certbot.util module

Utilities for all Certbot.

class certbot.util.Key(file, pem)

Bases: tuple

file

Alias for field number 0

pem

Alias for field number 1

class certbot.util.CSR(file, data, form)

Bases: tuple

data

Alias for field number 1

file

Alias for field number 0

form

Alias for field number 2

certbot.util.env_no_snap_for_external_calls() Dict[str, str][source]

When Certbot is run inside a Snap, certain environment variables are modified. But Certbot sometimes calls out to external programs, since it uses classic confinement. When we do that, we must modify the env to remove our modifications so it will use the system’s libraries, since they may be incompatible with the versions of libraries included in the Snap. For example, apachectl, Nginx, and anything run from inside a hook should call this function and pass the results into the env argument of subprocess.Popen.

Returns:

A modified copy of os.environ ready to pass to Popen

Return type:

dict

certbot.util.run_script(params: ~typing.List[str], log: ~typing.Callable[[str], None] = <bound method Logger.error of <Logger certbot.util (WARNING)>>) Tuple[str, str][source]

Run the script with the given params.

Parameters:

  • params (list) – List of parameters to pass to subprocess.run

  • log (callable) – Logger method to use for errors

certbot.util.exe_exists(exe: str) bool[source]

Determine whether path/name refers to an executable.

Parameters:

exe (str) – Executable path or name

Returns:

If exe is a valid executable

Return type:

bool

certbot.util.lock_dir_until_exit(dir_path: str) None[source]

Lock the directory at dir_path until program exit.

Parameters:

dir_path (str) – path to directory

Raises:

errors.LockError – if the lock is held by another process

certbot.util.set_up_core_dir(directory: str, mode: int, strict: bool) None[source]

Ensure directory exists with proper permissions and is locked.

Parameters:

  • directory (str) – Path to a directory.

  • mode (int) – Directory mode.

  • strict (bool) – require directory to be owned by current user

Raises:

  • .errors.LockError – if the directory cannot be locked

  • .errors.Error – if the directory cannot be made or verified

certbot.util.make_or_verify_dir(directory: str, mode: int = 493, strict: bool = False) None[source]

Make sure directory exists with proper permissions.

Parameters:

  • directory (str) – Path to a directory.

  • mode (int) – Directory mode.

  • strict (bool) – require directory to be owned by current user

Raises:

  • .errors.Error – if a directory already exists, but has wrong permissions or owner

  • OSError – if invalid or inaccessible file names and paths, or other arguments that have the correct type, but are not accepted by the operating system.

certbot.util.safe_open(path: str, mode: str = 'w', chmod: Optional[int] = None) IO[source]

Safely open a file.

Parameters:

  • path (str) – Path to a file.

  • mode (str) – Same os mode for open.

  • chmod (int) – Same as mode for filesystem.open, uses Python defaults if None.

certbot.util.unique_file(path: str, chmod: int = 511, mode: str = 'w') Tuple[IO, str][source]

Safely finds a unique file.

Parameters:

  • path (str) – path/filename.ext

  • chmod (int) – File mode

  • mode (str) – Open mode

Returns:

tuple of file object and file name

certbot.util.unique_lineage_name(path: str, filename: str, chmod: int = 420, mode: str = 'w') Tuple[IO, str][source]

Safely finds a unique file using lineage convention.

Parameters:

  • path (str) – directory path

  • filename (str) – proposed filename

  • chmod (int) – file mode

  • mode (str) – open mode

Returns:

tuple of file object and file name (which may be modified from the requested one by appending digits to ensure uniqueness)

Raises:

OSError – if writing files fails for an unanticipated reason, such as a full disk or a lack of permission to write to specified location.

certbot.util.safely_remove(path: str) None[source]

Remove a file that may not exist.

certbot.util.get_filtered_names(all_names: Set[str]) Set[str][source]

Removes names that aren’t considered valid by Let’s Encrypt.

Parameters:

all_names (set) – all names found in the configuration

Returns:

all found names that are considered valid by LE

Return type:

set

certbot.util.get_os_info() Tuple[str, str][source]

Get OS name and version

Returns:

(os_name, os_version)

Return type:

tuple of str

certbot.util.get_os_info_ua() str[source]

Get OS name and version string for User Agent

Returns:

os_ua

Return type:

str

certbot.util.get_systemd_os_like() List[str][source]

Get a list of strings that indicate the distribution likeness to other distributions.

Returns:

List of distribution acronyms

Return type:

list of str

certbot.util.get_var_from_file(varname: str, filepath: str = '/etc/os-release') str[source]

Get single value from a file formatted like systemd /etc/os-release

Parameters:

  • varname (str) – Name of variable to fetch

  • filepath (str) – File path of os-release file

Returns:

requested value

Return type:

str

certbot.util.get_python_os_info(pretty: bool = False) Tuple[str, str][source]

Get Operating System type/distribution and major version using python platform module

Parameters:

pretty (bool) – If the returned OS name should be in longer (pretty) form

Returns:

(os_name, os_version)

Return type:

tuple of str

certbot.util.safe_email(email: str) bool[source]

Scrub email address before using it.

class certbot.util.DeprecatedArgumentAction(option_strings, dest, nargs=None, const=None, default=None, type=None, choices=None, required=False, help=None, metavar=None)[source]

Bases: Action

Action to log a warning when an argument is used.

certbot.util.add_deprecated_argument(add_argument: Callable[[...], None], argument_name: str, nargs: Union[str, int]) None[source]

Adds a deprecated argument with the name argument_name.

Deprecated arguments are not shown in the help. If they are used on the command line, a warning is shown stating that the argument is deprecated and no other action is taken.

Parameters:

  • add_argument (callable) – Function that adds arguments to an argument parser/group.

  • argument_name (str) – Name of deprecated argument.

  • nargs – Value for nargs when adding the argument to argparse.

certbot.util.enforce_le_validity(domain: str) str[source]

Checks that Let’s Encrypt will consider domain to be valid.

Parameters:

domain (str) – FQDN to check

Returns:

The domain cast to str, with ASCII-only contents

Return type:

str

Raises:

ConfigurationError – for invalid domains and cases where Let’s Encrypt currently will not issue certificates

certbot.util.enforce_domain_sanity(domain: Union[str, bytes]) str[source]

Method which validates domain value and errors out if the requirements are not met.

Parameters:

domain (str or bytes) – Domain to check

Raises:

ConfigurationError – for invalid domains and cases where Let’s Encrypt currently will not issue certificates

Returns:

The domain cast to str, with ASCII-only contents

Return type:

str

certbot.util.is_ipaddress(address: str) bool[source]

Is given address string form of IP(v4 or v6) address?

Parameters:

address (str) – address to check

Returns:

True if address is valid IP address, otherwise return False.

Return type:

bool

certbot.util.is_wildcard_domain(domain: Union[str, bytes]) bool[source]

“Is domain a wildcard domain?

Parameters:

domain (bytes or str) – domain to check

Returns:

True if domain is a wildcard, otherwise, False

Return type:

bool

certbot.util.is_staging(srv: str) bool[source]

Determine whether a given ACME server is a known test / staging server.

Parameters:

srv (str) – the URI for the ACME server

Returns:

True iff srv is a known test / staging server

Rtype bool:

certbot.util.atexit_register(func: Callable, *args: Any, **kwargs: Any) None[source]

Sets func to be called before the program exits.

Special care is taken to ensure func is only called when the process that first imports this module exits rather than any child processes.

Parameters:

func (function) – function to be called in case of an error

certbot.util.parse_loose_version(version_string: str) List[Union[int, str]][source]

Parses a version string into its components.

This code and the returned tuple is based on the now deprecated distutils.version.LooseVersion class from the Python standard library. Two LooseVersion classes and two lists as returned by this function should compare in the same way. See https://github.com/python/cpython/blob/v3.10.0/Lib/distutils/version.py#L205-L347.

Parameters:

version_string (str) – version string

Returns:

list of parsed version string components

Return type:

list