certbot.main

Certbot main entry point.

certbot.main._suggest_donation_if_appropriate(config)[source]

Potentially suggest a donation to support Certbot.

certbot.main._get_and_save_cert(le_client, config, domains=None, certname=None, lineage=None)[source]

Authenticate and enroll certificate.

This method finds the relevant lineage, figures out what to do with it, then performs that action. Includes calls to hooks, various reports, checks, and requests for user input.

Returns:the issued certificate or None if doing a dry run
Return type:storage.RenewableCert or None
certbot.main._handle_subset_cert_request(config, domains, cert)[source]

Figure out what to do if a previous cert had a subset of the names now requested

Parameters:cert (storage.RenewableCert) –
Returns:Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname action can be: “newcert” | “renew” | “reinstall”
Return type:tuple
certbot.main._handle_identical_cert_request(config, lineage)[source]

Figure out what to do if a lineage has the same names as a previously obtained one

Parameters:lineage (storage.RenewableCert) –
Returns:Tuple of (str action, cert_or_None) as per _find_lineage_for_domains_and_certname action can be: “newcert” | “renew” | “reinstall”
Return type:tuple
certbot.main._find_lineage_for_domains(config, domains)[source]

Determine whether there are duplicated names and how to handle them (renew, reinstall, newcert, or raising an error to stop the client run if the user chooses to cancel the operation when prompted).

Returns:Two-element tuple containing desired new-certificate behavior as a string token (“reinstall”, “renew”, or “newcert”), plus either a RenewableCert instance or None if renewal shouldn’t occur.
Raises:Error – If the user would like to rerun the client again.
certbot.main._find_cert(config, domains, certname)[source]

Finds an existing certificate object given domains and/or a certificate name.

Returns:Two-element tuple of a boolean that indicates if this function should be followed by a call to fetch a certificate from the server, and either a RenewableCert instance or None.
certbot.main._find_lineage_for_domains_and_certname(config, domains, certname)[source]

Find appropriate lineage based on given domains and/or certname.

Returns:Two-element tuple containing desired new-certificate behavior as a string token (“reinstall”, “renew”, or “newcert”), plus either a RenewableCert instance or None if renewal shouldn’t occur.
Raises:Error – If the user would like to rerun the client again.
certbot.main._ask_user_to_confirm_new_names(config, new_domains, certname, old_domains)[source]

Ask user to confirm update cert certname to contain new_domains.

certbot.main._find_domains_or_certname(config, installer)[source]

Retrieve domains and certname from config or user input.

certbot.main._report_new_cert(config, cert_path, fullchain_path, key_path=None)[source]

Reports the creation of a new certificate to the user.

Parameters:
  • cert_path (str) – path to cert
  • fullchain_path (str) – path to full chain
  • key_path (str) – path to private key, if available
certbot.main._determine_account(config)[source]

Determine which account to use.

In order to make the renewer (configuration de/serialization) happy, if config.account is None, it will be updated based on the user input. Same for config.email.

Parameters:
  • config (certbot.interface.IConfig) – CLI arguments
  • config – Configuration object
  • account_storage (AccountStorage) – Account storage.
Returns:

Account and optionally ACME client API (biproduct of new registration).

Return type:

tuple of certbot.account.Account and acme.client.Client

certbot.main._delete_if_appropriate(config)[source]

Does the user want to delete their now-revoked certs? If run in non-interactive mode, deleting happens automatically, unless if both --cert-name and --cert-path were specified with conflicting values.

Parameters:config (configuration.NamespaceConfig) – parsed command line arguments
Raises:error.Errors – If anything goes wrong, including bad user input, if an overlapping archive dir is found for the specified lineage, etc ...
certbot.main.unregister(config, unused_plugins)[source]

Deactivate account on server

certbot.main.register(config, unused_plugins)[source]

Create or modify accounts on the server.

certbot.main.install(config, plugins)[source]

Install a previously obtained cert in a server.

certbot.main.plugins_cmd(config, plugins)[source]

List server software plugins.

certbot.main.rollback(config, plugins)[source]

Rollback server configuration changes made during install.

certbot.main.config_changes(config, unused_plugins)[source]

Show changes made to server config during installation

View checkpoints and associated configuration changes.

Update the certificate file family symlinks

Use the information in the config file to make symlinks point to the correct archive directory.

certbot.main.rename(config, unused_plugins)[source]

Rename a certificate

Use the information in the config file to rename an existing lineage.

certbot.main.delete(config, unused_plugins)[source]

Delete a certificate

Use the information in the config file to delete an existing lineage.

certbot.main.certificates(config, unused_plugins)[source]

Display information about certs configured with Certbot

certbot.main.revoke(config, unused_plugins)[source]

Revoke a previously obtained certificate.

certbot.main.run(config, plugins)[source]

Obtain a certificate and install.

certbot.main._csr_get_and_save_cert(config, le_client)[source]

Obtain a cert using a user-supplied CSR

This works differently in the CSR case (for now) because we don’t have the privkey, and therefore can’t construct the files for a lineage. So we just save the cert & chain to disk :/

certbot.main.renew_cert(config, plugins, lineage)[source]

Renew & save an existing cert. Do not install it.

certbot.main.certonly(config, plugins)[source]

Authenticate & obtain cert, but do not install it.

This implements the ‘certonly’ subcommand.

certbot.main.renew(config, unused_plugins)[source]

Renew previously-obtained certificates.

certbot.main.make_or_verify_needed_dirs(config)[source]

Create or verify existence of config, work, and hook directories.

certbot.main.set_displayer(config)[source]

Set the displayer

certbot.main.main(cli_args=['-b', 'html', '-d', '_build/doctrees', '.', '_build/html'])[source]

Command line argument parsing and main script execution.