diff --git a/README.rst b/README.rst index 050cde82b..91a3cfcb5 100644 --- a/README.rst +++ b/README.rst @@ -3,9 +3,9 @@ Disclaimer ========== -The Let's Encrypt Client is **BETA SOFTWARE**. It contains plenty of bugs and -rough edges, and should be tested thoroughly in staging environments before use -on production systems. +Certbot (previously, the Let's Encrypt client) is **BETA SOFTWARE**. It +contains plenty of bugs and rough edges, and should be tested thoroughly in +staging environments before use on production systems. For more information regarding the status of the project, please see https://letsencrypt.org. Be sure to checkout the @@ -128,16 +128,15 @@ System Requirements =================== The Let's Encrypt Client presently only runs on Unix-ish OSes that include -Python 2.6 or 2.7; Python 3.x support will be added after the Public Beta -launch. The client requires root access in order to write to -``/etc/letsencrypt``, ``/var/log/letsencrypt``, ``/var/lib/letsencrypt``; to -bind to ports 80 and 443 (if you use the ``standalone`` plugin) and to read and -modify webserver configurations (if you use the ``apache`` or ``nginx`` -plugins). If none of these apply to you, it is theoretically possible to run -without root privileges, but for most users who want to avoid running an ACME -client as root, either `letsencrypt-nosudo -`_ or `simp_le -`_ are more appropriate choices. +Python 2.6 or 2.7; Python 3.x support will hopefully be added in the future. The +client requires root access in order to write to ``/etc/letsencrypt``, +``/var/log/letsencrypt``, ``/var/lib/letsencrypt``; to bind to ports 80 and 443 +(if you use the ``standalone`` plugin) and to read and modify webserver +configurations (if you use the ``apache`` or ``nginx`` plugins). If none of +these apply to you, it is theoretically possible to run without root privileges, +but for most users who want to avoid running an ACME client as root, either +`letsencrypt-nosudo `_ or +`simp_le `_ are more appropriate choices. The Apache plugin currently requires a Debian-based OS with augeas version 1.0; this includes Ubuntu 12.04+ and Debian 7+. diff --git a/certbot-apache/certbot_apache/tests/tls_sni_01_test.py b/certbot-apache/certbot_apache/tests/tls_sni_01_test.py index 17ef92004..aa6a2a09c 100644 --- a/certbot-apache/certbot_apache/tests/tls_sni_01_test.py +++ b/certbot-apache/certbot_apache/tests/tls_sni_01_test.py @@ -4,6 +4,7 @@ import shutil import mock +from certbot import errors from certbot.plugins import common_test from certbot_apache import obj @@ -137,6 +138,16 @@ class TlsSniPerformTest(util.ApacheTest): set([obj.Addr.fromstring("*:443")]), self.sni._get_addrs(self.achalls[0])) + def test_get_addrs_no_vhost_found(self): + self.sni.configurator.choose_vhost = mock.Mock( + side_effect=errors.MissingCommandlineFlag( + "Failed to run Apache plugin non-interactively")) + + # pylint: disable=protected-access + self.assertEqual( + set([obj.Addr.fromstring("*:443")]), + self.sni._get_addrs(self.achalls[0])) + if __name__ == "__main__": unittest.main() # pragma: no cover diff --git a/certbot-apache/certbot_apache/tls_sni_01.py b/certbot-apache/certbot_apache/tls_sni_01.py index 1236c2eb9..f14f7be0f 100644 --- a/certbot-apache/certbot_apache/tls_sni_01.py +++ b/certbot-apache/certbot_apache/tls_sni_01.py @@ -4,6 +4,7 @@ import os import logging from certbot.plugins import common +from certbot.errors import PluginError, MissingCommandlineFlag from certbot_apache import obj from certbot_apache import parser @@ -116,12 +117,21 @@ class ApacheTlsSni01(common.TLSSNI01): def _get_addrs(self, achall): """Return the Apache addresses needed for TLS-SNI-01.""" - vhost = self.configurator.choose_vhost(achall.domain, temp=True) # TODO: Checkout _default_ rules. addrs = set() default_addr = obj.Addr(("*", str( self.configurator.config.tls_sni_01_port))) + try: + vhost = self.configurator.choose_vhost(achall.domain, temp=True) + except (PluginError, MissingCommandlineFlag): + # We couldn't find the virtualhost for this domain, possibly + # because it's a new vhost that's not configured yet (GH #677), + # or perhaps because there were multiple sections + # in the config file (GH #1042). See also GH #2600. + addrs.add(default_addr) + return addrs + for addr in vhost.addrs: if "_default_" == addr.get_addr(): addrs.add(default_addr) diff --git a/certbot/cli.py b/certbot/cli.py index e2c57595b..97b1a5399 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -37,7 +37,7 @@ helpful_parser = None # should only be used for purposes where inability to detect letsencrypt-auto # fails safely -fragment = os.path.join(".local", "share", "certbot") +fragment = os.path.join(".local", "share", "letsencrypt") cli_command = "letsencrypt-auto" if fragment in sys.argv[0] else "certbot" # Argparse's help formatting has a lot of unhelpful peculiarities, so we want diff --git a/docs/using.rst b/docs/using.rst index 66c5907ae..60c074d75 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -124,7 +124,7 @@ or ``--webroot-path /usr/share/nginx/html`` are two common webroot paths. If you're getting a certificate for many domains at once, the plugin needs to know where each domain's files are served from, which could -potentially be a separate directory for each domain. When requested a +potentially be a separate directory for each domain. When requesting a certificate for multiple domains, each domain will use the most recently specified ``--webroot-path``. So, for instance, @@ -184,11 +184,11 @@ be on a different computer. Nginx ----- -In the future, if you're running Nginx you can use this plugin to -automatically obtain and install your certificate. The Nginx plugin -is still experimental, however, and is not installed with -letsencrypt-auto_. If installed, you can select this plugin on the -command line by including ``--nginx``. +In the future, if you're running Nginx you will hopefully be able to use this +plugin to automatically obtain and install your certificate. The Nginx plugin is +still experimental, however, and is not installed with letsencrypt-auto_. If +installed, you can select this plugin on the command line by including +``--nginx``. Third-party plugins ------------------- @@ -446,7 +446,13 @@ If you run Debian Stretch or Debian Sid, you can install letsencrypt packages. If you don't want to use the Apache plugin, you can omit the ``python-letsencrypt-apache`` package. -Packages for Debian Jessie are coming in the next few weeks. +Packages exist for Debian Jessie via backports. First you'll have to follow the +instructions at http://backports.debian.org/Instructions/ to enable the Jessie backports +repo, if you have not already done so. Then run: + +.. code-block:: shell + + sudo apt-get install certbot python-certbot-apache -t jessie-backports **Fedora** diff --git a/setup.py b/setup.py index 67cefdc48..4ee56576b 100644 --- a/setup.py +++ b/setup.py @@ -39,7 +39,7 @@ install_requires = [ 'ConfigArgParse>=0.9.3', 'configobj', 'cryptography>=0.7', # load_pem_x509_certificate - 'parsedatetime', + 'parsedatetime>=1.3', # Calendar.parseDT 'psutil>=2.1.0', # net_connections introduced in 2.1.0 'PyOpenSSL', 'pyrfc3339', diff --git a/tests/travis-integration.sh b/tests/travis-integration.sh index 1b51f0980..159a2ef80 100755 --- a/tests/travis-integration.sh +++ b/tests/travis-integration.sh @@ -6,14 +6,14 @@ set -o errexit source .tox/$TOXENV/bin/activate -export LETSENCRYPT_PATH=`pwd` +export CERTBOT_PATH=`pwd` cd $GOPATH/src/github.com/letsencrypt/boulder/ # boulder's integration-test.py has code that knows to start and wait for the # boulder processes to start reliably and then will run the certbot -# boulder-interation.sh on its own. The --letsencrypt flag says to run only the +# boulder-interation.sh on its own. The --certbot flag says to run only the # certbot tests (instead of any other client tests it might run). We're # going to want to define a more robust interaction point between the boulder # and certbot tests, but that will be better built off of this. -python test/integration-test.py --letsencrypt +python test/integration-test.py --certbot diff --git a/tools/_venv_common.sh b/tools/_venv_common.sh index a121af82d..dc6ca3dd2 100755 --- a/tools/_venv_common.sh +++ b/tools/_venv_common.sh @@ -18,7 +18,8 @@ virtualenv --no-site-packages $VENV_NAME $VENV_ARGS # Separately install setuptools and pip to make sure following # invocations use latest pip install -U setuptools -pip install -U pip +# --force-reinstall used to fix broken pip installation on some systems +pip install --force-reinstall -U pip pip install "$@" set +x