diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py
index c63cb3c5c..db3cd051a 100644
--- a/letsencrypt/cli.py
+++ b/letsencrypt/cli.py
@@ -87,7 +87,6 @@ More detailed help:
 
 def usage_strings(plugins):
     """Make usage strings late so that plugins can be initialised late"""
-    print plugins
     if "nginx" in plugins:
         nginx_doc = "--nginx           Use the Nginx plugin for authentication & installation"
     else:
@@ -391,7 +390,7 @@ def choose_configurator_plugins(args, config, plugins, verb):
 
     # Which plugins do we need?
     need_inst = need_auth = (verb == "run")
-    if verb == "auth":
+    if verb == "certonly":
         need_auth = True
     if verb == "install":
         need_inst = True
@@ -461,7 +460,7 @@ def run(args, config, plugins):  # pylint: disable=too-many-branches,too-many-lo
         display_ops.success_renewal(domains)
 
 
-def auth(args, config, plugins):
+def obtaincert(args, config, plugins):
     """Authenticate & obtain cert, but do not install it."""
 
     if args.domains is not None and args.csr is not None:
@@ -471,7 +470,7 @@ def auth(args, config, plugins):
 
     try:
         # installers are used in auth mode to determine domain names
-        installer, authenticator = choose_configurator_plugins(args, config, plugins, "auth")
+        installer, authenticator = choose_configurator_plugins(args, config, plugins, "certonly")
     except PluginSelectionError, e:
         return e.message
 
@@ -495,7 +494,7 @@ def install(args, config, plugins):
     # XXX: Update for renewer/RenewableCert
 
     try:
-        installer, _ = choose_configurator_plugins(args, config, plugins, "auth")
+        installer, _ = choose_configurator_plugins(args, config, plugins, "certonly")
     except PluginSelectionError, e:
         return e.message
 
@@ -623,7 +622,7 @@ class HelpfulArgumentParser(object):
     """
 
     # Maps verbs/subcommands to the functions that implement them
-    VERBS = {"auth": auth, "certonly": auth, "config_changes": config_changes,
+    VERBS = {"auth": obtaincert, "certonly": obtaincert, "config_changes": config_changes,
              "install": install, "plugins": plugins_cmd,
              "revoke": revoke, "rollback": rollback, "run": run}
 
@@ -685,8 +684,8 @@ class HelpfulArgumentParser(object):
         for i, token in enumerate(self.args):
             if token in self.VERBS:
                 verb = token
-                if verb == "certonly":
-                    verb = "auth"
+                if verb == "auth":
+                    verb = "certonly"
                 if verb == "everything":
                     verb = "run"
                 self.verb = verb
@@ -774,8 +773,8 @@ class HelpfulArgumentParser(object):
         """
         # topics maps each topic to whether it should be documented by
         # argparse on the command line
-        if chosen_topic == "certonly":
-            chosen_topic = "auth"
+        if chosen_topic == "auth":
+            chosen_topic = "certonly"
         if chosen_topic == "everything":
             chosen_topic = "run"
         if chosen_topic == "all":
@@ -884,13 +883,13 @@ def prepare_and_parse_args(plugins, args):
 
 
 def _create_subparsers(helpful):
-    helpful.add_group("auth", description="Options for modifying how a cert is obtained")
+    helpful.add_group("certonly", description="Options for modifying how a cert is obtained")
     helpful.add_group("install", description="Options for modifying how a cert is deployed")
     helpful.add_group("revoke", description="Options for revocation of certs")
     helpful.add_group("rollback", description="Options for reverting config changes")
     helpful.add_group("plugins", description="Plugin options")
 
-    helpful.add("auth",
+    helpful.add("certonly",
                 "--csr", type=read_file,
                 help="Path to a Certificate Signing Request (CSR) in DER"
                 " format; note that the .csr file *must* contain a Subject"
@@ -918,7 +917,7 @@ def _paths_parser(helpful):
         "paths", description="Arguments changing execution paths & servers")
 
     cph = "Path to where cert is saved (with auth), installed (with install --csr) or revoked."
-    if verb == "auth":
+    if verb == "certonly":
         add("paths", "--cert-path", default=flag_default("auth_cert_path"), help=cph)
     elif verb == "revoke":
         add("paths", "--cert-path", type=read_file, required=True, help=cph)
@@ -931,7 +930,7 @@ def _paths_parser(helpful):
         help="Path to private key for cert creation or revocation (if account key is missing)")
 
     default_cp = None
-    if verb == "auth":
+    if verb == "certonly":
         default_cp = flag_default("auth_chain_path")
     add("paths", "--fullchain-path", default=default_cp,
         help="Accompanying path to a full certificate chain (cert plus chain).")
diff --git a/letsencrypt/tests/cli_test.py b/letsencrypt/tests/cli_test.py
index d8f6215dc..e7062f675 100644
--- a/letsencrypt/tests/cli_test.py
+++ b/letsencrypt/tests/cli_test.py
@@ -130,8 +130,8 @@ class CLITest(unittest.TestCase):
             self.assertTrue("Could not find configuration root" in ret)
             self.assertTrue("NoInstallationError" in ret)
 
-        with MockedVerb("auth") as mock_auth:
-            self._call(["certonly", "--standalone"])
+        with MockedVerb("certonly") as mock_certonly:
+            self._call(["auth", "--standalone"])
             self.assertEqual(1, mock_auth.call_count)
 
     def test_rollback(self):
@@ -153,16 +153,16 @@ class CLITest(unittest.TestCase):
                   for r in xrange(len(flags)))):
             self._call(['plugins'] + list(args))
 
-    def test_auth_bad_args(self):
-        ret, _, _, _ = self._call(['-d', 'foo.bar', 'auth', '--csr', CSR])
+    def test_certonly_bad_args(self):
+        ret, _, _, _ = self._call(['-d', 'foo.bar', 'certonly', '--csr', CSR])
         self.assertEqual(ret, '--domains and --csr are mutually exclusive')
 
-        ret, _, _, _ = self._call(['-a', 'bad_auth', 'auth'])
+        ret, _, _, _ = self._call(['-a', 'bad_auth', 'certonly'])
         self.assertEqual(ret, 'The requested bad_auth plugin does not appear to be installed')
 
     @mock.patch('letsencrypt.crypto_util.notAfter')
     @mock.patch('letsencrypt.cli.zope.component.getUtility')
-    def test_auth_new_request_success(self, mock_get_utility, mock_notAfter):
+    def test_certonly_new_request_success(self, mock_get_utility, mock_notAfter):
         cert_path = '/etc/letsencrypt/live/foo.bar'
         date = '1970-01-01'
         mock_notAfter().date.return_value = date
@@ -170,7 +170,7 @@ class CLITest(unittest.TestCase):
         mock_lineage = mock.MagicMock(cert=cert_path, fullchain=cert_path)
         mock_client = mock.MagicMock()
         mock_client.obtain_and_enroll_certificate.return_value = mock_lineage
-        self._auth_new_request_common(mock_client)
+        self._certonly_new_request_common(mock_client)
         self.assertEqual(
             mock_client.obtain_and_enroll_certificate.call_count, 1)
         self.assertTrue(
@@ -178,23 +178,23 @@ class CLITest(unittest.TestCase):
         self.assertTrue(
             date in mock_get_utility().add_message.call_args[0][0])
 
-    def test_auth_new_request_failure(self):
+    def test_certonly_new_request_failure(self):
         mock_client = mock.MagicMock()
         mock_client.obtain_and_enroll_certificate.return_value = False
         self.assertRaises(errors.Error,
-                          self._auth_new_request_common, mock_client)
+                          self._certonly_new_request_common, mock_client)
 
-    def _auth_new_request_common(self, mock_client):
+    def _certonly_new_request_common(self, mock_client):
         with mock.patch('letsencrypt.cli._treat_as_renewal') as mock_renewal:
             mock_renewal.return_value = None
             with mock.patch('letsencrypt.cli._init_le_client') as mock_init:
                 mock_init.return_value = mock_client
-                self._call(['-d', 'foo.bar', '-a', 'standalone', 'auth'])
+                self._call(['-d', 'foo.bar', '-a', 'standalone', 'certonly'])
 
     @mock.patch('letsencrypt.cli.zope.component.getUtility')
     @mock.patch('letsencrypt.cli._treat_as_renewal')
     @mock.patch('letsencrypt.cli._init_le_client')
-    def test_auth_renewal(self, mock_init, mock_renewal, mock_get_utility):
+    def test_certonly_renewal(self, mock_init, mock_renewal, mock_get_utility):
         cert_path = '/etc/letsencrypt/live/foo.bar/cert.pem'
         chain_path = '/etc/letsencrypt/live/foo.bar/fullchain.pem'
 
@@ -208,7 +208,7 @@ class CLITest(unittest.TestCase):
         mock_init.return_value = mock_client
         with mock.patch('letsencrypt.cli.OpenSSL'):
             with mock.patch('letsencrypt.cli.crypto_util'):
-                self._call(['-d', 'foo.bar', '-a', 'standalone', 'auth'])
+                self._call(['-d', 'foo.bar', '-a', 'standalone', 'certonly'])
         mock_client.obtain_certificate.assert_called_once_with(['foo.bar'])
         self.assertEqual(mock_lineage.save_successor.call_count, 1)
         mock_lineage.update_all_links_to.assert_called_once_with(
@@ -220,7 +220,7 @@ class CLITest(unittest.TestCase):
     @mock.patch('letsencrypt.cli.display_ops.pick_installer')
     @mock.patch('letsencrypt.cli.zope.component.getUtility')
     @mock.patch('letsencrypt.cli._init_le_client')
-    def test_auth_csr(self, mock_init, mock_get_utility,
+    def test_certonly_csr(self, mock_init, mock_get_utility,
                       mock_pick_installer, mock_notAfter):
         cert_path = '/etc/letsencrypt/live/blahcert.pem'
         date = '1970-01-01'
@@ -234,7 +234,7 @@ class CLITest(unittest.TestCase):
 
         installer = 'installer'
         self._call(
-            ['-a', 'standalone', '-i', installer, 'auth', '--csr', CSR,
+            ['-a', 'standalone', '-i', installer, 'certonly', '--csr', CSR,
              '--cert-path', cert_path, '--fullchain-path', '/',
              '--chain-path', '/'])
         self.assertEqual(mock_pick_installer.call_args[0][1], installer)