diff --git a/letsencrypt/client/CONFIG.py b/letsencrypt/client/CONFIG.py deleted file mode 100644 index cc45601b5..000000000 --- a/letsencrypt/client/CONFIG.py +++ /dev/null @@ -1,81 +0,0 @@ -"""Config for Let's Encrypt.""" -import os.path - -import zope.component - -from letsencrypt.client import interfaces - - -zope.component.moduleProvides(interfaces.IConfig) - - -ACME_SERVER = "letsencrypt-demo.org:443" -"""CA hostname (and optionally :port). - -If you create your own server... change this line - -Note: the server certificate must be trusted in order to avoid -further modifications to the client.""" - - -CONFIG_DIR = "/etc/letsencrypt/" -"""Configuration file directory for letsencrypt""" - -WORK_DIR = "/var/lib/letsencrypt/" -"""Working directory for letsencrypt""" - -BACKUP_DIR = os.path.join(WORK_DIR, "backups/") -"""Directory where configuration backups are stored""" - -TEMP_CHECKPOINT_DIR = os.path.join(WORK_DIR, "temp_checkpoint/") -"""Directory where temp checkpoint is created""" - -IN_PROGRESS_DIR = os.path.join(BACKUP_DIR, "IN_PROGRESS/") -"""Directory used before a permanent checkpoint is finalized""" - -CERT_KEY_BACKUP = os.path.join(WORK_DIR, "keys-certs/") -"""Directory where all certificates/keys are stored. Used for easy revocation""" - -REV_TOKENS_DIR = os.path.join(WORK_DIR, "revocation_tokens/") -"""Directory where all revocation tokens are saved.""" - -KEY_DIR = os.path.join(CONFIG_DIR, "keys/") -"""Keys storage.""" - -CERT_DIR = os.path.join(CONFIG_DIR, "certs/") -"""Certificate storage.""" - - -LE_VHOST_EXT = "-le-ssl.conf" -"""Let's Encrypt SSL vhost configuration extension.""" - -CERT_PATH = os.path.join(CERT_DIR, "cert-letsencrypt.pem") -"""Let's Encrypt cert file.""" - -CHAIN_PATH = os.path.join(CERT_DIR, "chain-letsencrypt.pem") -"""Let's Encrypt chain file.""" - - -RSA_KEY_SIZE = 2048 -"""Key size""" - - -APACHE_CTL = "/usr/sbin/apache2ctl" -"""Path to the ``apache2ctl`` binary, used for ``configtest`` and -retrieving Apache2 version number.""" - -APACHE_ENMOD = "apache" -"""Path to the Apache ``a2enmod`` binary.""" - -APACHE_INIT_SCRIPT = "/etc/init.d/apache2" -"""Path to the Apache init script (used for server reload/restart).""" - -APACHE_REWRITE_HTTPS_ARGS = [ - "^.*$", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,R=permanent]"] -"""Apache rewrite rule arguments used for redirections to https vhost""" - -APACHE_SERVER_ROOT = "/etc/apache2/" -"""Apache server root directory""" - -APACHE_MOD_SSL_CONF = os.path.join(CONFIG_DIR, "options-ssl.conf") -"""Contains standard Apache SSL directives""" diff --git a/letsencrypt/client/apache/configurator.py b/letsencrypt/client/apache/configurator.py index e5b955b27..1f9ecbc0b 100644 --- a/letsencrypt/client/apache/configurator.py +++ b/letsencrypt/client/apache/configurator.py @@ -87,15 +87,15 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ self.config = config - server_root = self.config.APACHE_SERVER_ROOT - ssl_options = self.config.APACHE_MOD_SSL_CONF + server_root = self.config.apache_server_root + ssl_options = self.config.apache_mod_ssl_conf if direc is None: - direc = {"backup": self.config.BACKUP_DIR, - "temp": self.config.TEMP_CHECKPOINT_DIR, - "progress": self.config.IN_PROGRESS_DIR, - "config": self.config.CONFIG_DIR, - "work": self.config.WORK_DIR} + direc = {"backup": self.config.backup_dir, + "temp": self.config.temp_checkpoint_dir, + "progress": self.config.in_progress_dir, + "config": self.config.config_dir, + "work": self.config.work_dir} super(ApacheConfigurator, self).__init__(config, direc) self.direc = direc @@ -384,10 +384,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): is appropriately listening on port 443. """ - if not mod_loaded("ssl_module", self.config.APACHE_CTL): + if not mod_loaded("ssl_module", self.config.apache_ctl): logging.info("Loading mod_ssl into Apache Server") - enable_mod("ssl", self.config.APACHE_INIT_SCRIPT, - self.config.APACHE_ENMOD) + enable_mod("ssl", self.config.apache_init_script, + self.config.apache_enmod) # Check for Listen 443 # Note: This could be made to also look for ip:443 combo @@ -430,7 +430,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """Makes an ssl_vhost version of a nonssl_vhost. Duplicates vhost and adds default ssl options - New vhost will reside as (nonssl_vhost.path) + ``IConfig.LE_VHOST_EXT`` + New vhost will reside as (nonssl_vhost.path) + ``IConfig.le_vhost_ext`` .. note:: This function saves the configuration @@ -444,9 +444,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): avail_fp = nonssl_vhost.filep # Get filepath of new ssl_vhost if avail_fp.endswith(".conf"): - ssl_fp = avail_fp[:-(len(".conf"))] + self.config.LE_VHOST_EXT + ssl_fp = avail_fp[:-(len(".conf"))] + self.config.le_vhost_ext else: - ssl_fp = avail_fp + self.config.LE_VHOST_EXT + ssl_fp = avail_fp + self.config.le_vhost_ext # First register the creation so that it is properly removed if # configuration is rolled back @@ -566,9 +566,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): :rtype: (bool, :class:`letsencrypt.client.apache.obj.VirtualHost`) """ - if not mod_loaded("rewrite_module", self.config.APACHE_CTL): - enable_mod("rewrite", self.config.APACHE_INIT_SCRIPT, - self.config.APACHE_ENMOD) + if not mod_loaded("rewrite_module", self.config.apache_ctl): + enable_mod("rewrite", self.config.apache_init_script, + self.config.apache_enmod) general_v = self._general_vhost(ssl_vhost) if general_v is None: @@ -593,7 +593,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Add directives to server self.parser.add_dir(general_v.path, "RewriteEngine", "On") self.parser.add_dir(general_v.path, "RewriteRule", - self.config.APACHE_REWRITE_HTTPS_ARGS) + constants.APACHE_REWRITE_HTTPS_ARGS) self.save_notes += ('Redirecting host in %s to ssl vhost in %s\n' % (general_v.filep, ssl_vhost.filep)) self.save() @@ -632,10 +632,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if not rewrite_path: # "No existing redirection for virtualhost" return False, -1 - if len(rewrite_path) == len(self.config.APACHE_REWRITE_HTTPS_ARGS): + if len(rewrite_path) == len(constants.APACHE_REWRITE_HTTPS_ARGS): for idx, match in enumerate(rewrite_path): if (self.aug.get(match) != - self.config.APACHE_REWRITE_HTTPS_ARGS[idx]): + constants.APACHE_REWRITE_HTTPS_ARGS[idx]): # Not a letsencrypt https rewrite return True, 2 # Existing letsencrypt https rewrite rule is in place @@ -684,7 +684,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): "LogLevel warn\n" "\n" % (servername, serveralias, - " ".join(self.config.APACHE_REWRITE_HTTPS_ARGS))) + " ".join(constants.APACHE_REWRITE_HTTPS_ARGS))) # Write out the file # This is the default name @@ -886,7 +886,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): :rtype: bool """ - return apache_restart(self.config.APACHE_INIT_SCRIPT) + return apache_restart(self.config.apache_init_script) def config_test(self): # pylint: disable=no-self-use """Check the configuration of Apache for errors. @@ -897,7 +897,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ try: proc = subprocess.Popen( - ['sudo', self.config.APACHE_CTL, 'configtest'], # TODO: sudo? + ['sudo', self.config.apache_ctl, 'configtest'], # TODO: sudo? stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout, stderr = proc.communicate() @@ -928,13 +928,13 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ try: proc = subprocess.Popen( - [self.config.APACHE_CTL, '-v'], + [self.config.apache_ctl, '-v'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) text = proc.communicate()[0] except (OSError, ValueError): raise errors.LetsEncryptConfiguratorError( - "Unable to run %s -v" % self.config.APACHE_CTL) + "Unable to run %s -v" % self.config.apache_ctl) regex = re.compile(r"Apache/([0-9\.]*)", re.IGNORECASE) matches = regex.findall(text) diff --git a/letsencrypt/client/augeas_configurator.py b/letsencrypt/client/augeas_configurator.py index 57f0feae0..32435dde0 100644 --- a/letsencrypt/client/augeas_configurator.py +++ b/letsencrypt/client/augeas_configurator.py @@ -30,9 +30,9 @@ class AugeasConfigurator(object): """ if not direc: - direc = {"backup": config.BACKUP_DIR, - "temp": config.TEMP_CHECKPOINT_DIR, - "progress": config.IN_PROGRESS_DIR} + direc = {"backup": config.backup_dir, + "temp": config.temp_checkpoint_dir, + "progress": config.in_progress_dir} # Set Augeas flags to not save backup (we do it ourselves) # Set Augeas to not load anything by default diff --git a/letsencrypt/client/client.py b/letsencrypt/client/client.py index 9c87a1acb..4765e71ec 100644 --- a/letsencrypt/client/client.py +++ b/letsencrypt/client/client.py @@ -86,8 +86,8 @@ class Client(object): :rtype: `tuple` of `str` """ - cert_path = self.config.CERT_PATH - chain_path = self.config.CHAIN_PATH + cert_path = self.config.cert_path + chain_path = self.config.chain_path if self.auth_handler is None: logging.warning("Unable to obtain a certificate, because client " @@ -103,7 +103,7 @@ class Client(object): # Create CSR from names if csr is None: - csr = init_csr(self.authkey, domains, self.config.CERT_DIR) + csr = init_csr(self.authkey, domains, self.config.cert_dir) # Retrieve certificate certificate_dict = self.acme_certificate(csr.data) @@ -245,8 +245,8 @@ class Client(object): :rtype: bool """ - list_file = os.path.join(self.config.CERT_KEY_BACKUP, "LIST") - le_util.make_or_verify_dir(self.config.CERT_KEY_BACKUP, 0o700) + list_file = os.path.join(self.config.cert_key_backup, "LIST") + le_util.make_or_verify_dir(self.config.cert_key_backup, 0o700) idx = 0 if encrypt: @@ -271,11 +271,11 @@ class Client(object): shutil.copy2(self.authkey.file, os.path.join( - self.config.CERT_KEY_BACKUP, + self.config.cert_key_backup, os.path.basename(self.authkey.file) + "_" + str(idx))) shutil.copy2(cert_file, os.path.join( - self.config.CERT_KEY_BACKUP, + self.config.cert_key_backup, os.path.basename(cert_file) + "_" + str(idx))) return True diff --git a/letsencrypt/client/client_authenticator.py b/letsencrypt/client/client_authenticator.py index 4a33f719b..d5c0aa5bc 100644 --- a/letsencrypt/client/client_authenticator.py +++ b/letsencrypt/client/client_authenticator.py @@ -28,7 +28,7 @@ class ClientAuthenticator(object): """ self.rec_token = recovery_token.RecoveryToken( - server, config.REV_TOKEN_DIRS) + server, config.rev_token_dirs) def get_chall_pref(self, unused_domain): # pylint: disable=no-self-use """Return list of challenge preferences.""" diff --git a/letsencrypt/client/constants.py b/letsencrypt/client/constants.py index bf6d6986b..d07737ac7 100644 --- a/letsencrypt/client/constants.py +++ b/letsencrypt/client/constants.py @@ -9,6 +9,7 @@ challanges.""" NONCE_SIZE = 16 """Size of nonce used in JWS objects (in bytes).""" + EXCLUSIVE_CHALLENGES = [frozenset(["dvsni", "simpleHttps"])] """Mutually exclusive challenges.""" @@ -20,6 +21,7 @@ CLIENT_CHALLENGES = frozenset( ["recoveryToken", "recoveryContact", "proofOfPossession"]) """Challenges that are handled by the Let's Encrypt client.""" + ENHANCEMENTS = ["redirect", "http-header", "ocsp-stapling", "spdy"] """List of possible :class:`letsencrypt.client.interfaces.IInstaller` enhancements. @@ -32,10 +34,16 @@ List of expected options parameters: """ + APACHE_MOD_SSL_CONF = pkg_resources.resource_filename( 'letsencrypt.client.apache', 'options-ssl.conf') """Path to the Apache mod_ssl config file found in the Let's Encrypt distribution.""" +APACHE_REWRITE_HTTPS_ARGS = [ + "^.*$", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,R=permanent]"] +"""Apache rewrite rule arguments used for redirections to https vhost""" + + DVSNI_DOMAIN_SUFFIX = ".acme.invalid" """Suffix appended to domains in DVSNI validation.""" diff --git a/letsencrypt/client/reverter.py b/letsencrypt/client/reverter.py index f60204a76..a67f8f987 100644 --- a/letsencrypt/client/reverter.py +++ b/letsencrypt/client/reverter.py @@ -23,9 +23,9 @@ class Reverter(object): """ if direc is None: - direc = {'backup': config.BACKUP_DIR, - 'temp': config.TEMP_CHECKPOINT_DIR, - 'progress': config.IN_PROGRESS_DIR} + direc = {'backup': config.backup_dir, + 'temp': config.temp_checkpoint_dir, + 'progress': config.in_progress_dir} self.direc = direc def revert_temporary_config(self): diff --git a/letsencrypt/client/revoker.py b/letsencrypt/client/revoker.py index 6093b2dd2..25c912975 100644 --- a/letsencrypt/client/revoker.py +++ b/letsencrypt/client/revoker.py @@ -54,7 +54,7 @@ class Revoker(object): def list_certs_keys(self): """List trusted Let's Encrypt certificates.""" - list_file = os.path.join(self.config.CERT_KEY_BACKUP, "LIST") + list_file = os.path.join(self.config.cert_key_backup, "LIST") certs = [] if not os.path.isfile(list_file): @@ -75,9 +75,9 @@ class Revoker(object): for row in csvreader: cert = crypto_util.get_cert_info(row[1]) - b_k = os.path.join(self.config.CERT_KEY_BACKUP, + b_k = os.path.join(self.config.cert_key_backup, os.path.basename(row[2]) + "_" + row[0]) - b_c = os.path.join(self.config.CERT_KEY_BACKUP, + b_c = os.path.join(self.config.cert_key_backup, os.path.basename(row[1]) + "_" + row[0]) cert.update({ @@ -124,8 +124,8 @@ class Revoker(object): :param dict cert: Cert dict used throughout revocation """ - list_file = os.path.join(self.config.CERT_KEY_BACKUP, "LIST") - list_file2 = os.path.join(self.config.CERT_KEY_BACKUP, "LIST.tmp") + list_file = os.path.join(self.config.cert_key_backup, "LIST") + list_file2 = os.path.join(self.config.cert_key_backup, "LIST.tmp") with open(list_file, 'rb') as orgfile: csvreader = csv.reader(orgfile) diff --git a/letsencrypt/client/tests/apache/util.py b/letsencrypt/client/tests/apache/util.py index e84d63b48..eff556f5d 100644 --- a/letsencrypt/client/tests/apache/util.py +++ b/letsencrypt/client/tests/apache/util.py @@ -65,9 +65,9 @@ def get_apache_configurator( # This just states that the ssl module is already loaded mock_popen().communicate.return_value = ("ssl_module", "") config = configurator.ApacheConfigurator( - mock.MagicMock(APACHE_SERVER_ROOT=config_path, - APACHE_MOD_SSL_CONF=ssl_options, - LE_VHOST_EXT="-le-ssl.conf"), + mock.MagicMock(apache_server_root=config_path, + apache_mod_ssl_conf=ssl_options, + le_vhost_ext="-le-ssl.conf"), { "backup": backups, "temp": os.path.join(work_dir, "temp_checkpoint"), diff --git a/letsencrypt/client/tests/reverter_test.py b/letsencrypt/client/tests/reverter_test.py index 0b281b4b8..1ab4bb70e 100644 --- a/letsencrypt/client/tests/reverter_test.py +++ b/letsencrypt/client/tests/reverter_test.py @@ -392,9 +392,9 @@ class QuickInitReverterTest(unittest.TestCase): from letsencrypt.client.reverter import Reverter config = mock.MagicMock() rev = Reverter(config) - self.assertEqual(rev.direc['backup'], config.BACKUP_DIR) - self.assertEqual(rev.direc['temp'], config.TEMP_CHECKPOINT_DIR) - self.assertEqual(rev.direc['progress'], config.IN_PROGRESS_DIR) + self.assertEqual(rev.direc['backup'], config.backup_dir) + self.assertEqual(rev.direc['temp'], config.temp_checkpoint_dir) + self.assertEqual(rev.direc['progress'], config.in_progress_dir) def setup_work_direc(): diff --git a/letsencrypt/scripts/main.py b/letsencrypt/scripts/main.py index 429f13fce..e3fe74035 100755 --- a/letsencrypt/scripts/main.py +++ b/letsencrypt/scripts/main.py @@ -13,57 +13,95 @@ import zope.component import zope.interface import letsencrypt -from letsencrypt.client import CONFIG + from letsencrypt.client import client from letsencrypt.client import display from letsencrypt.client import errors from letsencrypt.client import interfaces from letsencrypt.client import log - -def main(): # pylint: disable=too-many-statements,too-many-branches - """Command line argument parsing and main script execution.""" +def create_parser(): + """Create parser.""" parser = argparse.ArgumentParser( description="letsencrypt client %s" % letsencrypt.__version__) - parser.add_argument("-d", "--domains", dest="domains", metavar="DOMAIN", - nargs="+") - parser.add_argument("-s", "--server", dest="server", - default=CONFIG.ACME_SERVER, - help="The ACME CA server. [%(default)s]") - parser.add_argument("-p", "--privkey", dest="privkey", type=read_file, - help="Path to the private key file for certificate " - "generation.") - parser.add_argument("-b", "--rollback", dest="rollback", type=int, - default=0, metavar="N", - help="Revert configuration N number of checkpoints.") - parser.add_argument("-B", "--keysize", dest="key_size", type=int, - default=CONFIG.RSA_KEY_SIZE, metavar="N", - help="RSA key shall be sized N bits. [%(default)d]") - parser.add_argument("-k", "--revoke", dest="revoke", action="store_true", - help="Revoke a certificate.") - parser.add_argument("-v", "--view-config-changes", - dest="view_config_changes", - action="store_true", - help="View checkpoints and associated configuration " - "changes.") - parser.add_argument("-r", "--redirect", dest="redirect", - action="store_const", const=True, - help="Automatically redirect all HTTP traffic to HTTPS " - "for the newly authenticated vhost.") - parser.add_argument("-n", "--no-redirect", dest="redirect", - action="store_const", const=False, - help="Skip the HTTPS redirect question, allowing both " - "HTTP and HTTPS.") - parser.add_argument("-e", "--agree-tos", dest="eula", action="store_true", - help="Skip the end user license agreement screen.") - parser.add_argument("-t", "--text", dest="use_curses", action="store_false", - help="Use the text output instead of the curses UI.") - parser.add_argument("--test", dest="test", action="store_true", - help="Run in test mode.") + add = parser.add_argument + + add("-d", "--domains", metavar="DOMAIN", nargs="+") + add("-s", "--acme-server", "--server", default="letsencrypt-demo.org:443", + help="CA hostname (and optionally :port). The server certificate must " + "be trusted in order to avoid further modifications to the " + "client.") + + add("-p", "--privkey", type=read_file, + help="Path to the private key file for certificate generation.") + add("-B", "--rsa-key-size", "--keysize", type=int, default=2048, + metavar="N", help="RSA key shall be sized N bits.") + + add("-k", "--revoke", action="store_true", help="Revoke a certificate.") + add("-b", "--rollback", type=int, default=0, metavar="N", + help="Revert configuration N number of checkpoints.") + add("-v", "--view-config-changes", action="store_true", + help="View checkpoints and associated configuration changes.") + add("-r", "--redirect", action="store_true", + help="Automatically redirect all HTTP traffic to HTTPS for the newly " + "authenticated vhost.") + + add("-e", "--agree-tos", dest="eula", action="store_true", + help="Skip the end user license agreement screen.") + add("-t", "--text", dest="use_curses", action="store_false", + help="Use the text output instead of the curses UI.") + add("--test", action="store_true", help="Run in test mode.") + + # TODO: trailing slashes might be important! check and remove + add("--config-dir", default="/etc/letsencrypt/", + help="Configuration directory.") + add("--work-dir", default="/var/lib/letsencrypt/", + help="Working directory.") + add("--backup-dir", default="/var/lib/letsencrypt/backups/", + help="Configuration backups directory.") + add("--temp-checkpoint-dir", + default="/var/lib/letsencrypt/temp_checkpoint/", + help="Temporary checkpoint directory.") + add("--in-progress-dir", + default="/var/lib/letsencrypt/backups/IN_PROGRESS/", + help="Directory used before a permanent checkpoint is finalized") + add("--cert-key-backup", default="/var/lib/letsencrypt/keys-certs/", + help="Directory where all certificates and keys are stored. " + "Used for easy revocation.") + add("--rev-tokens-dir", default="/var/lib/letsencrypt/revocation_tokens/", + help="Directory where all revocation tokens are saved.") + add("--key-dir", default="/etc/letsencrypt/keys/", help="Keys storage.") + add("--cert-dir", default="/etc/letsencrypt/certs/", + help="Certificates storage.") + + add("--le-vhost-ext", default="-le-ssl.conf", + help="SSL vhost configuration extension.") + add("--cert-path", default="/etc/letsencrypt/certs/cert-letsencrypt.pem", + help="Let's Encrypt certificate file.") + add("--chain-path", default="/etc/letsencrypt/certs/chain-letsencrypt.pem", + help="Let's Encrypt chain file.") + + add("--apache-ctl", default="/usr/bin/apache2ctl", + help="Path to the 'apache2ctl' binary, used for 'configtest' and " + "retrieving Apache2 version number.") + add("--apache-enmod", default="a2enmod", + help="Path to the Apache 'a2enmod' binary.") + add("--apache-init-script", default="/etc/init.d/apache2", + help="Path to the Apache init script (used for server reload/restart).") + add("--apache-server-root", default="/etc/apache2", + help="Apache server root directory.") + add("--apache-mod-ssl-conf", default="/etc/letsencrypt/options-ssl.conf", + help="Contains standard Apache SSL directives.") + + return parser + +def main(): # pylint: disable=too-many-branches + """Command line argument parsing and main script execution.""" # note: arg parser internally handles --help (and exits afterwards) - args = parser.parse_args() + config = create_parser().parse_args() + zope.interface.directlyProvides(config, interfaces.IConfig) # note: check is done after arg parsing as --help should work w/o root also. if not os.geteuid() == 0: @@ -74,32 +112,32 @@ def main(): # pylint: disable=too-many-statements,too-many-branches # Set up logging logger = logging.getLogger() logger.setLevel(logging.INFO) - if args.use_curses: + if config.use_curses: logger.addHandler(log.DialogHandler()) displayer = display.NcursesDisplay() else: displayer = display.FileDisplay(sys.stdout) zope.component.provideUtility(displayer) - if args.view_config_changes: - client.view_config_changes(CONFIG) + if config.view_config_changes: + client.view_config_changes(config) sys.exit() - if args.revoke: - client.revoke(args.server, CONFIG) + if config.revoke: + client.revoke(config.acme_server, config) sys.exit() - if args.rollback > 0: - client.rollback(args.rollback, CONFIG) + if config.rollback > 0: + client.rollback(config.rollback, config) sys.exit() - if not args.eula: + if not config.eula: display_eula() # Make sure we actually get an installer that is functioning properly # before we begin to try to use it. try: - installer = client.determine_installer(CONFIG) + installer = client.determine_installer(config) except errors.LetsEncryptMisconfigurationError as err: logging.fatal("Please fix your configuration before proceeding. " "The Installer exited with the following message: " @@ -110,17 +148,18 @@ def main(): # pylint: disable=too-many-statements,too-many-branches if interfaces.IAuthenticator.providedBy(installer): # pylint: disable=no-member auth = installer else: - auth = client.determine_authenticator(CONFIG) + auth = client.determine_authenticator(config) - domains = choose_names(installer) if args.domains is None else args.domains + if config.domains is None: + domains = choose_names(installer) # Prepare for init of Client - if args.privkey is None: - privkey = client.init_key(args.key_size, CONFIG.KEY_DIR) + if config.privkey is None: + privkey = client.init_key(config.key_size, config.key_dir) else: - privkey = client.Client.Key(args.privkey[0], args.privkey[1]) + privkey = client.Client.Key(config.privkey[0], config.privkey[1]) - acme = client.Client(args.server, privkey, auth, installer, CONFIG) + acme = client.Client(config.acme_server, privkey, auth, installer, config) # Validate the key and csr client.validate_key_csr(privkey) @@ -134,7 +173,7 @@ def main(): # pylint: disable=too-many-statements,too-many-branches if installer is not None and cert_file is not None: acme.deploy_certificate(domains, privkey, cert_file, chain_file) if installer is not None: - acme.enhance_config(domains, args.redirect) + acme.enhance_config(domains, config.redirect) def display_eula():