def main(): # pylint: disable=too-many-branches, too-many-statements
"""Command line argument parsing and main script execution."""
# note: arg parser internally handles --help (and exits afterwards)
args = create_parser().parse_args()
config = configuration.NamespaceConfig(args)
# note: check is done after arg parsing as --help should work w/o root also.
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
# Set up logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
if args.use_curses:
logger.addHandler(log.DialogHandler())
displayer = display_util.NcursesDisplay()
else:
displayer = display_util.FileDisplay(sys.stdout)
zope.component.provideUtility(displayer)
if args.view_config_changes:
client.view_config_changes(config)
sys.exit()
if args.revoke or args.rev_cert is not None or args.rev_key is not None:
client.revoke(config, args.no_confirm, args.rev_cert, args.rev_key)
sys.exit()
if args.rollback > 0:
client.rollback(args.rollback, config)
sys.exit()
if not args.eula:
display_eula()
all_auths = init_auths(config)
logging.debug('Initialized authenticators: %s', all_auths.keys())
try:
auth = client.determine_authenticator(all_auths, config)
logging.debug("Selected authenticator: %s", auth)
except errors.LetsEncryptClientError as err:
logging.critical(str(err))
sys.exit(1)
if auth is None:
sys.exit(0)
# Use the same object if possible
if interfaces.IInstaller.providedBy(auth): # pylint: disable=no-member
installer = auth
else:
# This is simple and avoids confusion right now.
installer = None
if args.domains is None:
doms = display_ops.choose_names(installer)
else:
doms = args.domains
if not doms:
sys.exit(0)
# Prepare for init of Client
if args.authkey is None:
authkey = client.init_key(args.rsa_key_size, config.key_dir)
else:
authkey = le_util.Key(args.authkey[0], args.authkey[1])
acme = client.Client(config, authkey, auth, installer)
# Validate the key and csr
client.validate_key_csr(authkey)
# This more closely mimics the capabilities of the CLI
# It should be possible for reconfig only, install-only, no-install
# I am not sure the best way to handle all of the unimplemented abilities,
# but this code should be safe on all environments.
cert_file = None
if auth is not None:
cert_file, chain_file = acme.obtain_certificate(doms)
if installer is not None and cert_file is not None:
acme.deploy_certificate(doms, authkey, cert_file, chain_file)
if installer is not None:
acme.enhance_config(doms, args.redirect)
def main():
"""Command line argument parsing and main script execution."""
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
parser = argparse.ArgumentParser(
description="An ACME client that can update Apache configurations.")
parser.add_argument("-d",
"--domains",
dest="domains",
metavar="DOMAIN",
nargs="+")
parser.add_argument("-s",
"--server",
dest="server",
help="The ACME CA server address.")
parser.add_argument("-p",
"--privkey",
dest="privkey",
type=file,
help="Path to the private key file for certificate "
"generation.")
parser.add_argument("-c",
"--csr",
dest="csr",
type=file,
help="Path to the certificate signing request file "
"corresponding to the private key file. The "
"private key file argument is required if this "
"argument is specified.")
parser.add_argument("-b",
"--rollback",
dest="rollback",
type=int,
default=0,
help="Revert configuration <ROLLBACK> number of "
"checkpoints.")
parser.add_argument("-k",
"--revoke",
dest="revoke",
action="store_true",
help="Revoke a certificate.")
parser.add_argument("-v",
"--view-checkpoints",
dest="view_checkpoints",
action="store_true",
help="View checkpoints and associated configuration "
"changes.")
parser.add_argument(
"-r",
"--redirect",
dest="redirect",
action="store_const",
const=True,
help="Automatically redirect all HTTP traffic to HTTPS "
"for the newly authenticated vhost.")
parser.add_argument("-n",
"--no-redirect",
dest="redirect",
action="store_const",
const=False,
help="Skip the HTTPS redirect question, allowing both "
"HTTP and HTTPS.")
parser.add_argument("-e",
"--agree-eula",
dest="eula",
action="store_true",
help="Skip the end user license agreement screen.")
parser.add_argument("-t",
"--text",
dest="curses",
action="store_false",
help="Use the text output instead of the curses UI.")
parser.add_argument("--test",
dest="test",
action="store_true",
help="Run in test mode.")
args = parser.parse_args()
# Enforce --privkey is set along with --csr.
if args.csr and not args.privkey:
parser.print_usage()
parser.error(
"private key file (--privkey) must be specified along{}"
"with the certificate signing request file (--csr)".format(
os.linesep))
if args.curses:
display.set_display(display.NcursesDisplay())
else:
display.set_display(display.FileDisplay(sys.stdout))
if args.rollback > 0:
rollback(apache_configurator.ApacheConfigurator(), args.rollback)
sys.exit()
if args.view_checkpoints:
view_checkpoints(apache_configurator.ApacheConfigurator())
sys.exit()
server = args.server is None and CONFIG.ACME_SERVER or args.server
acme = client.Client(server, args.csr, args.privkey, args.curses)
if args.revoke:
acme.list_certs_keys()
else:
acme.authenticate(args.domains, args.redirect, args.eula)
def main(): # pylint: disable=too-many-branches
"""Command line argument parsing and main script execution."""
# note: arg parser internally handles --help (and exits afterwards)
args = create_parser().parse_args()
config = configuration.NamespaceConfig(args)
# note: check is done after arg parsing as --help should work w/o root also.
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
# Set up logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
if args.use_curses:
logger.addHandler(log.DialogHandler())
displayer = display.NcursesDisplay()
else:
displayer = display.FileDisplay(sys.stdout)
zope.component.provideUtility(displayer)
if args.view_config_changes:
client.view_config_changes(config)
sys.exit()
if args.revoke:
client.revoke(config)
sys.exit()
if args.rollback > 0:
client.rollback(args.rollback, config)
sys.exit()
if not args.eula:
display_eula()
# Make sure we actually get an installer that is functioning properly
# before we begin to try to use it.
try:
installer = client.determine_installer(config)
except errors.LetsEncryptMisconfigurationError as err:
logging.fatal(
"Please fix your configuration before proceeding. "
"The Installer exited with the following message: "
"%s", err)
sys.exit(1)
# Use the same object if possible
if interfaces.IAuthenticator.providedBy(installer): # pylint: disable=no-member
auth = installer
else:
auth = client.determine_authenticator(config)
doms = choose_names(installer) if args.domains is None else args.domains
# Prepare for init of Client
if args.privkey is None:
privkey = client.init_key(args.rsa_key_size, config.key_dir)
else:
privkey = le_util.Key(args.privkey[0], args.privkey[1])
acme = client.Client(config, privkey, auth, installer)
# Validate the key and csr
client.validate_key_csr(privkey)
# This more closely mimics the capabilities of the CLI
# It should be possible for reconfig only, install-only, no-install
# I am not sure the best way to handle all of the unimplemented abilities,
# but this code should be safe on all environments.
if auth is not None:
cert_file, chain_file = acme.obtain_certificate(doms)
if installer is not None and cert_file is not None:
acme.deploy_certificate(doms, privkey, cert_file, chain_file)
if installer is not None:
acme.enhance_config(doms, args.redirect)
def main(): # pylint: disable=too-many-branches, too-many-statements
"""Command line argument parsing and main script execution."""
# note: arg parser internally handles --help (and exits afterwards)
args = create_parser().parse_args()
config = configuration.NamespaceConfig(args)
# note: check is done after arg parsing as --help should work w/o root also.
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
# Set up logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
if args.use_curses:
logger.addHandler(log.DialogHandler())
displayer = display_util.NcursesDisplay()
else:
displayer = display_util.FileDisplay(sys.stdout)
zope.component.provideUtility(displayer)
if args.view_config_changes:
client.view_config_changes(config)
sys.exit()
if args.revoke or args.rev_cert is not None or args.rev_key is not None:
# This depends on the renewal config and cannot be completed yet.
zope.component.getUtility(interfaces.IDisplay).notification(
"Revocation is not available with the new Boulder server yet.")
# client.revoke(config, args.no_confirm, args.rev_cert, args.rev_key)
sys.exit()
if args.rollback > 0:
client.rollback(args.rollback, config)
sys.exit()
le_util.make_or_verify_dir(config.config_dir, constants.CONFIG_DIRS_MODE,
os.geteuid())
# Prepare for init of Client
if args.email is None:
acc = client.determine_account(config)
else:
try:
# The way to get the default would be args.email = ""
# First try existing account
acc = account.Account.from_existing_account(config, args.email)
except errors.LetsEncryptClientError:
try:
# Try to make an account based on the email address
acc = account.Account.from_email(config, args.email)
except errors.LetsEncryptClientError:
sys.exit(1)
if acc is None:
sys.exit(0)
all_auths = init_auths(config)
logging.debug('Initialized authenticators: %s', all_auths.keys())
try:
auth = client.determine_authenticator(all_auths, config)
logging.debug("Selected authenticator: %s", auth)
except errors.LetsEncryptClientError as err:
logging.critical(str(err))
sys.exit(1)
if auth is None:
sys.exit(0)
# Use the same object if possible
if interfaces.IInstaller.providedBy(auth): # pylint: disable=no-member
installer = auth
else:
# This is simple and avoids confusion right now.
installer = None
if args.domains is None:
doms = display_ops.choose_names(installer)
else:
doms = args.domains
if not doms:
sys.exit(0)
acme = client.Client(config, acc, auth, installer)
# Validate the key and csr
client.validate_key_csr(acc.key)
# This more closely mimics the capabilities of the CLI
# It should be possible for reconfig only, install-only, no-install
# I am not sure the best way to handle all of the unimplemented abilities,
# but this code should be safe on all environments.
cert_file = None
if auth is not None:
if acc.regr is None:
try:
acme.register()
except errors.LetsEncryptClientError:
sys.exit(0)
cert_key, cert_file, chain_file = acme.obtain_certificate(doms)
if installer is not None and cert_file is not None:
acme.deploy_certificate(doms, cert_key, cert_file, chain_file)
if installer is not None:
acme.enhance_config(doms, args.redirect)
def main():
# Check to make sure user is root
if not os.geteuid() == 0:
sys.exit("\nOnly root can run letsencrypt.\n")
# Parse options
try:
opts, args = getopt.getopt(sys.argv[1:], "", ["text", "test",
"view-checkpoints",
"privkey=", "csr=",
"server=", "rollback=",
"revoke", "agree-eula",
"redirect",
"no-redirect",
"max-security"])
except getopt.GetoptError as err:
# print help info and exit
print str(err)
usage()
sys.exit(2)
server = None
csr = None
privkey = None
curses = True
names = args
flag_revoke = False
redirect = None
eula = False
for o, a in opts:
if o == "--text":
curses = False
elif o == "--csr":
csr = a
elif o == "--privkey":
privkey = a
elif o == "--server":
server = a
elif o == "--rollback":
from letsencrypt.client import configurator, logger
logger.setLogger(logger.FileLogger(sys.stdout))
logger.setLogLevel(logger.INFO)
config = configurator.Configurator()
config.rollback_checkpoints(a)
config.restart()
sys.exit(0)
elif o == "--view-checkpoints":
from letsencrypt.client import configurator, logger
logger.setLogger(logger.FileLogger(sys.stdout))
logger.setLogLevel(logger.INFO)
config = configurator.Configurator()
config.display_checkpoints()
sys.exit(0)
elif o == "--revoke":
# Do Stuff
flag_revoke = True
elif o == "--redirect":
redirect = True
elif o == "--no-redirect":
redirect = False
elif o == "--agree-eula":
eula = True
elif o == "--test":
#put any temporary tests in here
continue
if curses:
display.setDisplay(display.NcursesDisplay())
else:
display.setDisplay(display.FileDisplay(sys.stdout))
if not server:
server = ACME_SERVER
c = client.Client(server, csr, privkey, curses)
if flag_revoke:
c.list_certs_keys()
else:
c.authenticate(args, redirect, eula)