a5d223d1e5
* Rewrite helpful_test to appease the linter * Use public interface to access argparse sources dict * HelpfulParser builds ArgumentSources dict, stores it in NamespaceConfig After arguments/config files/user prompted input have been parsed, we build a mapping of Namespace options to an ArgumentSource value. These generally come from argparse's builtin "source_to_settings" dict, but we also add a source value representing dynamic values set at runtime. This dict is then passed to NamespaceConfig, which can then be queried directly or via the "set_by_user" method, which replaces the global "set_by_cli" and "option_was_set" functions. * Use NamespaceConfig.set_by_user instead of set_by_cli/option_was_set This involves passing the NamespaceConfig around to more functions than before, removes the need for most of the global state shenanigans needed by set_by_cli and friends. * Set runtime config values on the NamespaceConfig object This'll correctly mark them as being "runtime" values in the ArgumentSources dict * Bump oldest configargparse version We need a version that has get_source_to_settings_dict() * Add more cli unit tests, use ArgumentSource.DEFAULT by default One of the tests revealed that ConfigArgParse's source dict excludes arguments it considers unimportant/irrelevant. We now mark all arguments as having a DEFAULT source by default, and update them otherwise. * Mark more argument sources as RUNTIME * Removes some redundant helpful_test.py, moves one to cli_test.py We were already testing most of these cases in cli_test.py, only with a more complete HelpfulArgumentParser setup. And since the hsts/no-hsts test was manually performing the kind of argument adding that cli already does out of the box, I figured the cli tests were a more natural place for it. * appease the linter * Various fixups from review * Add windows compatability fix * Add test ensuring relevant_values behaves properly * Build sources dict in a more predictable manner The dict is now built in a defined order: first defaults, then config files, then env vars, then command line args. This way we eliminate the possibility of undefined behavior if configargparse puts an arg's entry in multiple source dicts. * remove superfluous update to sources dict * remove duplicate constant defines, resolve circular import situation
Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.
Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free.
Getting Started
The best way to get started is to use our interactive guide. It generates instructions based on your configuration settings. In most cases, you’ll need root or administrator access to your web server to run Certbot.
Certbot is meant to be run directly on your web server on the command line, not on your personal computer. If you’re using a hosted service and don’t have direct access to your web server, you might not be able to use Certbot. Check with your hosting provider for documentation about uploading certificates or using certificates issued by Let’s Encrypt.
Contributing
If you'd like to contribute to this project please read Developer Guide.
This project is governed by EFF's Public Projects Code of Conduct.
Links
Documentation: https://certbot.eff.org/docs
Software project: https://github.com/certbot/certbot
Changelog: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md
For Contributors: https://certbot.eff.org/docs/contributing.html
For Users: https://certbot.eff.org/docs/using.html
Main Website: https://certbot.eff.org
Let's Encrypt Website: https://letsencrypt.org
Community: https://community.letsencrypt.org
ACME spec: RFC 8555
ACME working area in github (archived): https://github.com/ietf-wg-acme/acme
Current Features
- Supports multiple web servers:
- Apache 2.4+
- nginx/0.8.48+
- webroot (adds files to webroot directories in order to prove control of domains and obtain certificates)
- standalone (runs its own simple webserver to prove you control a domain)
- other server software via third party plugins
- The private key is generated locally on your system.
- Can talk to the Let's Encrypt CA or optionally to other ACME compliant services.
- Can get domain-validated (DV) certificates.
- Can revoke certificates.
- Supports ECDSA (default) and RSA certificate private keys.
- Can optionally install a http -> https redirect, so your site effectively runs https only.
- Fully automated.
- Configuration changes are logged and can be reverted.