Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

"""Certbot constants.""" 

import logging 

import os 

import pkg_resources 

 

from acme import challenges 

from certbot import compat 

 

SETUPTOOLS_PLUGINS_ENTRY_POINT = "certbot.plugins" 

"""Setuptools entry point group name for plugins.""" 

 

OLD_SETUPTOOLS_PLUGINS_ENTRY_POINT = "letsencrypt.plugins" 

"""Plugins Setuptools entry point before rename.""" 

 

CLI_DEFAULTS = dict( 

config_files=[ 

os.path.join(compat.get_default_folder('config'), 'cli.ini'), 

# http://freedesktop.org/wiki/Software/xdg-user-dirs/ 

os.path.join(os.environ.get("XDG_CONFIG_HOME", "~/.config"), 

"letsencrypt", "cli.ini"), 

], 

 

# Main parser 

verbose_count=-int(logging.INFO / 10), 

text_mode=False, 

max_log_backups=1000, 

noninteractive_mode=False, 

force_interactive=False, 

domains=[], 

certname=None, 

dry_run=False, 

register_unsafely_without_email=False, 

update_registration=False, 

email=None, 

eff_email=None, 

reinstall=False, 

expand=False, 

renew_by_default=False, 

renew_with_new_domains=False, 

autorenew=True, 

allow_subset_of_names=False, 

tos=False, 

account=None, 

duplicate=False, 

os_packages_only=False, 

no_self_upgrade=False, 

no_bootstrap=False, 

quiet=False, 

staging=False, 

debug=False, 

debug_challenges=False, 

no_verify_ssl=False, 

tls_sni_01_port=challenges.TLSSNI01Response.PORT, 

tls_sni_01_address="", 

http01_port=challenges.HTTP01Response.PORT, 

http01_address="", 

break_my_certs=False, 

rsa_key_size=2048, 

must_staple=False, 

redirect=None, 

auto_hsts=False, 

hsts=None, 

uir=None, 

staple=None, 

strict_permissions=False, 

pref_challs=[], 

validate_hooks=True, 

directory_hooks=True, 

reuse_key=False, 

disable_renew_updates=False, 

random_sleep_on_renew=True, 

eab_hmac_key=None, 

eab_kid=None, 

 

# Subparsers 

num=None, 

user_agent=None, 

user_agent_comment=None, 

csr=None, 

reason=0, 

delete_after_revoke=None, 

rollback_checkpoints=1, 

init=False, 

prepare=False, 

ifaces=None, 

 

# Path parsers 

auth_cert_path="./cert.pem", 

auth_chain_path="./chain.pem", 

key_path=None, 

config_dir=compat.get_default_folder('config'), 

work_dir=compat.get_default_folder('work'), 

logs_dir=compat.get_default_folder('logs'), 

server="https://acme-v02.api.letsencrypt.org/directory", 

 

# Plugins parsers 

configurator=None, 

authenticator=None, 

installer=None, 

apache=False, 

nginx=False, 

standalone=False, 

manual=False, 

webroot=False, 

dns_cloudflare=False, 

dns_cloudxns=False, 

dns_digitalocean=False, 

dns_dnsimple=False, 

dns_dnsmadeeasy=False, 

dns_gehirn=False, 

dns_google=False, 

dns_linode=False, 

dns_luadns=False, 

dns_nsone=False, 

dns_ovh=False, 

dns_rfc2136=False, 

dns_route53=False, 

dns_sakuracloud=False 

 

) 

STAGING_URI = "https://acme-staging-v02.api.letsencrypt.org/directory" 

 

# The set of reasons for revoking a certificate is defined in RFC 5280 in 

# section 5.3.1. The reasons that users are allowed to submit are restricted to 

# those accepted by the ACME server implementation. They are listed in 

# `letsencrypt.boulder.revocation.reasons.go`. 

REVOCATION_REASONS = { 

"unspecified": 0, 

"keycompromise": 1, 

"affiliationchanged": 3, 

"superseded": 4, 

"cessationofoperation": 5} 

 

"""Defaults for CLI flags and `.IConfig` attributes.""" 

 

QUIET_LOGGING_LEVEL = logging.WARNING 

"""Logging level to use in quiet mode.""" 

 

RENEWER_DEFAULTS = dict( 

renewer_enabled="yes", 

renew_before_expiry="30 days", 

# This value should ensure that there is never a deployment delay by 

# default. 

deploy_before_expiry="99 years", 

) 

"""Defaults for renewer script.""" 

 

 

ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling"] 

"""List of possible :class:`certbot.interfaces.IInstaller` 

enhancements. 

 

List of expected options parameters: 

- redirect: None 

- ensure-http-header: name of header (i.e. Strict-Transport-Security) 

- ocsp-stapling: certificate chain file path 

 

""" 

 

ARCHIVE_DIR = "archive" 

"""Archive directory, relative to `IConfig.config_dir`.""" 

 

CONFIG_DIRS_MODE = 0o755 

"""Directory mode for ``.IConfig.config_dir`` et al.""" 

 

ACCOUNTS_DIR = "accounts" 

"""Directory where all accounts are saved.""" 

 

LE_REUSE_SERVERS = { 

'acme-v02.api.letsencrypt.org/directory': 'acme-v01.api.letsencrypt.org/directory', 

'acme-staging-v02.api.letsencrypt.org/directory': 

'acme-staging.api.letsencrypt.org/directory' 

} 

"""Servers that can reuse accounts from other servers.""" 

 

BACKUP_DIR = "backups" 

"""Directory (relative to `IConfig.work_dir`) where backups are kept.""" 

 

CSR_DIR = "csr" 

"""See `.IConfig.csr_dir`.""" 

 

IN_PROGRESS_DIR = "IN_PROGRESS" 

"""Directory used before a permanent checkpoint is finalized (relative to 

`IConfig.work_dir`).""" 

 

KEY_DIR = "keys" 

"""Directory (relative to `IConfig.config_dir`) where keys are saved.""" 

 

LIVE_DIR = "live" 

"""Live directory, relative to `IConfig.config_dir`.""" 

 

TEMP_CHECKPOINT_DIR = "temp_checkpoint" 

"""Temporary checkpoint directory (relative to `IConfig.work_dir`).""" 

 

RENEWAL_CONFIGS_DIR = "renewal" 

"""Renewal configs directory, relative to `IConfig.config_dir`.""" 

 

RENEWAL_HOOKS_DIR = "renewal-hooks" 

"""Basename of directory containing hooks to run with the renew command.""" 

 

RENEWAL_PRE_HOOKS_DIR = "pre" 

"""Basename of directory containing pre-hooks to run with the renew command.""" 

 

RENEWAL_DEPLOY_HOOKS_DIR = "deploy" 

"""Basename of directory containing deploy-hooks to run with the renew command.""" 

 

RENEWAL_POST_HOOKS_DIR = "post" 

"""Basename of directory containing post-hooks to run with the renew command.""" 

 

FORCE_INTERACTIVE_FLAG = "--force-interactive" 

"""Flag to disable TTY checking in IDisplay.""" 

 

EFF_SUBSCRIBE_URI = "https://supporters.eff.org/subscribe/certbot" 

"""EFF URI used to submit the e-mail address of users who opt-in.""" 

 

SSL_DHPARAMS_DEST = "ssl-dhparams.pem" 

"""Name of the ssl_dhparams file as saved in `IConfig.config_dir`.""" 

 

SSL_DHPARAMS_SRC = pkg_resources.resource_filename( 

"certbot", "ssl-dhparams.pem") 

"""Path to the nginx ssl_dhparams file found in the Certbot distribution.""" 

 

UPDATED_SSL_DHPARAMS_DIGEST = ".updated-ssl-dhparams-pem-digest.txt" 

"""Name of the hash of the updated or informed ssl_dhparams as saved in `IConfig.config_dir`.""" 

 

ALL_SSL_DHPARAMS_HASHES = [ 

'9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b', 

] 

"""SHA256 hashes of the contents of all versions of SSL_DHPARAMS_SRC"""