* Add command to update config files without issuing/renewing cert
* toss up a vague untested skeleton
* remove duplicated code
* set certname in config
* consistent name, no zope
* import copy
* reconsitute is in renewal
* import renewal
* import cli
* fix lint errors
* call choose_configurator_plugins for its side effect of writing to config
* Set certonly in choose config plugins as we do for renew
* rewrite by piggybacking on existing side effects of a dry run instead
* do not allow domains to be set while reconfiguring
* remove unused cert_manager.reconfigure
* remove unused imports
* Add comments and messages
* add cli information
* start adding tests
* remove test code
* get certname before setting up plugins
* get plugin from lineage if not set on cli
* import copy
* always reconstitute
* only load cert once
* add error message
* improve comment
* mock everything out for tests
* test functionality is working!
* add tests for adding and modifying hooks
* test that we don't modify the config if the dry run fails
* improve documentation
* add webroot to reconfigure common options
* lint and clean up intermediate artifacts
* mock validate_hooks for windows
* print success message with updated parameters
* Improve success message
* add message for no changes have been made
* improve changed message to show before as well
* syntax
* Add changes will apply at the next renewal message
* lint
* lint really likes dict.items() for some reason
* run the deploy hook
* turn off dry run to test deploy hook
* patch list_hooks call for tests
* factor out reporting results code
* Remove reporting of which values were changed
* add flag to run deploy hook despite doing a dry run, and recommend setting that to yes when running reconfigure and modifying the deploy hook
* missing () around multi-line string
* test if the two dicts are equal instead of finding the actual changes, thus avoiding having to deal with webroot_map being a list
* refer to --deploy-hook instead of deploy hook
* use renewal configuration instead of configuration information
* mention that the deploy hook will use the active cert not the test one
* disable lint and remove new from language asking about running a deploy hook
* pluralize run deploy hook(s)
* Add test for reporting results when there is a webroot map
* update changelog
* Update error message about modifying domains on the certificate
* update changelog
* Add basic integration tests
* Just set -a rather than redoing the whole testing infrastructure
* used webroot in integration test since it's already installed
* file contents are accessed twice now
---------
Co-authored-by: Alex Zorin <alex@zorin.au>
In #9127, where @osirisinferi added the `show_account` verb, I made a call not to include the thumbprint in the output of `certbot show_account`.
In hindsight, and after a community member asked for this feature, I think it's better to include it.
It is useful on occasion and `show_account` is fairly specialized anyway. It's only really good for getting your account URL for rate limit increases, checking your contacts, and (now) and doing *magic* with the thumbprint for stateless/distributed HTTP-01 responders.
Without this feature, a clever user might figure out their thumbprint by doing a `certonly --manual --preferred-challenges http` request, but most users would probably be lost.
* show_account: display account thumbprint
* use local key for display
* certbot-ci: boulder will now only supports port 80 for http-01
* forgot to actually use the http_01_port argument
* print the port the proxy listens on
* try allow binding to privileged ports
* Replace probot/stale app with a Github Action
This creates a Github Actions workflow which seems to be the supported
way of automarking issues as stale. Adds a dry-run flag to test it out.
* small fixups
* cron typo
* disable unnecessary permissions
* use friendlier name
* fix cover tox envs
* make test work on all Pythons
* Remove unused import
Co-authored-by: alexzorin <alex@zorin.id.au>
Co-authored-by: alexzorin <alex@zorin.id.au>
* acme.messages.Error: add mutability
As of Python 3.11, an exception caught within a `with` statement will
update the __traceback__ attribute. Because acme.messages.Error was
immutable, this was causing a knock-on exception, causing certbot to
exit abnormally. This commit hacks in mutability for acme.messages.Error
Fixes#9539
* Add CHANGELOG entry
Based on my design [here](https://docs.google.com/document/d/1jGh_bZPnrhi96KzuIcyCJfnudl4m3pRPGkiK4fTo8e4/edit?usp=sharing).
Fixes https://github.com/certbot/certbot/issues/4634 and https://github.com/certbot/certbot/issues/4635.
- [x] Deprecate `NamespaceConfig.csr_dir`,`NamespaceConfig.key_dir`, ~~`constants.CSR_DIR` and `constants.KEY_DIR`~~. (`constants` is `_internal` so we can just delete it eventually).
- [x] Update `certbot.crypto_util.generate_csr` and `.generate_key` to make `csr_dir` and `key_dir` optional, respectively.
- [x] Change `certbot._internal.client.Client.obtain_certificate` to no longer include `csr_dir` and `key_dir` to the `.generate_csr` and `.generate_key` calls, respectively.
- Automatically delete unwanted lineage items:
- [x] In `certbot._internal.storage.RenewableCert`, add a function to truncate the lineage history according to the criteria (keep the current and the 5 prior certificates).
- [x] Add a test suite for `truncate`
- [x] In `certbot._internal.renewal.renew_cert`, call the lineage truncation function after the symlinks have been updated for the renewal.
* Stop writing new files to /csr and /keys
* storage: add lineage truncation
* remove unused code
* deprecate keys_dir and csr_dir
* update CHANGELOG
* just keep 5 prior certificates, dont be clever with expiry
* docs: remove reference to /archive and /keys
* filter {csr,key}_dir deprecations directly in tests
