dd8e73f48df6b2f7a7e16173fe0fe8fdfe266232832e88477e08454e
+cryptography==1.3.4 \
+    --hash=sha256:bede00edd11a2a62c8c98c271cc103fa3a3d72acf64f6e5e4eaf251128897b17 \
+    --hash=sha256:53b39e687b744bb548a98f40736cc529d9f60959b4e6cc551322cf9505d35eb3 \
+    --hash=sha256:474b73ad1139b4e423e46bbd818efd0d5c0df1c65d9f7c957d64c9215d77afde \
+    --hash=sha256:aaddf9592d5b99e32dd518bb4a25b147c124f9d6b4ad64b94f01b15d1666b8c8 \
+    --hash=sha256:6dcad2f407db8c3cd6ecd78361439c449a4f94786b46c54507e7e68f51e1709d \
+    --hash=sha256:475c153fc622e656f1f10a9c9941d0ac7ab18df7c38d35d563a437c1c0e34f24 \
+    --hash=sha256:86dd61df581cba04e89e45081efbc531faff1c9d99c77b1ce97f87216c356353 \
+    --hash=sha256:75cc697e4ef5fdd0102ca749114c6370dbd11db0c9132a18834858c2566247e3 \
+    --hash=sha256:ea03ad5b9df6d79fc9fc1ab23729e01e1c920d2974c5e3c634ccf45a5c378452 \
+    --hash=sha256:c8872b8fe4f3416d6338ab99612f49ab314f7856cb43bffab2a32d28a6267be8 \
+    --hash=sha256:468fc6e16eaec6ceaa6bc341273e6e9912d01b42b740f8cf896ace7fcd6a321d \
+    --hash=sha256:d6fea3c6502735011c5d61a62aef1c1d770fc6a2def45d9e6c0d94c9651e3317 \
+    --hash=sha256:3cf95f179f4bead3d5649b91860ef4cf60ad4244209190fc405908272576d961 \
+    --hash=sha256:141f77e60a5b9158309b2b60288c7f81d37faa15c22a69b94c190ceefaaa6236 \
+    --hash=sha256:87b7a1fe703c6424451f3372d1879dae91c7fe5e13375441a72833db76fee30e \
+    --hash=sha256:f5ee3cb0cf1a6550bf483ccffa6608db267a377b45f7e3a8201a86d1d8feb19f \
+    --hash=sha256:4e097286651ea318300af3251375d48b71b8228481c56cd617ddd4459a1ff261 \
+    --hash=sha256:1e3d3ae3f22f22d50d340f47f25227511326f3f1396c6d2446a5b45b516c4313 \
+    --hash=sha256:6a057941cb64d79834ea3cf99093fcc4787c2a5d44f686c4f297361ddc419bcd \
+    --hash=sha256:68b3d5390b92559ddd3353c73ab2dfcff758f9c4ec4f5d5226ccede0e5d779f4 \
+    --hash=sha256:545dc003b4b6081f9c3e452da15d819b04b696f49484aff64c0a2aedf766bef8 \
+    --hash=sha256:423ff890c01be7c70dbfeaa967eeef5146f1a43a5f810ffdc07b178e48a105a9
 enum34==1.1.2 \
    --hash=sha256:2475d7fcddf5951e92ff546972758802de5260bf409319a9f1934e6bbc8b1dc7 \
    --hash=sha256:35907defb0f992b75ab7788f65fedc1cf20ffa22688e0e6f6f12afc06b3ea501
@@ -645,28 +672,6 @@ parsedatetime==2.1 \
 pbr==1.8.1 \
    --hash=sha256:46c8db75ae75a056bd1cc07fa21734fe2e603d11a07833ecc1eeb74c35c72e0c \
    --hash=sha256:e2127626a91e6c885db89668976db31020f0af2da728924b56480fc7ccf09649
-psutil==3.3.0 \
-    --hash=sha256:584f0b29fcc5d523b433cb8918b2fc74d67e30ee0b44a95baf031528f424619f \
-    --hash=sha256:28ca0b6e9d99aa8dc286e8747a4471362b69812a25291de29b6a8d70a1545a0d \
-    --hash=sha256:167ad5fff52a672c4ddc1c1a0b25146d6813ebb08a9aab0a3ac45f8a5b669c3b \
-    --hash=sha256:e6dea6173a988727bb223d3497349ad5cdef5c0b282eff2d83e5f9065c53f85f \
-    --hash=sha256:2af5e0a4aad66049955d0734aa4e3dc8caa17a9eaf8b4c1a27a5f1ee6e40f6fc \
-    --hash=sha256:d9884dc0dc2e55e2448e495778dc9899c1c8bf37aeb2f434c1bea74af93c2683 \
-    --hash=sha256:e27c2fe6dfcc8738be3d2c5a022f785eb72971057e1a9e1e34fba73bce8a71a6 \
-    --hash=sha256:65afd6fecc8f3aed09ee4be63583bc8eb472f06ceaa4fe24c4d1d5a1a3c0e13f \
-    --hash=sha256:ba1c558fbfcdf94515c2394b1155c1dc56e2bc2a9c17d30349827c9ed8a67e46 \
-    --hash=sha256:ba95ea0022dcb64d36f0c1335c0605fae35bdf3e0fea8d92f5d0f6456a35e55b \
-    --hash=sha256:421b6591d16b509aaa8d8c15821d66bb94cb4a8dc4385cad5c51b85d4a096d85 \
-    --hash=sha256:326b305cbdb6f94dafbfe2c26b11da88b0ab07b8a07f8188ab9d75ff0c6e841a \
-    --hash=sha256:9aede5b2b6fe46b3748ea8e5214443890d1634027bef3d33b7dad16556830278 \
-    --hash=sha256:73bed1db894d1aa9c3c7e611d302cdeab7ae8a0dc0eeaf76727878db1ac5cd87 \
-    --hash=sha256:935b5dd6d558af512f42501a7c08f41d7aff139af1bb3959daa3abb859234d6c \
-    --hash=sha256:4ca0111cf157dcc0f2f69a323c5b5478718d68d45fc9435d84be0ec0f186215b \
-    --hash=sha256:b6f13c95398a3fcf0226c4dcfa448560ba5865259cd96ec2810658651e932189 \
-    --hash=sha256:ee6be30d1635bbdea4c4325d507dc8a0dbbde7e1c198bd62ddb9f43198b9e214 \
-    --hash=sha256:dfa786858c268d7fbbe1b6175e001ec02738d7cfae0a7ce77bf9b651af676729 \
-    --hash=sha256:aa77f9de72af9c16cc288cd4a24cf58824388f57d7a81e400c4616457629870e \
-    --hash=sha256:f500093357d04da8140d87932cac2e54ef592a54ca8a743abb2850f60c2c22eb
 pyasn1==0.1.9 \
    --hash=sha256:61f9d99e3cef65feb1bfe3a2eef7a93eb93819d345bf54bcd42f4e63d5204dae \
    --hash=sha256:1802a6dd32045e472a419db1441aecab469d33e0d2749e192abdec52101724af \
@@ -679,9 +684,18 @@ pyasn1==0.1.9 \
    --hash=sha256:5191ff6b9126d2c039dd87f8ff025bed274baf07fa78afa46f556b1ad7265d6e \
    --hash=sha256:8323e03637b2d072cc7041300bac6ec448c3c28950ab40376036788e9a1af629 \
    --hash=sha256:853cacd96d1f701ddd67aa03ecc05f51890135b7262e922710112f12a2ed2a7f
-pyOpenSSL==0.15.1 \
-    --hash=sha256:88e45e6bb25dfed272a1ef2e728461d44b634c2cd689e989b6e56a349c5a3ae5 \
-    --hash=sha256:f0a26070d6db0881de8bcc7846934b7c3c930d8f9c79d45883ee48984bc0d672
+pyopenssl==16.0.0 \
+    --hash=sha256:5add70cf00273bf957ca31fdb0df9b0ae4639e081897d5f86a0ae1f104901230 \
+    --hash=sha256:363d10ee43d062285facf4e465f4f5163f9f702f9134f0a5896f134cbb92d17d
+pyparsing==2.1.8 \
+    --hash=sha256:2f0f5ceb14eccd5aef809d6382e87df22ca1da583c79f6db01675ce7d7f49c18 \
+    --hash=sha256:03a4869b9f3493807ee1f1cb405e6d576a1a2ca4d81a982677c0c1ad6177c56b \
+    --hash=sha256:ab09aee814c0241ff0c503cff30018219fe1fc14501d89f406f4664a0ec9fbcd \
+    --hash=sha256:6e9a7f052f8e26bcf749e4033e3115b6dc7e3c85aafcb794b9a88c9d9ef13c97 \
+    --hash=sha256:9f463a6bcc4eeb6c08f1ed84439b17818e2085937c0dee0d7674ac127c67c12b \
+    --hash=sha256:3626b4d81cfb300dad57f52f2f791caaf7b06c09b368c0aa7b868e53a5775424 \
+    --hash=sha256:367b90cc877b46af56d4580cd0ae278062903f02b8204ab631f5a2c0f50adfd0 \
+    --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13
 pyRFC3339==1.0 \
    --hash=sha256:eea31835c56e2096af4363a5745a784878a61d043e247d3a6d6a0a32a9741f56 \
    --hash=sha256:8dfbc6c458b8daba1c0f3620a8c78008b323a268b27b7359e92a4ae41325f535
@@ -747,15 +761,18 @@ letsencrypt==0.7.0 \

 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.

-acme==0.8.1 \
-    --hash=sha256:ccd7883772efbf933f91713b8241455993834f3620c8fbd459d9ed5e50bbaaca \
-    --hash=sha256:d3ea4acf280bf6253ad7d641cb0970f230a19805acfed809e7a8ddcf62157d9f
-certbot==0.8.1 \
-    --hash=sha256:89805d9f70249ae859ec4d7a99c00b4bb7083ca90cd12d4d202b76dfc284f7c5 \
-    --hash=sha256:6ca8df3d310ced6687d38aac17c0fb8c1b2ec7a3bea156a254e4cc2a1c132771
-certbot-apache==0.8.1 \
-    --hash=sha256:c9e3fdc15e65589c2e39eb0e6b1f61f0c0a1db3c17b00bb337f0ff636cc61cb3 \
-    --hash=sha256:0faf2879884d3b7a58b071902fba37d4b8b58a50e2c3b8ac262c0a74134045ed
+acme==0.9.0 \
+    --hash=sha256:6d98bdec5fd9171e368a39cb2458d2d62599e52e2899650684379dba03f09d96 \
+    --hash=sha256:fca3e57e5155ee0e80852e1b13a9d76a302728b78a9a1c2c38cb77d699aab7c5
+certbot==0.9.0 \
+    --hash=sha256:08652503bb94f0863c2c2d53d37fc48966b080a70f578f980b05eee11bea7eaf \
+    --hash=sha256:8dd4d3e2de2b2392fd8f41e73434dae737653bc41a54ce4a273768519a5ab61e
+certbot-apache==0.9.0 \
+    --hash=sha256:10e3096ff27adf6e75aff7722ada963f1337ef455f203495c025e883d8f816e2 \
+    --hash=sha256:fd8bb3e7d36c64a5841083bed447250e110d458323b51d8a210b8f0b18e28c9a
+certbot-nginx==0.9.0 \
+    --hash=sha256:edbb7c1164225af770af6aea42496b575b5c115afa4d9ab7b1e587b3e6d0c92b \
+    --hash=sha256:2f18504832b13f11e07dc87df758a7c5c68e24341628eb334ff7a5976a384717

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
@@ -912,13 +929,19 @@ UNLIKELY_EOF
    # Set PATH so pipstrap upgrades the right (v)env:
    PATH="$VENV_BIN:$PATH" "$VENV_BIN/python" "$TEMP_DIR/pipstrap.py"
    set +e
+    if [ "$VERBOSE" = 1 ]; then
+      "$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt"
+    else
      PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`
+    fi
    PIP_STATUS=$?
    set -e
    if [ "$PIP_STATUS" != 0 ]; then
      # Report error. (Otherwise, be quiet.)
-      echo "Had a problem while installing Python packages:"
+      echo "Had a problem while installing Python packages."
+      if [ "$VERBOSE" != 1 ]; then
        echo "$PIP_OUT"
+      fi
      rm -rf "$VENV_PATH"
      exit 1
    fi
@@ -926,9 +949,11 @@ UNLIKELY_EOF
  fi
  if [ -n "$SUDO" ]; then
    # SUDO is su wrapper or sudo
+    if [  "$QUIET" != 1 ]; then
      echo "Requesting root privileges to run certbot..."
      echo "  $VENV_BIN/letsencrypt" "$@"
    fi
+  fi
  if [ -z "$SUDO_ENV" ] ; then
    # SUDO is su wrapper / noop
    $SUDO "$VENV_BIN/letsencrypt" "$@"
--- a/certbot-compatibility-test/setup.py
+++ b/certbot-compatibility-test/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.9.0.dev0'
+version = '0.10.0.dev0'

 install_requires = [
    'certbot',
--- a/certbot-nginx/setup.py
+++ b/certbot-nginx/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.9.0.dev0'
+version = '0.10.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot/init.py
+++ b/certbot/init.py
@@ -1,4 +1,4 @@
 """Certbot client."""

 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '0.9.0.dev0'
+__version__ = '0.10.0.dev0'
--- a/docs/cli-help.txt
+++ b/docs/cli-help.txt
@@ -21,7 +21,7 @@ optional arguments:
                        config file path (default: None)
  -v, --verbose         This flag can be used multiple times to incrementally
                        increase the verbosity of output, e.g. -vvv. (default:
-                        -3)
+                        -2)
  -t, --text            Use the text output instead of the curses UI.
                        (default: False)
  -n, --non-interactive, --noninteractive
@@ -29,7 +29,11 @@ optional arguments:
                        require additional command line flags; the client will
                        try to explain which ones are required if it finds one
                        missing (default: False)
-  --dialog              Run using dialog (default: False)
+  --dialog              Run using interactive dialog menus (default: False)
+  -d DOMAIN, --domains DOMAIN, --domain DOMAIN
+                        Domain names to apply. For multiple domains you can
+                        use multiple -d flags or enter a comma separated list
+                        of domains as a parameter. (default: [])
  --dry-run             Perform a test run of the client, obtaining test
                        (invalid) certs but not saving them to disk. This can
                        currently only be used with the 'certonly' and 'renew'
@@ -62,10 +66,16 @@ optional arguments:
  -m EMAIL, --email EMAIL
                        Email used for registration and recovery contact.
                        (default: None)
-  -d DOMAIN, --domains DOMAIN, --domain DOMAIN
-                        Domain names to apply. For multiple domains you can
-                        use multiple -d flags or enter a comma separated list
-                        of domains as a parameter. (default: [])
+  --preferred-challenges PREF_CHALLS
+                        A sorted, comma delimited list of the preferred
+                        challenge to use during authorization with the most
+                        preferred challenge listed first (Eg, "dns" or "tls-
+                        sni-01,http,dns"). Not all plugins support all
+                        challenges. See
+                        https://certbot.eff.org/docs/using.html#plugins for
+                        details. ACME Challenges are versioned, but if you
+                        pick "http" rather than "http-01", Certbot will select
+                        the latest version automatically. (default: [])
  --user-agent USER_AGENT
                        Set a custom user agent string for the client. User
                        agent strings allow the CA to collect high level
@@ -104,35 +114,15 @@ automation:
  --duplicate           Allow making a certificate lineage that duplicates an
                        existing one (both can be renewed in parallel)
                        (default: False)
-  --os-packages-only    (letsencrypt-auto only) install OS package
-                        dependencies and then stop (default: False)
-  --no-self-upgrade     (letsencrypt-auto only) prevent the letsencrypt-auto
-                        script from upgrading itself to newer released
-                        versions (default: False)
+  --os-packages-only    (certbot-auto only) install OS package dependencies
+                        and then stop (default: False)
+  --no-self-upgrade     (certbot-auto only) prevent the certbot-auto script
+                        from upgrading itself to newer released versions
+                        (default: False)
  -q, --quiet           Silence all output except errors. Useful for
                        automation via cron. Implies --non-interactive.
                        (default: False)

-testing:
-  The following flags are meant for testing purposes only! Do NOT change
-  them, unless you really know what you're doing!
-
-  --debug               Show tracebacks in case of errors, and allow
-                        letsencrypt-auto execution on experimental platforms
-                        (default: False)
-  --no-verify-ssl       Disable SSL certificate verification. (default: False)
-  --tls-sni-01-port TLS_SNI_01_PORT
-                        Port number to perform tls-sni-01 challenge. Boulder
-                        in testing mode defaults to 5001. (default: 443)
-  --http-01-port HTTP01_PORT
-                        Port used in the SimpleHttp challenge. (default: 80)
-  --break-my-certs      Be willing to replace or renew valid certs with
-                        invalid (testing/staging) certs (default: False)
-  --test-cert, --staging
-                        Use the staging server to obtain test (invalid) certs;
-                        equivalent to --server https://acme-
-                        staging.api.letsencrypt.org/directory (default: False)
-
 security:
  Security parameters & server settings

@@ -147,8 +137,8 @@ security:
                        HTTPS for the newly authenticated vhost. (default:
                        None)
  --hsts                Add the Strict-Transport-Security header to every HTTP
-                        response. Forcing browser to always use SSL for
-                        the domain. Defends against SSL Stripping. (default:
+                        response. Forcing browser to always use SSL for the
+                        domain. Defends against SSL Stripping. (default:
                        False)
  --no-hsts             Do not automatically add the Strict-Transport-Security
                        header to every HTTP response. (default: False)
@@ -168,6 +158,22 @@ security:
                        current user; only needed if your config is somewhere
                        unsafe like /tmp/ (default: False)

+testing:
+  The following flags are meant for testing purposes only! Do NOT change
+  them, unless you really know what you're doing!
+
+  --test-cert, --staging
+                        Use the staging server to obtain test (invalid) certs;
+                        equivalent to --server https://acme-
+                        staging.api.letsencrypt.org/directory (default: False)
+  --debug               Show tracebacks in case of errors, and allow certbot-
+                        auto execution on experimental platforms (default:
+                        False)
+  --no-verify-ssl       Disable verification of the ACME server's certificate.
+                        (default: False)
+  --break-my-certs      Be willing to replace or renew valid certs with
+                        invalid (testing/staging) certs (default: False)
+
 renew:
  The 'renew' subcommand will attempt to renew all certificates (or more
  precisely, certificate lineages) you have previously obtained if they are
@@ -194,11 +200,11 @@ renew:
                        (default: None)
  --renew-hook RENEW_HOOK
                        Command to be run in a shell once for each
-                        successfully renewed certificate.For this command, the
-                        shell variable $RENEWED_LINEAGE will point to
-                        theconfig live subdirectory containing the new certs
-                        and keys; the shell variable $RENEWED_DOMAINS will
-                        contain a space-delimited list of renewed cert domains
+                        successfully renewed certificate. For this command,
+                        the shell variable $RENEWED_LINEAGE will point to the
+                        config live subdirectory containing the new certs and
+                        keys; the shell variable $RENEWED_DOMAINS will contain
+                        a space-delimited list of renewed cert domains
                        (default: None)
  --disable-hook-validation
                        Ordinarily the commands specified for --pre-hook
@@ -213,6 +219,16 @@ renew:
 certonly:
  Options for modifying how a cert is obtained

+  --tls-sni-01-port TLS_SNI_01_PORT
+                        Port used during tls-sni-01 challenge. This only
+                        affects the port Certbot listens on. A conforming ACME
+                        server will still attempt to connect on port 443.
+                        (default: 443)
+  --http-01-port HTTP01_PORT
+                        Port used in the http-01 challenge.This only affects
+                        the port Certbot listens on. A conforming ACME server
+                        will still attempt to connect on port 80. (default:
+                        80)
  --csr CSR             Path to a Certificate Signing Request (CSR) in DER
                        format; note that the .csr file *must* contain a
                        Subject Alternative Name field for each domain you
@@ -232,7 +248,7 @@ rollback:
                        (default: 1)

 plugins:
-  Plugin options
+  Options for the "plugins" subcommand

  --init                Initialize plugins. (default: False)
  --prepare             Initialize and prepare plugins. (default: False)
@@ -267,10 +283,11 @@ paths:
                        https://acme-v01.api.letsencrypt.org/directory)

 plugins:
-  Certbot client supports an extensible plugins architecture. See 'certbot
-  plugins' for a list of all installed plugins and their names. You can
-  force a particular plugin by setting options provided below. Running
-  --help <plugin_name> will list flags specific to that plugin.
+  Plugin Selection: Certbot client supports an extensible plugins
+  architecture. See 'certbot plugins' for a list of all installed plugins
+  and their names. You can force a particular plugin by setting options
+  provided below. Running --help <plugin_name> will list flags specific to
+  that plugin.

  -a AUTHENTICATOR, --authenticator AUTHENTICATOR
                        Authenticator plugin name. (default: None)
@@ -290,12 +307,17 @@ plugins:
  --webroot             Obtain certs by placing files in a webroot directory.
                        (default: False)

-standalone:
-  Automatically use a temporary webserver
+nginx:
+  Nginx Web Server plugin - Alpha

-  --standalone-supported-challenges STANDALONE_SUPPORTED_CHALLENGES
-                        Supported challenges. Preferred in the order they are
-                        listed. (default: tls-sni-01,http-01)
+  --nginx-server-root NGINX_SERVER_ROOT
+                        Nginx server root directory. (default: /etc/nginx)
+  --nginx-ctl NGINX_CTL
+                        Path to the 'nginx' binary, used for 'configtest' and
+                        retrieving nginx version number. (default: nginx)
+
+standalone:
+  Spin up a temporary webserver

 manual:
  Manually configure an HTTP server
@@ -306,15 +328,6 @@ manual:
                        Automatically allows public IP logging. (default:
                        False)

-nginx:
-  Nginx Web Server - currently doesn't work
-
-  --nginx-server-root NGINX_SERVER_ROOT
-                        Nginx server root directory. (default: /etc/nginx)
-  --nginx-ctl NGINX_CTL
-                        Path to the 'nginx' binary, used for 'configtest' and
-                        retrieving nginx version number. (default: nginx)
-
 webroot:
  Place files in webroot directory

@@ -337,7 +350,7 @@ webroot:
                        {})

 apache:
-  Apache Web Server - Alpha
+  Apache Web Server plugin - Beta

  --apache-enmod APACHE_ENMOD
                        Path to the Apache 'a2enmod' binary. (default:
@@ -353,6 +366,9 @@ apache:
  --apache-vhost-root APACHE_VHOST_ROOT
                        Apache server VirtualHost configuration root (default:
                        /etc/apache2/sites-available)
+  --apache-logs-root APACHE_LOGS_ROOT
+                        Apache server logs directory (default:
+                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration. (default:
                        /etc/apache2)
--- a/157
+++ b/157
@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
 VENV_NAME="letsencrypt"
 VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
 VENV_BIN="$VENV_PATH/bin"
-LE_AUTO_VERSION="0.8.1"
+LE_AUTO_VERSION="0.9.0"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -34,6 +34,7 @@ Help for certbot itself cannot be provided until it is installed.
  -n, --non-interactive, --noninteractive   run without asking for user input
  --no-self-upgrade                         do not download updates
  --os-packages-only                        install OS dependencies and exit
+  -q, --quiet                               provide only update/error output
  -v, --verbose                             provide more output

 All arguments are accepted and forwarded to the Certbot client when run."
@@ -52,15 +53,19 @@ for arg in "$@" ; do
      HELP=1;;
    --noninteractive|--non-interactive)
      ASSUME_YES=1;;
+    --quiet)
+      QUIET=1;;
    --verbose)
      VERBOSE=1;;
    -[!-]*)
-      while getopts ":hnv" short_arg $arg; do
+      while getopts ":hnvq" short_arg $arg; do
        case "$short_arg" in
          h)
            HELP=1;;
          n)
            ASSUME_YES=1;;
+          q)
+            QUIET=1;;
          v)
            VERBOSE=1;;
        esac
@@ -121,7 +126,7 @@ ExperimentalBootstrap() {
      $2
    fi
  else
-    echo "WARNING: $1 support is very experimental at present..."
+    echo "FATAL: $1 support is very experimental at present..."
    echo "if you would like to work on improving it, please ensure you have backups"
    echo "and then run this script again with the --debug flag!"
    exit 1
@@ -276,6 +281,30 @@ BootstrapRpmCommon() {
    exit 1
  fi

+  if [ "$ASSUME_YES" = 1 ]; then
+    yes_flag="-y"
+  fi
+
+  if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then
+    echo "To use Certbot, packages from the EPEL repository need to be installed."
+    if ! $SUDO $tool list epel-release >/dev/null 2>&1; then
+      echo "Please enable this repository and try running Certbot again."
+      exit 1
+    fi
+    if [ "$ASSUME_YES" = 1 ]; then
+        /bin/echo -n "Enabling the EPEL repository in 3 seconds..."
+        sleep 1s
+        /bin/echo -ne "\e[0K\rEnabling the EPEL repository in 2 seconds..."
+        sleep 1s
+        /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..."
+        sleep 1s
+    fi
+    if ! $SUDO $tool install $yes_flag epel-release; then
+      echo "Could not enable EPEL. Aborting bootstrap!"
+      exit 1
+    fi
+  fi
+
  pkgs="
    gcc
    dialog
@@ -313,10 +342,6 @@ BootstrapRpmCommon() {
    "
  fi

-  if [ "$ASSUME_YES" = 1 ]; then
-    yes_flag="-y"
-  fi
-
  if ! $SUDO $tool install $yes_flag $pkgs; then
      echo "Could not install OS dependencies. Aborting bootstrap!"
      exit 1
@@ -565,8 +590,9 @@ if [ "$1" = "--le-auto-phase2" ]; then
    # -------------------------------------------------------------------------
    cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
 # This is the flattened list of packages certbot-auto installs. To generate
-# this, do `pip install --no-cache-dir -e acme -e . -e certbot-apache`, and
-# then use `hashin` or a more secure method to gather the hashes.
+# this, do
+# `pip install --no-cache-dir -e acme -e . -e certbot-apache -e certbot-nginx`,
+# and then use `hashin` or a more secure method to gather the hashes.

 argparse==1.4.0 \
    --hash=sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314 \
@@ -598,28 +624,29 @@ ConfigArgParse==0.10.0 \
    --hash=sha256:3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7
 configobj==5.0.6 \
    --hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
-cryptography==1.2.3 \
-    --hash=sha256:031938f73a5c5eb3e809e18ff7caeb6865351871417be6050cb8c86a9a202b9a \
-    --hash=sha256:a179a38d50f8d68b491d7a313db78f8cabe290842cecddddc7b34d408e59db0a \
-    --hash=sha256:906c88b2aadcf99cfabb24098263d1bf65ab0c8688acde10dae1f09d865920f1 \
-    --hash=sha256:6e706c5c6088770b1d1b634e959e21963e315b0255f5f4777125ad3d54082977 \
-    --hash=sha256:f5ebf8e31c48f8707921dca0e994de77813a9c9b9bf03c119c5ddf97bdcffe73 \
-    --hash=sha256:c7b89e42288cc7fbee3812e99ef5c744f22452e11d6822f6807afc6d6b3be83e \
-    --hash=sha256:8408d29865947109d8b68f1837a7cde1aa4dc86e0f79ca3ba58c0c44e443d6a5 \
-    --hash=sha256:c7e76cf3c3d925dd31fa238cfb806cffba718c0f08707d77a538768477969956 \
-    --hash=sha256:7d8de35380f31702758b7753bb5c40723832c73006dedb2f9099bf61a37f7287 \
-    --hash=sha256:5edbee71fae5469ee83fe0a37866b9398c8ce3a46325c24fcedfbf097bb48a19 \
-    --hash=sha256:594edafe4801c13bdc1cc305e7704a90c19617e95936f6ab457ee4ffe000ba50 \
-    --hash=sha256:b7fdb16a0a7f481be42da744bfe1ea2163025de21f90f2c688a316f3c354da9c \
-    --hash=sha256:207b8bf0fe0907336df38b733b487521cf9e138189aba9234ad54fe545dd0db8 \
-    --hash=sha256:509a2f05386270cf783993c90d49ffefb3dd62aee45bf1ea8ce3d2cde7271c21 \
-    --hash=sha256:ac69b65dd1af0179ede40c9f15788c88f73e628ea6c0519de3838e279bb388c6 \
-    --hash=sha256:8df6fad6c6ae12fd7004ea29357f0a2b4d3774eaeca7656530d08d2d90cd41aa \
-    --hash=sha256:0b8b96dd81cc1533a04f30382c0fe21c1972e189f794d0c4261a18cec08fd9b5 \
-    --hash=sha256:cae8fca1883f23c50ea78d89de6fe4fefdb4cea83177760f47177559414ded93 \
-    --hash=sha256:1a471ca576a9cdce1b1cd9f3a22b1d09ee44d46862037557de17919c0db44425 \
-    --hash=sha256:8ec4e8e3d453b3a1b63b5f57737a434dcf1ee4a2f26f6ff7c5a37c3f679104d2 \
-    --hash=sha256:8eb11c77dd8e73f48df6b2f7a7e16173fe0fe8fdfe266232832e88477e08454e
+cryptography==1.3.4 \
+    --hash=sha256:bede00edd11a2a62c8c98c271cc103fa3a3d72acf64f6e5e4eaf251128897b17 \
+    --hash=sha256:53b39e687b744bb548a98f40736cc529d9f60959b4e6cc551322cf9505d35eb3 \
+    --hash=sha256:474b73ad1139b4e423e46bbd818efd0d5c0df1c65d9f7c957d64c9215d77afde \
+    --hash=sha256:aaddf9592d5b99e32dd518bb4a25b147c124f9d6b4ad64b94f01b15d1666b8c8 \
+    --hash=sha256:6dcad2f407db8c3cd6ecd78361439c449a4f94786b46c54507e7e68f51e1709d \
+    --hash=sha256:475c153fc622e656f1f10a9c9941d0ac7ab18df7c38d35d563a437c1c0e34f24 \
+    --hash=sha256:86dd61df581cba04e89e45081efbc531faff1c9d99c77b1ce97f87216c356353 \
+    --hash=sha256:75cc697e4ef5fdd0102ca749114c6370dbd11db0c9132a18834858c2566247e3 \
+    --hash=sha256:ea03ad5b9df6d79fc9fc1ab23729e01e1c920d2974c5e3c634ccf45a5c378452 \
+    --hash=sha256:c8872b8fe4f3416d6338ab99612f49ab314f7856cb43bffab2a32d28a6267be8 \
+    --hash=sha256:468fc6e16eaec6ceaa6bc341273e6e9912d01b42b740f8cf896ace7fcd6a321d \
+    --hash=sha256:d6fea3c6502735011c5d61a62aef1c1d770fc6a2def45d9e6c0d94c9651e3317 \
+    --hash=sha256:3cf95f179f4bead3d5649b91860ef4cf60ad4244209190fc405908272576d961 \
+    --hash=sha256:141f77e60a5b9158309b2b60288c7f81d37faa15c22a69b94c190ceefaaa6236 \
+    --hash=sha256:87b7a1fe703c6424451f3372d1879dae91c7fe5e13375441a72833db76fee30e \
+    --hash=sha256:f5ee3cb0cf1a6550bf483ccffa6608db267a377b45f7e3a8201a86d1d8feb19f \
+    --hash=sha256:4e097286651ea318300af3251375d48b71b8228481c56cd617ddd4459a1ff261 \
+    --hash=sha256:1e3d3ae3f22f22d50d340f47f25227511326f3f1396c6d2446a5b45b516c4313 \
+    --hash=sha256:6a057941cb64d79834ea3cf99093fcc4787c2a5d44f686c4f297361ddc419bcd \
+    --hash=sha256:68b3d5390b92559ddd3353c73ab2dfcff758f9c4ec4f5d5226ccede0e5d779f4 \
+    --hash=sha256:545dc003b4b6081f9c3e452da15d819b04b696f49484aff64c0a2aedf766bef8 \
+    --hash=sha256:423ff890c01be7c70dbfeaa967eeef5146f1a43a5f810ffdc07b178e48a105a9
 enum34==1.1.2 \
    --hash=sha256:2475d7fcddf5951e92ff546972758802de5260bf409319a9f1934e6bbc8b1dc7 \
    --hash=sha256:35907defb0f992b75ab7788f65fedc1cf20ffa22688e0e6f6f12afc06b3ea501
@@ -645,28 +672,6 @@ parsedatetime==2.1 \
 pbr==1.8.1 \
    --hash=sha256:46c8db75ae75a056bd1cc07fa21734fe2e603d11a07833ecc1eeb74c35c72e0c \
    --hash=sha256:e2127626a91e6c885db89668976db31020f0af2da728924b56480fc7ccf09649
-psutil==3.3.0 \
-    --hash=sha256:584f0b29fcc5d523b433cb8918b2fc74d67e30ee0b44a95baf031528f424619f \
-    --hash=sha256:28ca0b6e9d99aa8dc286e8747a4471362b69812a25291de29b6a8d70a1545a0d \
-    --hash=sha256:167ad5fff52a672c4ddc1c1a0b25146d6813ebb08a9aab0a3ac45f8a5b669c3b \
-    --hash=sha256:e6dea6173a988727bb223d3497349ad5cdef5c0b282eff2d83e5f9065c53f85f \
-    --hash=sha256:2af5e0a4aad66049955d0734aa4e3dc8caa17a9eaf8b4c1a27a5f1ee6e40f6fc \
-    --hash=sha256:d9884dc0dc2e55e2448e495778dc9899c1c8bf37aeb2f434c1bea74af93c2683 \
-    --hash=sha256:e27c2fe6dfcc8738be3d2c5a022f785eb72971057e1a9e1e34fba73bce8a71a6 \
-    --hash=sha256:65afd6fecc8f3aed09ee4be63583bc8eb472f06ceaa4fe24c4d1d5a1a3c0e13f \
-    --hash=sha256:ba1c558fbfcdf94515c2394b1155c1dc56e2bc2a9c17d30349827c9ed8a67e46 \
-    --hash=sha256:ba95ea0022dcb64d36f0c1335c0605fae35bdf3e0fea8d92f5d0f6456a35e55b \
-    --hash=sha256:421b6591d16b509aaa8d8c15821d66bb94cb4a8dc4385cad5c51b85d4a096d85 \
-    --hash=sha256:326b305cbdb6f94dafbfe2c26b11da88b0ab07b8a07f8188ab9d75ff0c6e841a \
-    --hash=sha256:9aede5b2b6fe46b3748ea8e5214443890d1634027bef3d33b7dad16556830278 \
-    --hash=sha256:73bed1db894d1aa9c3c7e611d302cdeab7ae8a0dc0eeaf76727878db1ac5cd87 \
-    --hash=sha256:935b5dd6d558af512f42501a7c08f41d7aff139af1bb3959daa3abb859234d6c \
-    --hash=sha256:4ca0111cf157dcc0f2f69a323c5b5478718d68d45fc9435d84be0ec0f186215b \
-    --hash=sha256:b6f13c95398a3fcf0226c4dcfa448560ba5865259cd96ec2810658651e932189 \
-    --hash=sha256:ee6be30d1635bbdea4c4325d507dc8a0dbbde7e1c198bd62ddb9f43198b9e214 \
-    --hash=sha256:dfa786858c268d7fbbe1b6175e001ec02738d7cfae0a7ce77bf9b651af676729 \
-    --hash=sha256:aa77f9de72af9c16cc288cd4a24cf58824388f57d7a81e400c4616457629870e \
-    --hash=sha256:f500093357d04da8140d87932cac2e54ef592a54ca8a743abb2850f60c2c22eb
 pyasn1==0.1.9 \
    --hash=sha256:61f9d99e3cef65feb1bfe3a2eef7a93eb93819d345bf54bcd42f4e63d5204dae \
    --hash=sha256:1802a6dd32045e472a419db1441aecab469d33e0d2749e192abdec52101724af \
@@ -679,9 +684,18 @@ pyasn1==0.1.9 \
    --hash=sha256:5191ff6b9126d2c039dd87f8ff025bed274baf07fa78afa46f556b1ad7265d6e \
    --hash=sha256:8323e03637b2d072cc7041300bac6ec448c3c28950ab40376036788e9a1af629 \
    --hash=sha256:853cacd96d1f701ddd67aa03ecc05f51890135b7262e922710112f12a2ed2a7f
-pyOpenSSL==0.15.1 \
-    --hash=sha256:88e45e6bb25dfed272a1ef2e728461d44b634c2cd689e989b6e56a349c5a3ae5 \
-    --hash=sha256:f0a26070d6db0881de8bcc7846934b7c3c930d8f9c79d45883ee48984bc0d672
+pyopenssl==16.0.0 \
+    --hash=sha256:5add70cf00273bf957ca31fdb0df9b0ae4639e081897d5f86a0ae1f104901230 \
+    --hash=sha256:363d10ee43d062285facf4e465f4f5163f9f702f9134f0a5896f134cbb92d17d
+pyparsing==2.1.8 \
+    --hash=sha256:2f0f5ceb14eccd5aef809d6382e87df22ca1da583c79f6db01675ce7d7f49c18 \
+    --hash=sha256:03a4869b9f3493807ee1f1cb405e6d576a1a2ca4d81a982677c0c1ad6177c56b \
+    --hash=sha256:ab09aee814c0241ff0c503cff30018219fe1fc14501d89f406f4664a0ec9fbcd \
+    --hash=sha256:6e9a7f052f8e26bcf749e4033e3115b6dc7e3c85aafcb794b9a88c9d9ef13c97 \
+    --hash=sha256:9f463a6bcc4eeb6c08f1ed84439b17818e2085937c0dee0d7674ac127c67c12b \
+    --hash=sha256:3626b4d81cfb300dad57f52f2f791caaf7b06c09b368c0aa7b868e53a5775424 \
+    --hash=sha256:367b90cc877b46af56d4580cd0ae278062903f02b8204ab631f5a2c0f50adfd0 \
+    --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13
 pyRFC3339==1.0 \
    --hash=sha256:eea31835c56e2096af4363a5745a784878a61d043e247d3a6d6a0a32a9741f56 \
    --hash=sha256:8dfbc6c458b8daba1c0f3620a8c78008b323a268b27b7359e92a4ae41325f535
@@ -747,15 +761,18 @@ letsencrypt==0.7.0 \

 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.

-acme==0.8.1 \
-    --hash=sha256:ccd7883772efbf933f91713b8241455993834f3620c8fbd459d9ed5e50bbaaca \
-    --hash=sha256:d3ea4acf280bf6253ad7d641cb0970f230a19805acfed809e7a8ddcf62157d9f
-certbot==0.8.1 \
-    --hash=sha256:89805d9f70249ae859ec4d7a99c00b4bb7083ca90cd12d4d202b76dfc284f7c5 \
-    --hash=sha256:6ca8df3d310ced6687d38aac17c0fb8c1b2ec7a3bea156a254e4cc2a1c132771
-certbot-apache==0.8.1 \
-    --hash=sha256:c9e3fdc15e65589c2e39eb0e6b1f61f0c0a1db3c17b00bb337f0ff636cc61cb3 \
-    --hash=sha256:0faf2879884d3b7a58b071902fba37d4b8b58a50e2c3b8ac262c0a74134045ed
+acme==0.9.0 \
+    --hash=sha256:6d98bdec5fd9171e368a39cb2458d2d62599e52e2899650684379dba03f09d96 \
+    --hash=sha256:fca3e57e5155ee0e80852e1b13a9d76a302728b78a9a1c2c38cb77d699aab7c5
+certbot==0.9.0 \
+    --hash=sha256:08652503bb94f0863c2c2d53d37fc48966b080a70f578f980b05eee11bea7eaf \
+    --hash=sha256:8dd4d3e2de2b2392fd8f41e73434dae737653bc41a54ce4a273768519a5ab61e
+certbot-apache==0.9.0 \
+    --hash=sha256:10e3096ff27adf6e75aff7722ada963f1337ef455f203495c025e883d8f816e2 \
+    --hash=sha256:fd8bb3e7d36c64a5841083bed447250e110d458323b51d8a210b8f0b18e28c9a
+certbot-nginx==0.9.0 \
+    --hash=sha256:edbb7c1164225af770af6aea42496b575b5c115afa4d9ab7b1e587b3e6d0c92b \
+    --hash=sha256:2f18504832b13f11e07dc87df758a7c5c68e24341628eb334ff7a5976a384717

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
@@ -912,13 +929,19 @@ UNLIKELY_EOF
    # Set PATH so pipstrap upgrades the right (v)env:
    PATH="$VENV_BIN:$PATH" "$VENV_BIN/python" "$TEMP_DIR/pipstrap.py"
    set +e
+    if [ "$VERBOSE" = 1 ]; then
+      "$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt"
+    else
      PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`
+    fi
    PIP_STATUS=$?
    set -e
    if [ "$PIP_STATUS" != 0 ]; then
      # Report error. (Otherwise, be quiet.)
-      echo "Had a problem while installing Python packages:"
+      echo "Had a problem while installing Python packages."
+      if [ "$VERBOSE" != 1 ]; then
        echo "$PIP_OUT"
+      fi
      rm -rf "$VENV_PATH"
      exit 1
    fi
@@ -926,9 +949,11 @@ UNLIKELY_EOF
  fi
  if [ -n "$SUDO" ]; then
    # SUDO is su wrapper or sudo
+    if [  "$QUIET" != 1 ]; then
      echo "Requesting root privileges to run certbot..."
      echo "  $VENV_BIN/letsencrypt" "$@"
    fi
+  fi
  if [ -z "$SUDO_ENV" ] ; then
    # SUDO is su wrapper / noop
    $SUDO "$VENV_BIN/letsencrypt" "$@"
--- a/letsencrypt-auto-source/certbot-auto.asc
+++ b/letsencrypt-auto-source/certbot-auto.asc
@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1

-iQEcBAABAgAGBQJXYJmBAAoJEE0XyZXNl3XyyIMH/jtYFb7rl5XXN8hjlKuK5frq
-z7/jdK7fvI+mtYJ4i2Cy3yMz8T4wscXGkhxNtipbATWlpevPfjYzm4ZGC25coFZx
-fDX44w0hBBgel7EISXGR1ABXb2rj24TZxIYXwaeClylsK9n5CxcWBocn8tDlfr8t
-7VQUJEL3l1IlrnKnvpoL4Eq11sxlIPtitDPJ5c98ZM1293ZbWzIqyZKoXLIUkKHg
-pkaa80j/QMmFumxzXFenU91JusLdeoblvjjg+kzjGonjslAYIuH4wEEjz2VJuUYe
-P2+2ZyW4eLA6rRZhZ3CMtV79HzTPTWiELCYbXezb+yXJJEqzCYtIXkmbNQ3jUEY=
-=86lB
+iQEcBAABAgAGBQJX9ENHAAoJEE0XyZXNl3XyFzIH/ibJU3UOKdHWeHEq+MBCqqaN
+1oJJ7kGUpnvE+jqXpfuvKjchQjj8369ht9KW9CLXbyZycHBLYkaqYznZ69e/0Xg7
+BDs3XNGxOxVrOE4nZngqyUa3vwuT5fjq55fhUJtKaYHuKb2hkkcs0GneDt0UfTMR
+orw0OSII5OouR6CyP6I3nnyyEkt/o4Hpt0nXyf7Q+vLh1+7ljjf3FhFd52D/kfxa
+i1XoiHq5WdXnnqDDS3RQj+0KAPLm31rfM3kN201+HIxamtRJaPPX+v3iXkATtKGf
+CiB/PD/ZSAS6priPThhwj3bRId2zE+PQDha0TE18qHyaGvCACG8uTAIWGoQimWY=
+=KF0F
 -----END PGP SIGNATURE-----
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
 VENV_NAME="letsencrypt"
 VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
 VENV_BIN="$VENV_PATH/bin"
-LE_AUTO_VERSION="0.9.0.dev0"
+LE_AUTO_VERSION="0.10.0.dev0"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -761,15 +761,18 @@ letsencrypt==0.7.0 \

 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.

-acme==0.8.1 \
-    --hash=sha256:ccd7883772efbf933f91713b8241455993834f3620c8fbd459d9ed5e50bbaaca \
-    --hash=sha256:d3ea4acf280bf6253ad7d641cb0970f230a19805acfed809e7a8ddcf62157d9f
-certbot==0.8.1 \
-    --hash=sha256:89805d9f70249ae859ec4d7a99c00b4bb7083ca90cd12d4d202b76dfc284f7c5 \
-    --hash=sha256:6ca8df3d310ced6687d38aac17c0fb8c1b2ec7a3bea156a254e4cc2a1c132771
-certbot-apache==0.8.1 \
-    --hash=sha256:c9e3fdc15e65589c2e39eb0e6b1f61f0c0a1db3c17b00bb337f0ff636cc61cb3 \
-    --hash=sha256:0faf2879884d3b7a58b071902fba37d4b8b58a50e2c3b8ac262c0a74134045ed
+acme==0.9.0 \
+    --hash=sha256:6d98bdec5fd9171e368a39cb2458d2d62599e52e2899650684379dba03f09d96 \
+    --hash=sha256:fca3e57e5155ee0e80852e1b13a9d76a302728b78a9a1c2c38cb77d699aab7c5
+certbot==0.9.0 \
+    --hash=sha256:08652503bb94f0863c2c2d53d37fc48966b080a70f578f980b05eee11bea7eaf \
+    --hash=sha256:8dd4d3e2de2b2392fd8f41e73434dae737653bc41a54ce4a273768519a5ab61e
+certbot-apache==0.9.0 \
+    --hash=sha256:10e3096ff27adf6e75aff7722ada963f1337ef455f203495c025e883d8f816e2 \
+    --hash=sha256:fd8bb3e7d36c64a5841083bed447250e110d458323b51d8a210b8f0b18e28c9a
+certbot-nginx==0.9.0 \
+    --hash=sha256:edbb7c1164225af770af6aea42496b575b5c115afa4d9ab7b1e587b3e6d0c92b \
+    --hash=sha256:2f18504832b13f11e07dc87df758a7c5c68e24341628eb334ff7a5976a384717

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
--- a/letsencrypt-auto-source/letsencrypt-auto.sig
+++ b/letsencrypt-auto-source/letsencrypt-auto.sig
--- a/letsencrypt-auto-source/pieces/letsencrypt-auto-requirements.txt
+++ b/letsencrypt-auto-source/pieces/letsencrypt-auto-requirements.txt
@@ -170,12 +170,15 @@ letsencrypt==0.7.0 \

 # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.

-acme==0.8.1 \
-    --hash=sha256:ccd7883772efbf933f91713b8241455993834f3620c8fbd459d9ed5e50bbaaca \
-    --hash=sha256:d3ea4acf280bf6253ad7d641cb0970f230a19805acfed809e7a8ddcf62157d9f
-certbot==0.8.1 \
-    --hash=sha256:89805d9f70249ae859ec4d7a99c00b4bb7083ca90cd12d4d202b76dfc284f7c5 \
-    --hash=sha256:6ca8df3d310ced6687d38aac17c0fb8c1b2ec7a3bea156a254e4cc2a1c132771
-certbot-apache==0.8.1 \
-    --hash=sha256:c9e3fdc15e65589c2e39eb0e6b1f61f0c0a1db3c17b00bb337f0ff636cc61cb3 \
-    --hash=sha256:0faf2879884d3b7a58b071902fba37d4b8b58a50e2c3b8ac262c0a74134045ed
+acme==0.9.0 \
+    --hash=sha256:6d98bdec5fd9171e368a39cb2458d2d62599e52e2899650684379dba03f09d96 \
+    --hash=sha256:fca3e57e5155ee0e80852e1b13a9d76a302728b78a9a1c2c38cb77d699aab7c5
+certbot==0.9.0 \
+    --hash=sha256:08652503bb94f0863c2c2d53d37fc48966b080a70f578f980b05eee11bea7eaf \
+    --hash=sha256:8dd4d3e2de2b2392fd8f41e73434dae737653bc41a54ce4a273768519a5ab61e
+certbot-apache==0.9.0 \
+    --hash=sha256:10e3096ff27adf6e75aff7722ada963f1337ef455f203495c025e883d8f816e2 \
+    --hash=sha256:fd8bb3e7d36c64a5841083bed447250e110d458323b51d8a210b8f0b18e28c9a
+certbot-nginx==0.9.0 \
+    --hash=sha256:edbb7c1164225af770af6aea42496b575b5c115afa4d9ab7b1e587b3e6d0c92b \
+    --hash=sha256:2f18504832b13f11e07dc87df758a7c5c68e24341628eb334ff7a5976a384717