certbot.main

Certbot main entry point.

certbot.main._suggest_donation_if_appropriate(config)[source]

Potentially suggest a donation to support Certbot.

Parameters:config (interfaces.IConfig) – Configuration object
Returns:None
Return type:None
certbot.main._report_successful_dry_run(config)[source]

Reports on successful dry run

Parameters:config (interfaces.IConfig) – Configuration object
Returns:None
Return type:None
certbot.main._get_and_save_cert(le_client, config, domains=None, certname=None, lineage=None)[source]

Authenticate and enroll certificate.

This method finds the relevant lineage, figures out what to do with it, then performs that action. Includes calls to hooks, various reports, checks, and requests for user input.

Parameters:
Returns:

the issued certificate or None if doing a dry run

Return type:

storage.RenewableCert or None

Raises:

errors.Error – if certificate could not be obtained

certbot.main._handle_subset_cert_request(config, domains, cert)[source]

Figure out what to do if a previous cert had a subset of the names now requested

Parameters:
Returns:

Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname action can be: “newcert” | “renew” | “reinstall”

Return type:

tuple of str

certbot.main._handle_identical_cert_request(config, lineage)[source]

Figure out what to do if a lineage has the same names as a previously obtained one

Parameters:
Returns:

Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname action can be: “newcert” | “renew” | “reinstall”

Return type:

tuple of str

certbot.main._find_lineage_for_domains(config, domains)[source]

Determine whether there are duplicated names and how to handle them (renew, reinstall, newcert, or raising an error to stop the client run if the user chooses to cancel the operation when prompted).

Parameters:
Returns:

Two-element tuple containing desired new-certificate behavior as a string token (“reinstall”, “renew”, or “newcert”), plus either a RenewableCert instance or None if renewal shouldn’t occur.

Return type:

tuple of str and storage.RenewableCert or None

Raises:

errors.Error – If the user would like to rerun the client again.

certbot.main._find_cert(config, domains, certname)[source]

Finds an existing certificate object given domains and/or a certificate name.

Parameters:
  • config (interfaces.IConfig) – Configuration object
  • domains (list of str) – List of domain names
  • certname (str) – Name of certificate
Returns:

Two-element tuple of a boolean that indicates if this function should be followed by a call to fetch a certificate from the server, and either a RenewableCert instance or None.

Return type:

tuple of bool and storage.RenewableCert or None

certbot.main._find_lineage_for_domains_and_certname(config, domains, certname)[source]

Find appropriate lineage based on given domains and/or certname.

Parameters:
  • config (interfaces.IConfig) – Configuration object
  • domains (list of str) – List of domain names
  • certname (str) – Name of certificate
Returns:

Two-element tuple containing desired new-certificate behavior as a string token (“reinstall”, “renew”, or “newcert”), plus either a RenewableCert instance or None if renewal should not occur.

Return type:

tuple of str and storage.RenewableCert or None

Raises:

errors.Error – If the user would like to rerun the client again.

certbot.main._get_added_removed(after, before)[source]

Get lists of items removed from before and a lists of items added to after

certbot.main._format_list(character, strings)[source]

Format list with given character

certbot.main._ask_user_to_confirm_new_names(config, new_domains, certname, old_domains)[source]

Ask user to confirm update cert certname to contain new_domains.

Parameters:
  • config (interfaces.IConfig) – Configuration object
  • new_domains (list of str) – List of new domain names
  • certname (str) – Name of certificate
  • old_domains (list of str) – List of old domain names
Returns:

None

Return type:

None

Raises:

errors.ConfigurationError – if cert name and domains mismatch

certbot.main._find_domains_or_certname(config, installer, question=None)[source]

Retrieve domains and certname from config or user input.

Parameters:
Returns:

Two-part tuple of domains and certname

Return type:

tuple of list of str and str

Raises:

errors.Error – Usage message, if parameters are not used correctly

certbot.main._report_new_cert(config, cert_path, fullchain_path, key_path=None)[source]

Reports the creation of a new certificate to the user.

Parameters:
  • cert_path (str) – path to certificate
  • fullchain_path (str) – path to full chain
  • key_path (str) – path to private key, if available
Returns:

None

Return type:

None

certbot.main._determine_account(config)[source]

Determine which account to use.

If config.account is None, it will be updated based on the user input. Same for config.email.

Parameters:config (interfaces.IConfig) – Configuration object
Returns:Account and optionally ACME client API (biproduct of new registration).
Return type:tuple of certbot.account.Account and acme.client.Client
Raises:errors.Error – If unable to register an account with ACME server
certbot.main._delete_if_appropriate(config)[source]

Does the user want to delete their now-revoked certs? If run in non-interactive mode, deleting happens automatically, unless if both --cert-name and --cert-path were specified with conflicting values.

Parameters:config (interfaces.IConfig) – parsed command line arguments
Returns:None
Return type:None
Raises:errors.Error – If anything goes wrong, including bad user input, if an overlapping archive dir is found for the specified lineage, etc ...
certbot.main._init_le_client(config, authenticator, installer)[source]

Initialize Let’s Encrypt Client

Parameters:
Returns:

client: Client object

Return type:

client.Client

certbot.main.unregister(config, unused_plugins)[source]

Deactivate account on server

Parameters:
Returns:

None

Return type:

None

certbot.main.register(config, unused_plugins)[source]

Create or modify accounts on the server.

Parameters:
Returns:

None or a string indicating and error

Return type:

None or str

certbot.main._install_cert(config, le_client, domains, lineage=None)[source]

Install a cert

Parameters:
Returns:

None

Return type:

None

certbot.main.install(config, plugins)[source]

Install a previously obtained cert in a server.

Parameters:
Returns:

None

Return type:

None

certbot.main._populate_from_certname(config)[source]

Helper function for install to populate missing config values from lineage defined by –cert-name.

certbot.main.plugins_cmd(config, plugins)[source]

List server software plugins.

Parameters:
Returns:

None

Return type:

None

certbot.main.enhance(config, plugins)[source]

Add security enhancements to existing configuration

Parameters:
Returns:

None

Return type:

None

certbot.main.rollback(config, plugins)[source]

Rollback server configuration changes made during install.

Parameters:
Returns:

None

Return type:

None

certbot.main.config_changes(config, unused_plugins)[source]

Show changes made to server config during installation

View checkpoints and associated configuration changes.

Parameters:
Returns:

None

Return type:

None

Update the certificate file family symlinks

Use the information in the config file to make symlinks point to the correct archive directory.

Parameters:
Returns:

None

Return type:

None

certbot.main.rename(config, unused_plugins)[source]

Rename a certificate

Use the information in the config file to rename an existing lineage.

Parameters:
Returns:

None

Return type:

None

certbot.main.delete(config, unused_plugins)[source]

Delete a certificate

Use the information in the config file to delete an existing lineage.

Parameters:
Returns:

None

Return type:

None

certbot.main.certificates(config, unused_plugins)[source]

Display information about certs configured with Certbot

Parameters:
Returns:

None

Return type:

None

certbot.main.revoke(config, unused_plugins)[source]

Revoke a previously obtained certificate.

Parameters:
Returns:

None or string indicating error in case of error

Return type:

None or str

certbot.main.run(config, plugins)[source]

Obtain a certificate and install.

Parameters:
Returns:

None

Return type:

None

certbot.main._csr_get_and_save_cert(config, le_client)[source]

Obtain a cert using a user-supplied CSR

This works differently in the CSR case (for now) because we don’t have the privkey, and therefore can’t construct the files for a lineage. So we just save the cert & chain to disk :/

Parameters:
Returns:

cert_path and fullchain_path as absolute paths to the actual files

Return type:

tuple of str

certbot.main.renew_cert(config, plugins, lineage)[source]

Renew & save an existing cert. Do not install it.

Parameters:
Returns:

None

Return type:

None

Raises:

errors.PluginSelectionError – MissingCommandlineFlag if supplied parameters do not pass

certbot.main.certonly(config, plugins)[source]

Authenticate & obtain cert, but do not install it.

This implements the ‘certonly’ subcommand.

Parameters:
Returns:

None

Return type:

None

Raises:

errors.Error – If specified plugin could not be used

certbot.main.renew(config, unused_plugins)[source]

Renew previously-obtained certificates.

Parameters:
Returns:

None

Return type:

None

certbot.main.make_or_verify_needed_dirs(config)[source]

Create or verify existence of config, work, and hook directories.

Parameters:config (interfaces.IConfig) – Configuration object
Returns:None
Return type:None
certbot.main.set_displayer(config)[source]

Set the displayer

Parameters:config (interfaces.IConfig) – Configuration object
Returns:None
Return type:None
certbot.main.main(cli_args=['-T', '-E', '-b', 'readthedocs', '-d', '_build/doctrees-readthedocs', '-D', 'language=en', '.', '_build/html'])[source]

Command line argument parsing and main script execution.

Returns:

result of requested command

Raises: