注: 该脚本为开源组织提供

里面的所有东西都不要改,  复制下来,放到文本里,  放到linux下, 执行就好了.

网络上很多各种各样的教程形式, 我也在网络上查询了很长时间, 发现公司线上服务器上有个脚本,,不知道是不是公司人写的, 拿第一句话,到百度上一搜索, 发现第一个链接点击去, 就是脚本开源组织提供的地址.

步骤:

1. 桌面创建文本: certbot-auto  //注意去掉txt后缀

2. 复制以下内容到文本里

#!/bin/sh
#
# Download and run the latest release version of the Certbot client.
#
# NOTE: THIS SCRIPT IS AUTO-GENERATED AND SELF-UPDATING
#
# IF YOU WANT TO EDIT IT LOCALLY, *ALWAYS* RUN YOUR COPY WITH THE
# "--no-self-upgrade" FLAG
#
# IF YOU WANT TO SEND PULL REQUESTS, THE REAL SOURCE FOR THIS FILE IS
# letsencrypt-auto-source/letsencrypt-auto.template AND
# letsencrypt-auto-source/pieces/bootstrappers/*set -e  # Work even if somebody does "sh thisscript.sh".# Note: you can set XDG_DATA_HOME or VENV_PATH before running this script,
# if you want to change where the virtual environment will be installed# HOME might not be defined when being run through something like systemd
if [ -z "$HOME" ]; thenHOME=~root
fi
if [ -z "$XDG_DATA_HOME" ]; thenXDG_DATA_HOME=~/.local/share
fi
if [ -z "$VENV_PATH" ]; then# We export these values so they are preserved properly if this script is# rerun with sudo/su where $HOME/$XDG_DATA_HOME may have a different value.export OLD_VENV_PATH="$XDG_DATA_HOME/letsencrypt"export VENV_PATH="/opt/eff.org/certbot/venv"
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="0.37.2"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.Help for certbot itself cannot be provided until it is installed.--debug                                   attempt experimental installation-h, --help                                print this help-n, --non-interactive, --noninteractive   run without asking for user input--no-bootstrap                            do not install OS dependencies--no-permissions-check                    do not warn about file system permissions--no-self-upgrade                         do not download updates--os-packages-only                        install OS dependencies and exit--install-only                            install certbot, upgrade if needed, and exit-v, --verbose                             provide more output-q, --quiet                               provide only update/error output;implies --non-interactiveAll arguments are accepted and forwarded to the Certbot client when run."
export CERTBOT_AUTO="$0"for arg in "$@" ; docase "$arg" in--debug)DEBUG=1;;--os-packages-only)OS_PACKAGES_ONLY=1;;--install-only)INSTALL_ONLY=1;;--no-self-upgrade)# Do not upgrade this script (also prevents client upgrades, because each# copy of the script pins a hash of the python client)NO_SELF_UPGRADE=1;;--no-permissions-check)NO_PERMISSIONS_CHECK=1;;--no-bootstrap)NO_BOOTSTRAP=1;;--help)HELP=1;;--noninteractive|--non-interactive)NONINTERACTIVE=1;;--quiet)QUIET=1;;renew)ASSUME_YES=1;;--verbose)VERBOSE=1;;-[!-]*)OPTIND=1while getopts ":hnvq" short_arg $arg; docase "$short_arg" inh)HELP=1;;n)NONINTERACTIVE=1;;q)QUIET=1;;v)VERBOSE=1;;esacdone;;esac
doneif [ $BASENAME = "letsencrypt-auto" ]; then# letsencrypt-auto does not respect --help or --yes for backwards compatibilityNONINTERACTIVE=1HELP=0
fi# Set ASSUME_YES to 1 if QUIET or NONINTERACTIVE
if [ "$QUIET" = 1 -o "$NONINTERACTIVE" = 1 ]; thenASSUME_YES=1
fisay() {if [  "$QUIET" != 1 ]; thenecho "$@"fi
}error() {echo "$@"
}# Support for busybox and others where there is no "command",
# but "which" instead
if command -v command > /dev/null 2>&1 ; thenexport EXISTS="command -v"
elif which which > /dev/null 2>&1 ; thenexport EXISTS="which"
elseerror "Cannot find command nor which... please install one!"exit 1
fi# Certbot itself needs root access for almost all modes of operation.
# certbot-auto needs root access to bootstrap OS dependencies and install
# Certbot at a protected path so it can be safely run as root. To accomplish
# this, this script will attempt to run itself as root if it doesn't have the
# necessary privileges by using `sudo` or falling back to `su` if it is not
# available. The mechanism used to obtain root access can be set explicitly by
# setting the environment variable LE_AUTO_SUDO to 'sudo', 'su', 'su_sudo',
# 'SuSudo', or '' as used below.# Because the parameters in `su -c` has to be a string,
# we need to properly escape it.
SuSudo() {args=""# This `while` loop iterates over all parameters given to this function.# For each parameter, all `'` will be replace by `'"'"'`, and the escaped string# will be wrapped in a pair of `'`, then appended to `$args` string# For example, `echo "It's only 1\$\!"` will be escaped to:#   'echo' 'It'"'"'s only 1$!'#     │       │└┼┘│#     │       │ │ └── `'s only 1$!'` the literal string#     │       │ └── `\"'\"` is a single quote (as a string)#     │       └── `'It'`, to be concatenated with the strings following it#     └── `echo` wrapped in a pair of `'`, it's totally fine for the shell command itselfwhile [ $# -ne 0 ]; doargs="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' "shiftdonesu root -c "$args"
}# Sets the environment variable SUDO to be the name of the program or function
# to call to get root access. If this script already has root privleges, SUDO
# is set to an empty string. The value in SUDO should be run with the command
# to called with root privileges as arguments.
SetRootAuthMechanism() {SUDO=""if [ -n "${LE_AUTO_SUDO+x}" ]; thencase "$LE_AUTO_SUDO" inSuSudo|su_sudo|su)SUDO=SuSudo;;sudo)SUDO="sudo -E";;'')# If we're not running with root, don't check that this script can only# be modified by system users and groups.NO_PERMISSIONS_CHECK=1;;*)error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."exit 1esacsay "Using preset root authorization mechanism '$LE_AUTO_SUDO'."elseif test "`id -u`" -ne "0" ; thenif $EXISTS sudo 1>/dev/null 2>&1; thenSUDO="sudo -E"elsesay \"sudo\" is not available, will use \"su\" for installation steps...SUDO=SuSudofififi
}if [ "$1" = "--cb-auto-has-root" ]; thenshift 1
elseSetRootAuthMechanismif [ -n "$SUDO" ]; thensay "Requesting to rerun $0 with root privileges..."$SUDO "$0" --cb-auto-has-root "$@"exit 0fi
fi# Runs this script again with the given arguments. --cb-auto-has-root is added
# to the command line arguments to ensure we don't try to acquire root a
# second time. After the script is rerun, we exit the current script.
RerunWithArgs() {"$0" --cb-auto-has-root "$@"exit 0
}BootstrapMessage() {# Arguments: Platform namesay "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
}ExperimentalBootstrap() {# Arguments: Platform name, bootstrap function nameif [ "$DEBUG" = 1 ]; thenif [ "$2" != "" ]; thenBootstrapMessage $1$2fielseerror "FATAL: $1 support is very experimental at present..."error "if you would like to work on improving it, please ensure you have backups"error "and then run this script again with the --debug flag!"error "Alternatively, you can install OS dependencies yourself and run this script"error "again with --no-bootstrap."exit 1fi
}DeprecationBootstrap() {# Arguments: Platform name, bootstrap function nameif [ "$DEBUG" = 1 ]; thenif [ "$2" != "" ]; thenBootstrapMessage $1$2fielseerror "WARNING: certbot-auto support for this $1 is DEPRECATED!"error "Please visit certbot.eff.org to learn how to download a version of"error "Certbot that is packaged for your system. While an existing version"error "of certbot-auto may work currently, we have stopped supporting updating"error "system packages for your system. Please switch to a packaged version"error "as soon as possible."exit 1fi
}MIN_PYTHON_VERSION="2.7"
MIN_PYVER=$(echo "$MIN_PYTHON_VERSION" | sed 's/\.//')
# Sets LE_PYTHON to Python version string and PYVER to the first two
# digits of the python version
DeterminePythonVersion() {# Arguments: "NOCRASH" if we shouldn't crash if we don't find a good python## If no Python is found, PYVER is set to 0.if [ "$USE_PYTHON_3" = 1 ]; thenfor LE_PYTHON in "$LE_PYTHON" python3; do# Break (while keeping the LE_PYTHON value) if found.$EXISTS "$LE_PYTHON" > /dev/null && breakdoneelsefor LE_PYTHON in "$LE_PYTHON" python2.7 python27 python2 python; do# Break (while keeping the LE_PYTHON value) if found.$EXISTS "$LE_PYTHON" > /dev/null && breakdonefiif [ "$?" != "0" ]; thenif [ "$1" != "NOCRASH" ]; thenerror "Cannot find any Pythons; please install one!"exit 1elsePYVER=0return 0fifiPYVER=`"$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'`if [ "$PYVER" -lt "$MIN_PYVER" ]; thenif [ "$1" != "NOCRASH" ]; thenerror "You have an ancient version of Python entombed in your operating system..."error "This isn't going to work; you'll need at least version $MIN_PYTHON_VERSION."exit 1fifi
}# If new packages are installed by BootstrapDebCommon below, this version
# number must be increased.
BOOTSTRAP_DEB_COMMON_VERSION=1BootstrapDebCommon() {# Current version tested with:## - Ubuntu#     - 14.04 (x64)#     - 15.04 (x64)# - Debian#     - 7.9 "wheezy" (x64)#     - sid (2015-10-21) (x64)# Past versions tested with:## - Debian 8.0 "jessie" (x64)# - Raspbian 7.8 (armhf)# Believed not to work:## - Debian 6.0.10 "squeeze" (x64)if [ "$QUIET" = 1 ]; thenQUIET_FLAG='-qq'fiapt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...# virtualenv binary can be found in different packages depending on# distro version (#346)virtualenv=# virtual env is known to apt and is installableif apt-cache show virtualenv > /dev/null 2>&1 ; thenif ! LC_ALL=C apt-cache --quiet=0 show virtualenv 2>&1 | grep -q 'No packages found'; thenvirtualenv="virtualenv"fifiif apt-cache show python-virtualenv > /dev/null 2>&1; thenvirtualenv="$virtualenv python-virtualenv"fiaugeas_pkg="libaugeas0 augeas-lenses"if [ "$ASSUME_YES" = 1 ]; thenYES_FLAG="-y"fiapt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \python \python-dev \$virtualenv \gcc \$augeas_pkg \libssl-dev \openssl \libffi-dev \ca-certificates \if ! $EXISTS virtualenv > /dev/null ; thenerror Failed to install a working \"virtualenv\" command, exitingexit 1fi
}# If new packages are installed by BootstrapRpmCommonBase below, version
# numbers in rpm_common.sh and rpm_python3.sh must be increased.# Sets TOOL to the name of the package manager
# Sets appropriate values for YES_FLAG and QUIET_FLAG based on $ASSUME_YES and $QUIET_FLAG.
# Enables EPEL if applicable and possible.
InitializeRPMCommonBase() {if type dnf 2>/dev/nullthenTOOL=dnfelif type yum 2>/dev/nullthenTOOL=yumelseerror "Neither yum nor dnf found. Aborting bootstrap!"exit 1fiif [ "$ASSUME_YES" = 1 ]; thenYES_FLAG="-y"fiif [ "$QUIET" = 1 ]; thenQUIET_FLAG='--quiet'fiif ! $TOOL list *virtualenv >/dev/null 2>&1; thenecho "To use Certbot, packages from the EPEL repository need to be installed."if ! $TOOL list epel-release >/dev/null 2>&1; thenerror "Enable the EPEL repository and try running Certbot again."exit 1fiif [ "$ASSUME_YES" = 1 ]; then/bin/echo -n "Enabling the EPEL repository in 3 seconds..."sleep 1s/bin/echo -ne "\e[0K\rEnabling the EPEL repository in 2 seconds..."sleep 1s/bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 second..."sleep 1sfiif ! $TOOL install $YES_FLAG $QUIET_FLAG epel-release; thenerror "Could not enable EPEL. Aborting bootstrap!"exit 1fifi
}BootstrapRpmCommonBase() {# Arguments: whitespace-delimited python packages to installInitializeRPMCommonBase # This call is superfluous in practicepkgs="gccaugeas-libsopensslopenssl-devellibffi-develredhat-rpm-configca-certificates"# Add the python packagespkgs="$pkgs$1"if $TOOL list installed "httpd" >/dev/null 2>&1; thenpkgs="$pkgsmod_ssl"fiif ! $TOOL install $YES_FLAG $QUIET_FLAG $pkgs; thenerror "Could not install OS dependencies. Aborting bootstrap!"exit 1fi
}# If new packages are installed by BootstrapRpmCommon below, this version
# number must be increased.
BOOTSTRAP_RPM_COMMON_VERSION=1BootstrapRpmCommon() {# Tested with:#   - Fedora 20, 21, 22, 23 (x64)#   - Centos 7 (x64: on DigitalOcean droplet)#   - CentOS 7 Minimal install in a Hyper-V VM#   - CentOS 6InitializeRPMCommonBase# Most RPM distros use the "python" or "python-" naming convention.  Let's try that first.if $TOOL list python >/dev/null 2>&1; thenpython_pkgs="$pythonpython-develpython-virtualenvpython-toolspython-pip"# Fedora 26 starts to use the prefix python2 for python2 based packages.# this elseif is theoretically for any Fedora over version 26:elif $TOOL list python2 >/dev/null 2>&1; thenpython_pkgs="$python2python2-libspython2-setuptoolspython2-develpython2-virtualenvpython2-toolspython2-pip"# Some distros and older versions of current distros use a "python27"# instead of the "python" or "python-" naming convention.elsepython_pkgs="$python27python27-develpython27-virtualenvpython27-toolspython27-pip"fiBootstrapRpmCommonBase "$python_pkgs"
}# If new packages are installed by BootstrapRpmPython3 below, this version
# number must be increased.
BOOTSTRAP_RPM_PYTHON3_VERSION=1BootstrapRpmPython3() {# Tested with:#   - CentOS 6#   - Fedora 29InitializeRPMCommonBase# Fedora 29 must use python3-virtualenvif $TOOL list python3-virtualenv >/dev/null 2>&1; thenpython_pkgs="python3python3-virtualenvpython3-devel"# EPEL uses python34elif $TOOL list python34 >/dev/null 2>&1; thenpython_pkgs="python34python34-develpython34-tools"elseerror "No supported Python package available to install. Aborting bootstrap!"exit 1fiBootstrapRpmCommonBase "$python_pkgs"
}# If new packages are installed by BootstrapSuseCommon below, this version
# number must be increased.
BOOTSTRAP_SUSE_COMMON_VERSION=1BootstrapSuseCommon() {# SLE12 don't have python-virtualenvif [ "$ASSUME_YES" = 1 ]; thenzypper_flags="-nq"install_flags="-l"fiif [ "$QUIET" = 1 ]; thenQUIET_FLAG='-qq'fiif zypper search -x python-virtualenv >/dev/null 2>&1; thenOPENSUSE_VIRTUALENV_PACKAGES="python-virtualenv"else# Since Leap 15.0 (and associated Tumbleweed version), python-virtualenv# is a source package, and python2-virtualenv must be used instead.# Also currently python2-setuptools is not a dependency of python2-virtualenv,# while it should be. Installing it explicitly until upstream fix.OPENSUSE_VIRTUALENV_PACKAGES="python2-virtualenv python2-setuptools"fizypper $QUIET_FLAG $zypper_flags in $install_flags \python \python-devel \$OPENSUSE_VIRTUALENV_PACKAGES \gcc \augeas-lenses \libopenssl-devel \libffi-devel \ca-certificates
}# If new packages are installed by BootstrapArchCommon below, this version
# number must be increased.
BOOTSTRAP_ARCH_COMMON_VERSION=1BootstrapArchCommon() {# Tested with:#   - ArchLinux (x86_64)## "python-virtualenv" is Python3, but "python2-virtualenv" provides# only "virtualenv2" binary, not "virtualenv".deps="python2python-virtualenvgccaugeasopenssllibffica-certificatespkg-config"# pacman -T exits with 127 if there are missing dependenciesmissing=$(pacman -T $deps) || trueif [ "$ASSUME_YES" = 1 ]; thennoconfirm="--noconfirm"fiif [ "$missing" ]; thenif [ "$QUIET" = 1 ]; thenpacman -S --needed $missing $noconfirm > /dev/nullelsepacman -S --needed $missing $noconfirmfifi
}# If new packages are installed by BootstrapGentooCommon below, this version
# number must be increased.
BOOTSTRAP_GENTOO_COMMON_VERSION=1BootstrapGentooCommon() {PACKAGES="dev-lang/python:2.7dev-python/virtualenvapp-admin/augeasdev-libs/openssldev-libs/libffiapp-misc/ca-certificatesvirtual/pkgconfig"ASK_OPTION="--ask"if [ "$ASSUME_YES" = 1 ]; thenASK_OPTION=""ficase "$PACKAGE_MANAGER" in(paludis)cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x;;(pkgcore)pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES;;(portage|*)emerge --noreplace --oneshot $ASK_OPTION $PACKAGES;;esac
}# If new packages are installed by BootstrapFreeBsd below, this version number
# must be increased.
BOOTSTRAP_FREEBSD_VERSION=1BootstrapFreeBsd() {if [ "$QUIET" = 1 ]; thenQUIET_FLAG="--quiet"fipkg install -Ay $QUIET_FLAG \python \py27-virtualenv \augeas \libffi
}# If new packages are installed by BootstrapMac below, this version number must
# be increased.
BOOTSTRAP_MAC_VERSION=1BootstrapMac() {if hash brew 2>/dev/null; thensay "Using Homebrew to install dependencies..."pkgman=brewpkgcmd="brew install"elif hash port 2>/dev/null; thensay "Using MacPorts to install dependencies..."pkgman=portpkgcmd="port install"elsesay "No Homebrew/MacPorts; installing Homebrew..."ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"pkgman=brewpkgcmd="brew install"fi$pkgcmd augeasif [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" \-o "$(which python)" = "/usr/bin/python" ]; then# We want to avoid using the system Python because it requires root to use pip.# python.org, MacPorts or HomeBrew Python installations should all be OK.say "Installing python..."$pkgcmd pythonfi# Workaround for _dlopen not finding augeas on macOSif [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; thensay "Applying augeas workaround"mkdir -p /usr/local/lib/ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/fiif ! hash pip 2>/dev/null; thensay "pip not installed"say "Installing pip..."curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | pythonfiif ! hash virtualenv 2>/dev/null; thensay "virtualenv not installed."say "Installing with pip..."pip install virtualenvfi
}# If new packages are installed by BootstrapSmartOS below, this version number
# must be increased.
BOOTSTRAP_SMARTOS_VERSION=1BootstrapSmartOS() {pkgin updatepkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
}# If new packages are installed by BootstrapMageiaCommon below, this version
# number must be increased.
BOOTSTRAP_MAGEIA_COMMON_VERSION=1BootstrapMageiaCommon() {if [ "$QUIET" = 1 ]; thenQUIET_FLAG='--quiet'fiif ! urpmi --force $QUIET_FLAG \python \libpython-devel \python-virtualenvthenerror "Could not install Python dependencies. Aborting bootstrap!"exit 1fiif ! urpmi --force $QUIET_FLAG \git \gcc \python-augeas \libopenssl-devel \libffi-devel \rootcertsthenerror "Could not install additional dependencies. Aborting bootstrap!"exit 1fi
}# Set Bootstrap to the function that installs OS dependencies on this system
# and BOOTSTRAP_VERSION to the unique identifier for the current version of
# that function. If Bootstrap is set to a function that doesn't install any
# packages BOOTSTRAP_VERSION is not set.
if [ -f /etc/debian_version ]; thenBootstrap() {BootstrapMessage "Debian-based OSes"BootstrapDebCommon}BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION"
elif [ -f /etc/mageia-release ]; then# Mageia has both /etc/mageia-release and /etc/redhat-releaseBootstrap() {ExperimentalBootstrap "Mageia" BootstrapMageiaCommon}BOOTSTRAP_VERSION="BootstrapMageiaCommon $BOOTSTRAP_MAGEIA_COMMON_VERSION"
elif [ -f /etc/redhat-release ]; then# Run DeterminePythonVersion to decide on the basis of available Python versions# whether to use 2.x or 3.x on RedHat-like systems.# Then, revert LE_PYTHON to its previous state.prev_le_python="$LE_PYTHON"unset LE_PYTHONDeterminePythonVersion "NOCRASH"RPM_DIST_NAME=`(. /etc/os-release 2> /dev/null && echo $ID) || echo "unknown"`# Set RPM_DIST_VERSION to VERSION_ID from /etc/os-release after splitting on# '.' characters (e.g. "8.0" becomes "8"). If the command exits with an# error, RPM_DIST_VERSION is set to "unknown".RPM_DIST_VERSION=$( (. /etc/os-release 2> /dev/null && echo "$VERSION_ID") | cut -d '.' -f1 || echo "unknown")# If RPM_DIST_VERSION is an empty string or it contains any nonnumeric# characters, the value is unexpected so we set RPM_DIST_VERSION to 0.if [ -z "$RPM_DIST_VERSION" ] || [ -n "$(echo "$RPM_DIST_VERSION" | tr -d '[0-9]')" ]; thenRPM_DIST_VERSION=0fi# Starting to Fedora 29, python2 is on a deprecation path. Let's move to python3 then.# RHEL 8 also uses python3 by default.if [ "$RPM_DIST_NAME" = "fedora" -a "$RPM_DIST_VERSION" -ge 29 -o "$PYVER" -eq 26 ]; thenRPM_USE_PYTHON_3=1elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; thenRPM_USE_PYTHON_3=1elseRPM_USE_PYTHON_3=0fiif [ "$RPM_USE_PYTHON_3" = 1 ]; thenBootstrap() {BootstrapMessage "RedHat-based OSes that will use Python3"BootstrapRpmPython3}USE_PYTHON_3=1BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"elseBootstrap() {BootstrapMessage "RedHat-based OSes"BootstrapRpmCommon}BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"fiLE_PYTHON="$prev_le_python"
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; thenBootstrap() {BootstrapMessage "openSUSE-based OSes"BootstrapSuseCommon}BOOTSTRAP_VERSION="BootstrapSuseCommon $BOOTSTRAP_SUSE_COMMON_VERSION"
elif [ -f /etc/arch-release ]; thenBootstrap() {if [ "$DEBUG" = 1 ]; thenBootstrapMessage "Archlinux"BootstrapArchCommonelseerror "Please use pacman to install letsencrypt packages:"error "# pacman -S certbot certbot-apache"errorerror "If you would like to use the virtualenv way, please run the script again with the"error "--debug flag."exit 1fi}BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/manjaro-release ]; thenBootstrap() {ExperimentalBootstrap "Manjaro Linux" BootstrapArchCommon}BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/gentoo-release ]; thenBootstrap() {DeprecationBootstrap "Gentoo" BootstrapGentooCommon}BOOTSTRAP_VERSION="BootstrapGentooCommon $BOOTSTRAP_GENTOO_COMMON_VERSION"
elif uname | grep -iq FreeBSD ; thenBootstrap() {DeprecationBootstrap "FreeBSD" BootstrapFreeBsd}BOOTSTRAP_VERSION="BootstrapFreeBsd $BOOTSTRAP_FREEBSD_VERSION"
elif uname | grep -iq Darwin ; thenBootstrap() {DeprecationBootstrap "macOS" BootstrapMac}BOOTSTRAP_VERSION="BootstrapMac $BOOTSTRAP_MAC_VERSION"
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; thenBootstrap() {ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon}BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; thenBootstrap() {ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS}BOOTSTRAP_VERSION="BootstrapSmartOS $BOOTSTRAP_SMARTOS_VERSION"
elseBootstrap() {error "Sorry, I don't know how to bootstrap Certbot on your operating system!"errorerror "You will need to install OS dependencies, configure virtualenv, and run pip install manually."error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"error "for more info."exit 1}
fi# We handle this case after determining the normal bootstrap version to allow
# variables like USE_PYTHON_3 to be properly set. As described above, if the
# Bootstrap function doesn't install any packages, BOOTSTRAP_VERSION should not
# be set so we unset it here.
if [ "$NO_BOOTSTRAP" = 1 ]; thenBootstrap() {:}unset BOOTSTRAP_VERSION
fi# Sets PREV_BOOTSTRAP_VERSION to the identifier for the bootstrap script used
# to install OS dependencies on this system. PREV_BOOTSTRAP_VERSION isn't set
# if it is unknown how OS dependencies were installed on this system.
SetPrevBootstrapVersion() {if [ -f $BOOTSTRAP_VERSION_PATH ]; thenPREV_BOOTSTRAP_VERSION=$(cat "$BOOTSTRAP_VERSION_PATH")# The list below only contains bootstrap version strings that existed before# we started writing them to disk.## DO NOT MODIFY THIS LIST UNLESS YOU KNOW WHAT YOU'RE DOING!elif grep -Fqx "$BOOTSTRAP_VERSION" << "UNLIKELY_EOF"
BootstrapDebCommon 1
BootstrapMageiaCommon 1
BootstrapRpmCommon 1
BootstrapSuseCommon 1
BootstrapArchCommon 1
BootstrapGentooCommon 1
BootstrapFreeBsd 1
BootstrapMac 1
BootstrapSmartOS 1
UNLIKELY_EOFthen# If there's no bootstrap version saved to disk, but the currently selected# bootstrap script is from before we started saving the version number,# return the currently selected version to prevent us from rebootstrapping# unnecessarily.PREV_BOOTSTRAP_VERSION="$BOOTSTRAP_VERSION"fi
}TempDir() {mktemp -d 2>/dev/null || mktemp -d -t 'le'  # Linux || macOS
}# Returns 0 if a letsencrypt installation exists at $OLD_VENV_PATH, otherwise,
# returns a non-zero number.
OldVenvExists() {[ -n "$OLD_VENV_PATH" -a -f "$OLD_VENV_PATH/bin/letsencrypt" ]
}# Given python path, version 1 and version 2, check if version 1 is outdated compared to version 2.
# An unofficial version provided as version 1 (eg. 0.28.0.dev0) will be treated
# specifically by printing "UNOFFICIAL". Otherwise, print "OUTDATED" if version 1
# is outdated, and "UP_TO_DATE" if not.
# This function relies only on installed python environment (2.x or 3.x) by certbot-auto.
CompareVersions() {"$1" - "$2" "$3" << "UNLIKELY_EOF"
import sys
from distutils.version import StrictVersiontry:current = StrictVersion(sys.argv[1])
except ValueError:sys.stdout.write('UNOFFICIAL')sys.exit()try:remote = StrictVersion(sys.argv[2])
except ValueError:sys.stdout.write('UP_TO_DATE')sys.exit()if current < remote:sys.stdout.write('OUTDATED')
else:sys.stdout.write('UP_TO_DATE')
UNLIKELY_EOF
}# Create a new virtual environment for Certbot. It will overwrite any existing one.
# Parameters: LE_PYTHON, VENV_PATH, PYVER, VERBOSE
CreateVenv() {"$1" - "$2" "$3" "$4" << "UNLIKELY_EOF"
#!/usr/bin/env python
import os
import shutil
import subprocess
import sysdef create_venv(venv_path, pyver, verbose):if os.path.exists(venv_path):shutil.rmtree(venv_path)stdout = sys.stdout if verbose == '1' else open(os.devnull, 'w')if int(pyver) <= 27:# Use virtualenv binaryenviron = os.environ.copy()environ['VIRTUALENV_NO_DOWNLOAD'] = '1'command = ['virtualenv', '--no-site-packages', '--python', sys.executable, venv_path]subprocess.check_call(command, stdout=stdout, env=environ)else:# Use embedded venv module in Python 3command = [sys.executable, '-m', 'venv', venv_path]subprocess.check_call(command, stdout=stdout)if __name__ == '__main__':create_venv(*sys.argv[1:])UNLIKELY_EOF
}# Check that the given PATH_TO_CHECK has secured permissions.
# Parameters: LE_PYTHON, PATH_TO_CHECK
CheckPathPermissions() {"$1" - "$2" << "UNLIKELY_EOF"
"""Verifies certbot-auto cannot be modified by unprivileged users.This script takes the path to certbot-auto as its only command line
argument.  It then checks that the file can only be modified by uid/gid
< 1000 and if other users can modify the file, it prints a warning with
a suggestion on how to solve the problem.Permissions on symlinks in the absolute path of certbot-auto are ignored
and only the canonical path to certbot-auto is checked. There could be
permissions problems due to the symlinks that are unreported by this
script, however, issues like this were not caused by our documentation
and are ignored for the sake of simplicity.All warnings are printed to stdout rather than stderr so all stderr
output from this script can be suppressed to avoid printing messages if
this script fails for some reason."""
from __future__ import print_functionimport os
import stat
import sysFORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'def has_safe_permissions(path):"""Returns True if the given path has secure permissions.The permissions are considered safe if the file is only writable byuid/gid < 1000.The reason we allow more IDs than 0 is because on some systems suchas Debian, system users/groups other than uid/gid 0 are used for thepath we recommend in our instructions which is /usr/local/bin.  1000was chosen because on Debian 0-999 is reserved for system IDs[1] andon RHEL either 0-499 or 0-999 is reserved depending on theversion[2][3]. Due to these differences across different OSes, thisdetection isn't perfect so we only determine permissions areinsecure when we can be reasonably confident there is a problemregardless of the underlying OS.[1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups[3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups:param str path: filesystem path to check:returns: True if the path has secure permissions, otherwise, False:rtype: bool"""# os.stat follows symlinks before obtaining information about a file.stat_result = os.stat(path)if stat_result.st_mode & stat.S_IWOTH:return Falseif stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:return Falseif stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:return Falsereturn Truedef main(certbot_auto_path):current_path = os.path.realpath(certbot_auto_path)last_path = Nonepermissions_ok = True# This loop makes use of the fact that os.path.dirname('/') == '/'.while current_path != last_path and permissions_ok:permissions_ok = has_safe_permissions(current_path)last_path = current_pathcurrent_path = os.path.dirname(current_path)if not permissions_ok:print('{0} has insecure permissions!'.format(certbot_auto_path))print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))if __name__ == '__main__':main(sys.argv[1])UNLIKELY_EOF
}if [ "$1" = "--le-auto-phase2" ]; then# Phase 2: Create venv, install LE, and run.shift 1  # the --le-auto-phase2 argSetPrevBootstrapVersionif [ -z "$PHASE_1_VERSION" -a "$USE_PYTHON_3" = 1 ]; thenunset LE_PYTHONfiINSTALLED_VERSION="none"if [ -d "$VENV_PATH" ] || OldVenvExists; then# If the selected Bootstrap function isn't a noop and it differs from the# previously used versionif [ -n "$BOOTSTRAP_VERSION" -a "$BOOTSTRAP_VERSION" != "$PREV_BOOTSTRAP_VERSION" ]; then# if non-interactive mode or stdin and stdout are connected to a terminalif [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; thenif [ -d "$VENV_PATH" ]; thenrm -rf "$VENV_PATH"fi# In the case the old venv was just a symlink to the new one,# OldVenvExists is now false because we deleted the venv at VENV_PATH.if OldVenvExists; thenrm -rf "$OLD_VENV_PATH"ln -s "$VENV_PATH" "$OLD_VENV_PATH"fiRerunWithArgs "$@"elseerror "Skipping upgrade because new OS dependencies may need to be installed."errorerror "To upgrade to a newer version, please run this script again manually so you can"error "approve changes or with --non-interactive on the command line to automatically"error "install any required packages."# Set INSTALLED_VERSION to be the same so we don't update the venvINSTALLED_VERSION="$LE_AUTO_VERSION"# Continue to use OLD_VENV_PATH if the new venv doesn't existif [ ! -d "$VENV_PATH" ]; thenVENV_BIN="$OLD_VENV_PATH/bin"fifielif [ -f "$VENV_BIN/letsencrypt" ]; then# --version output ran through grep due to python-cryptography DeprecationWarnings# grep for both certbot and letsencrypt until certbot and shim packages have been releasedINSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)if [ -z "$INSTALLED_VERSION" ]; thenerror "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2"$VENV_BIN/letsencrypt" --versionexit 1fififiif [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; thensay "Creating virtual environment..."DeterminePythonVersionCreateVenv "$LE_PYTHON" "$VENV_PATH" "$PYVER" "$VERBOSE"if [ -n "$BOOTSTRAP_VERSION" ]; thenecho "$BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"elif [ -n "$PREV_BOOTSTRAP_VERSION" ]; thenecho "$PREV_BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"fisay "Installing Python packages..."TEMP_DIR=$(TempDir)trap 'rm -rf "$TEMP_DIR"' EXIT# There is no $ interpolation due to quotes on starting heredoc delimiter.# -------------------------------------------------------------------------cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
# This is the flattened list of packages certbot-auto installs.
# To generate this, do (with docker and package hashin installed):
# ```
# letsencrypt-auto-source/rebuild_dependencies.py \
#   letsencrypt-auto-sources/pieces/dependency-requirements.txt
# ```
ConfigArgParse==0.14.0 \--hash=sha256:2e2efe2be3f90577aca9415e32cb629aa2ecd92078adbe27b53a03e53ff12e91
asn1crypto==0.24.0 \--hash=sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87 \--hash=sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49
certifi==2019.3.9 \--hash=sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5 \--hash=sha256:b26104d6835d1f5e49452a26eb2ff87fe7090b89dfcaee5ea2212697e1e1d7ae
cffi==1.12.2 \--hash=sha256:00b97afa72c233495560a0793cdc86c2571721b4271c0667addc83c417f3d90f \--hash=sha256:0ba1b0c90f2124459f6966a10c03794082a2f3985cd699d7d63c4a8dae113e11 \--hash=sha256:0bffb69da295a4fc3349f2ec7cbe16b8ba057b0a593a92cbe8396e535244ee9d \--hash=sha256:21469a2b1082088d11ccd79dd84157ba42d940064abbfa59cf5f024c19cf4891 \--hash=sha256:2e4812f7fa984bf1ab253a40f1f4391b604f7fc424a3e21f7de542a7f8f7aedf \--hash=sha256:2eac2cdd07b9049dd4e68449b90d3ef1adc7c759463af5beb53a84f1db62e36c \--hash=sha256:2f9089979d7456c74d21303c7851f158833d48fb265876923edcb2d0194104ed \--hash=sha256:3dd13feff00bddb0bd2d650cdb7338f815c1789a91a6f68fdc00e5c5ed40329b \--hash=sha256:4065c32b52f4b142f417af6f33a5024edc1336aa845b9d5a8d86071f6fcaac5a \--hash=sha256:51a4ba1256e9003a3acf508e3b4f4661bebd015b8180cc31849da222426ef585 \--hash=sha256:59888faac06403767c0cf8cfb3f4a777b2939b1fbd9f729299b5384f097f05ea \--hash=sha256:59c87886640574d8b14910840327f5cd15954e26ed0bbd4e7cef95fa5aef218f \--hash=sha256:610fc7d6db6c56a244c2701575f6851461753c60f73f2de89c79bbf1cc807f33 \--hash=sha256:70aeadeecb281ea901bf4230c6222af0248c41044d6f57401a614ea59d96d145 \--hash=sha256:71e1296d5e66c59cd2c0f2d72dc476d42afe02aeddc833d8e05630a0551dad7a \--hash=sha256:8fc7a49b440ea752cfdf1d51a586fd08d395ff7a5d555dc69e84b1939f7ddee3 \--hash=sha256:9b5c2afd2d6e3771d516045a6cfa11a8da9a60e3d128746a7fe9ab36dfe7221f \--hash=sha256:9c759051ebcb244d9d55ee791259ddd158188d15adee3c152502d3b69005e6bd \--hash=sha256:b4d1011fec5ec12aa7cc10c05a2f2f12dfa0adfe958e56ae38dc140614035804 \--hash=sha256:b4f1d6332339ecc61275bebd1f7b674098a66fea11a00c84d1c58851e618dc0d \--hash=sha256:c030cda3dc8e62b814831faa4eb93dd9a46498af8cd1d5c178c2de856972fd92 \--hash=sha256:c2e1f2012e56d61390c0e668c20c4fb0ae667c44d6f6a2eeea5d7148dcd3df9f \--hash=sha256:c37c77d6562074452120fc6c02ad86ec928f5710fbc435a181d69334b4de1d84 \--hash=sha256:c8149780c60f8fd02752d0429246088c6c04e234b895c4a42e1ea9b4de8d27fb \--hash=sha256:cbeeef1dc3c4299bd746b774f019de9e4672f7cc666c777cd5b409f0b746dac7 \--hash=sha256:e113878a446c6228669144ae8a56e268c91b7f1fafae927adc4879d9849e0ea7 \--hash=sha256:e21162bf941b85c0cda08224dade5def9360f53b09f9f259adb85fc7dd0e7b35 \--hash=sha256:fb6934ef4744becbda3143d30c6604718871495a5e36c408431bf33d9c146889
chardet==3.0.4 \--hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \--hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
configobj==5.0.6 \--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
cryptography==2.6.1 \--hash=sha256:066f815f1fe46020877c5983a7e747ae140f517f1b09030ec098503575265ce1 \--hash=sha256:210210d9df0afba9e000636e97810117dc55b7157c903a55716bb73e3ae07705 \--hash=sha256:26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6 \--hash=sha256:2afb83308dc5c5255149ff7d3fb9964f7c9ee3d59b603ec18ccf5b0a8852e2b1 \--hash=sha256:2db34e5c45988f36f7a08a7ab2b69638994a8923853dec2d4af121f689c66dc8 \--hash=sha256:409c4653e0f719fa78febcb71ac417076ae5e20160aec7270c91d009837b9151 \--hash=sha256:45a4f4cf4f4e6a55c8128f8b76b4c057027b27d4c67e3fe157fa02f27e37830d \--hash=sha256:48eab46ef38faf1031e58dfcc9c3e71756a1108f4c9c966150b605d4a1a7f659 \--hash=sha256:6b9e0ae298ab20d371fc26e2129fd683cfc0cfde4d157c6341722de645146537 \--hash=sha256:6c4778afe50f413707f604828c1ad1ff81fadf6c110cb669579dea7e2e98a75e \--hash=sha256:8c33fb99025d353c9520141f8bc989c2134a1f76bac6369cea060812f5b5c2bb \--hash=sha256:9873a1760a274b620a135054b756f9f218fa61ca030e42df31b409f0fb738b6c \--hash=sha256:9b069768c627f3f5623b1cbd3248c5e7e92aec62f4c98827059eed7053138cc9 \--hash=sha256:9e4ce27a507e4886efbd3c32d120db5089b906979a4debf1d5939ec01b9dd6c5 \--hash=sha256:acb424eaca214cb08735f1a744eceb97d014de6530c1ea23beb86d9c6f13c2ad \--hash=sha256:c8181c7d77388fe26ab8418bb088b1a1ef5fde058c6926790c8a0a3d94075a4a \--hash=sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460 \--hash=sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd \--hash=sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6
# Package enum34 needs to be explicitly limited to Python2.x, in order to avoid
# certbot-auto failures on Python 3.6+ which enum34 doesn't support. See #5456.
enum34==1.1.6 ; python_version < '3.4' \--hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \--hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \--hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \--hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1
funcsigs==1.0.2 \--hash=sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca \--hash=sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50
future==0.17.1 \--hash=sha256:67045236dcfd6816dc439556d009594abf643e5eb48992e36beac09c2ca659b8
idna==2.8 \--hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \--hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c
ipaddress==1.0.22 \--hash=sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794 \--hash=sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c
josepy==1.1.0 \--hash=sha256:1309a25aac3caeff5239729c58ff9b583f7d022ffdb1553406ddfc8e5b52b76e \--hash=sha256:fb5c62c77d26e04df29cb5ecd01b9ce69b6fcc9e521eb1ca193b7faa2afa7086
mock==1.3.0 \--hash=sha256:1e247dbecc6ce057299eb7ee019ad68314bb93152e81d9a6110d35f4d5eca0f6 \--hash=sha256:3f573a18be94de886d1191f27c168427ef693e8dcfcecf95b170577b2eb69cbb
parsedatetime==2.4 \--hash=sha256:3d817c58fb9570d1eec1dd46fa9448cd644eeed4fb612684b02dfda3a79cb84b \--hash=sha256:9ee3529454bf35c40a77115f5a596771e59e1aee8c53306f346c461b8e913094
pbr==5.1.3 \--hash=sha256:8257baf496c8522437e8a6cfe0f15e00aedc6c0e0e7c9d55eeeeab31e0853843 \--hash=sha256:8c361cc353d988e4f5b998555c88098b9d5964c2e11acf7b0d21925a66bb5824
pyOpenSSL==19.0.0 \--hash=sha256:aeca66338f6de19d1aa46ed634c3b9ae519a64b458f8468aec688e7e3c20f200 \--hash=sha256:c727930ad54b10fc157015014b666f2d8b41f70c0d03e83ab67624fd3dd5d1e6
pyRFC3339==1.1 \--hash=sha256:67196cb83b470709c580bb4738b83165e67c6cc60e1f2e4f286cfcb402a926f4 \--hash=sha256:81b8cbe1519cdb79bed04910dd6fa4e181faf8c88dff1e1b987b5f7ab23a5b1a
pycparser==2.19 \--hash=sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3
pyparsing==2.3.1 \--hash=sha256:66c9268862641abcac4a96ba74506e594c884e3f57690a696d21ad8210ed667a \--hash=sha256:f6c5ef0d7480ad048c054c37632c67fca55299990fff127850181659eea33fc3
python-augeas==0.5.0 \--hash=sha256:67d59d66cdba8d624e0389b87b2a83a176f21f16a87553b50f5703b23f29bac2
pytz==2018.9 \--hash=sha256:32b0891edff07e28efe91284ed9c31e123d84bea3fd98e1f72be2508f43ef8d9 \--hash=sha256:d5f05e487007e29e03409f9398d074e158d920d36eb82eaf66fb1136b0c5374c
requests==2.21.0 \--hash=sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e \--hash=sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b
requests-toolbelt==0.9.1 \--hash=sha256:380606e1d10dc85c3bd47bf5a6095f815ec007be7a8b69c878507068df059e6f \--hash=sha256:968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0
six==1.12.0 \--hash=sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c \--hash=sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73
urllib3==1.24.2 \--hash=sha256:4c291ca23bbb55c76518905869ef34bdd5f0e46af7afe6861e8375643ffee1a0 \--hash=sha256:9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3
zope.component==4.5 \--hash=sha256:6edfd626c3b593b72895a8cfcf79bff41f4619194ce996a85bce31ac02b94e55 \--hash=sha256:984a06ba3def0b02b1117fa4c45b56e772e8c29c0340820fbf367e440a93a3a4
zope.deferredimport==4.3 \--hash=sha256:2ddef5a7ecfff132a2dd796253366ecf9748a446e30f1a0b3a636aec9d9c05c5 \--hash=sha256:4aae9cbacb2146cca58e62be0a914f0cec034d3b2d41135ea212ca8a96f4b5ec
zope.deprecation==4.4.0 \--hash=sha256:0d453338f04bacf91bbfba545d8bcdf529aa829e67b705eac8c1a7fdce66e2df \--hash=sha256:f1480b74995958b24ce37b0ef04d3663d2683e5d6debc96726eff18acf4ea113
zope.event==4.4 \--hash=sha256:69c27debad9bdacd9ce9b735dad382142281ac770c4a432b533d6d65c4614bcf \--hash=sha256:d8e97d165fd5a0997b45f5303ae11ea3338becfe68c401dd88ffd2113fe5cae7
zope.hookable==4.2.0 \--hash=sha256:22886e421234e7e8cedc21202e1d0ab59960e40a47dd7240e9659a2d82c51370 \--hash=sha256:39912f446e45b4e1f1951b5ffa2d5c8b074d25727ec51855ae9eab5408f105ab \--hash=sha256:3adb7ea0871dbc56b78f62c4f5c024851fc74299f4f2a95f913025b076cde220 \--hash=sha256:3d7c4b96341c02553d8b8d71065a9366ef67e6c6feca714f269894646bb8268b \--hash=sha256:4e826a11a529ed0464ffcecf34b0b7bd1b4928dd5848c5c61bedd7833e8f4801 \--hash=sha256:700d68cc30728de1c4c62088a981c6daeaefdf20a0d81995d2c0b7f442c5f88c \--hash=sha256:77c82a430cedfbf508d1aa406b2f437363c24fa90c73f577ead0fb5295749b83 \--hash=sha256:c1df3929a3666fc5a0c80d60a0c1e6f6ef97c7f6ed2f1b7cf49f3e6f3d4dde15 \--hash=sha256:dba8b2dd2cd41cb5f37bfa3f3d82721b8ae10e492944e48ddd90a439227f2893 \--hash=sha256:f492540305b15b5591bd7195d61f28946bb071de071cee5d68b6b8414da90fd2
zope.interface==4.6.0 \--hash=sha256:086707e0f413ff8800d9c4bc26e174f7ee4c9c8b0302fbad68d083071822316c \--hash=sha256:1157b1ec2a1f5bf45668421e3955c60c610e31913cc695b407a574efdbae1f7b \--hash=sha256:11ebddf765bff3bbe8dbce10c86884d87f90ed66ee410a7e6c392086e2c63d02 \--hash=sha256:14b242d53f6f35c2d07aa2c0e13ccb710392bcd203e1b82a1828d216f6f6b11f \--hash=sha256:1b3d0dcabc7c90b470e59e38a9acaa361be43b3a6ea644c0063951964717f0e5 \--hash=sha256:20a12ab46a7e72b89ce0671e7d7a6c3c1ca2c2766ac98112f78c5bddaa6e4375 \--hash=sha256:298f82c0ab1b182bd1f34f347ea97dde0fffb9ecf850ecf7f8904b8442a07487 \--hash=sha256:2f6175722da6f23dbfc76c26c241b67b020e1e83ec7fe93c9e5d3dd18667ada2 \--hash=sha256:3b877de633a0f6d81b600624ff9137312d8b1d0f517064dfc39999352ab659f0 \--hash=sha256:4265681e77f5ac5bac0905812b828c9fe1ce80c6f3e3f8574acfb5643aeabc5b \--hash=sha256:550695c4e7313555549aa1cdb978dc9413d61307531f123558e438871a883d63 \--hash=sha256:5f4d42baed3a14c290a078e2696c5f565501abde1b2f3f1a1c0a94fbf6fbcc39 \--hash=sha256:62dd71dbed8cc6a18379700701d959307823b3b2451bdc018594c48956ace745 \--hash=sha256:7040547e5b882349c0a2cc9b50674b1745db551f330746af434aad4f09fba2cc \--hash=sha256:7e099fde2cce8b29434684f82977db4e24f0efa8b0508179fce1602d103296a2 \--hash=sha256:7e5c9a5012b2b33e87980cee7d1c82412b2ebabcb5862d53413ba1a2cfde23aa \--hash=sha256:81295629128f929e73be4ccfdd943a0906e5fe3cdb0d43ff1e5144d16fbb52b1 \--hash=sha256:95cc574b0b83b85be9917d37cd2fad0ce5a0d21b024e1a5804d044aabea636fc \--hash=sha256:968d5c5702da15c5bf8e4a6e4b67a4d92164e334e9c0b6acf080106678230b98 \--hash=sha256:9e998ba87df77a85c7bed53240a7257afe51a07ee6bc3445a0bf841886da0b97 \--hash=sha256:a0c39e2535a7e9c195af956610dba5a1073071d2d85e9d2e5d789463f63e52ab \--hash=sha256:a15e75d284178afe529a536b0e8b28b7e107ef39626a7809b4ee64ff3abc9127 \--hash=sha256:a6a6ff82f5f9b9702478035d8f6fb6903885653bff7ec3a1e011edc9b1a7168d \--hash=sha256:b639f72b95389620c1f881d94739c614d385406ab1d6926a9ffe1c8abbea23fe \--hash=sha256:bad44274b151d46619a7567010f7cde23a908c6faa84b97598fd2f474a0c6891 \--hash=sha256:bbcef00d09a30948756c5968863316c949d9cedbc7aabac5e8f0ffbdb632e5f1 \--hash=sha256:d788a3999014ddf416f2dc454efa4a5dbeda657c6aba031cf363741273804c6b \--hash=sha256:eed88ae03e1ef3a75a0e96a55a99d7937ed03e53d0cffc2451c208db445a2966 \--hash=sha256:f99451f3a579e73b5dd58b1b08d1179791d49084371d9a47baad3b22417f0317
zope.proxy==4.3.1 \--hash=sha256:0cbcfcafaa3b5fde7ba7a7b9a2b5f09af25c9b90087ad65f9e61359fed0ca63b \--hash=sha256:3de631dd5054a3a20b9ebff0e375f39c0565f1fb9131200d589a6a8f379214cd \--hash=sha256:5429134d04d42262f4dac25f6dea907f6334e9a751ffc62cb1d40226fb52bdeb \--hash=sha256:563c2454b2d0f23bca54d2e0e4d781149b7b06cb5df67e253ca3620f37202dd2 \--hash=sha256:5bcf773345016b1461bb07f70c635b9386e5eaaa08e37d3939dcdf12d3fdbec5 \--hash=sha256:8d84b7aef38c693874e2f2084514522bf73fd720fde0ce2a9352a51315ffa475 \--hash=sha256:90de9473c05819b36816b6cb957097f809691836ed3142648bf62da84b4502fe \--hash=sha256:dd592a69fe872445542a6e1acbefb8e28cbe6b4007b8f5146da917e49b155cc3 \--hash=sha256:e7399ab865399fce322f9cefc6f2f3e4099d087ba581888a9fea1bbe1db42a08 \--hash=sha256:e7d1c280d86d72735a420610df592aac72332194e531a8beff43a592c3a1b8eb \--hash=sha256:e90243fee902adb0c39eceb3c69995c0f2004bc3fdb482fbf629efc656d124ed# Contains the requirements for the letsencrypt package.
#
# Since the letsencrypt package depends on certbot and using pip with hashes
# requires that all installed packages have hashes listed, this allows
# dependency-requirements.txt to be used without requiring a hash for a
# (potentially unreleased) Certbot package.letsencrypt==0.7.0 \--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9certbot==0.37.2 \--hash=sha256:8f6f0097fb2aac64f13e5d6974781ac85a051d84a6cb3f4d79c6b75c5ea451b8 \--hash=sha256:e454368aa8d62559c673091b511319c130c8e0ea1c4dfa314ed7bdc91dd96ef5
acme==0.37.2 \--hash=sha256:5666ba927a9e7bf3f9ed5a268bd5acf627b5838fb409e8401f05d2aaaee188ba \--hash=sha256:88798fae3bc692397db79c66930bd02fcaba8a6b1fba9a62f111dda42cc47f5c
certbot-apache==0.37.2 \--hash=sha256:e3ae7057f727506ab3796095ed66ca083f4e295d06f209ab96d2a3f37dea51b9 \--hash=sha256:4cb44d1a7c56176a84446a11412c561479ed0fed19848632e61f104dbf6a3031
certbot-nginx==0.37.2 \--hash=sha256:a92dffdf3daca97db5d7ae2287e505110c3fa01c035b9356abb2ef9fa32e8695 \--hash=sha256:404f7b5b7611f0dce8773739170f306e94a59b69528cb74337e7f354936ac061UNLIKELY_EOF# -------------------------------------------------------------------------cat << "UNLIKELY_EOF" > "$TEMP_DIR/pipstrap.py"
#!/usr/bin/env python
"""A small script that can act as a trust root for installing pip >=8
Embed this in your project, and your VCS checkout is all you have to trust. In
a post-peep era, this lets you claw your way to a hash-checking version of pip,
with which you can install the rest of your dependencies safely. All it assumes
is Python 2.6 or better and *some* version of pip already installed. If
anything goes wrong, it will exit with a non-zero status code.
"""
# This is here so embedded copies are MIT-compliant:
# Copyright (c) 2016 Erik Rose
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
from __future__ import print_function
from distutils.version import StrictVersion
from hashlib import sha256
from os import environ
from os.path import join
from shutil import rmtree
try:from subprocess import check_output
except ImportError:from subprocess import CalledProcessError, PIPE, Popendef check_output(*popenargs, **kwargs):if 'stdout' in kwargs:raise ValueError('stdout argument not allowed, it will be ''overridden.')process = Popen(stdout=PIPE, *popenargs, **kwargs)output, unused_err = process.communicate()retcode = process.poll()if retcode:cmd = kwargs.get("args")if cmd is None:cmd = popenargs[0]raise CalledProcessError(retcode, cmd)return output
import sys
from tempfile import mkdtemp
try:from urllib2 import build_opener, HTTPHandler, HTTPSHandler
except ImportError:from urllib.request import build_opener, HTTPHandler, HTTPSHandler
try:from urlparse import urlparse
except ImportError:from urllib.parse import urlparse  # 3.4__version__ = 1, 5, 1
PIP_VERSION = '9.0.1'
DEFAULT_INDEX_BASE = 'https://pypi.python.org'# wheel has a conditional dependency on argparse:
maybe_argparse = ([('18/dd/e617cfc3f6210ae183374cd9f6a26b20514bbb5a792af97949c5aacddf0f/''argparse-1.4.0.tar.gz','62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4')]if sys.version_info < (2, 7, 0) else [])PACKAGES = maybe_argparse + [# Pip has no dependencies, as it vendors everything:('11/b6/abcb525026a4be042b486df43905d6893fb04f05aac21c32c638e939e447/''pip-{0}.tar.gz'.format(PIP_VERSION),'09f243e1a7b461f654c26a725fa373211bb7ff17a9300058b205c61658ca940d'),# This version of setuptools has only optional dependencies:('37/1b/b25507861991beeade31473868463dad0e58b1978c209de27384ae541b0b/''setuptools-40.6.3.zip','3b474dad69c49f0d2d86696b68105f3a6f195f7ab655af12ef9a9c326d2b08f8'),('c9/1d/bd19e691fd4cfe908c76c429fe6e4436c9e83583c4414b54f6c85471954a/''wheel-0.29.0.tar.gz','1ebb8ad7e26b448e9caa4773d2357849bf80ff9e313964bcaf79cbf0201a1648')
]class HashError(Exception):def __str__(self):url, path, actual, expected = self.argsreturn ('{url} did not match the expected hash {expected}. Instead, ''it was {actual}. The file (left at {path}) may have been ''tampered with.'.format(**locals()))def hashed_download(url, temp, digest):"""Download ``url`` to ``temp``, make sure it has the SHA-256 ``digest``,and return its path."""# Based on pip 1.4.1's URLOpener but with cert verification removed. Python# >=2.7.9 verifies HTTPS certs itself, and, in any case, the cert# authenticity has only privacy (not arbitrary code execution)# implications, since we're checking hashes.def opener(using_https=True):opener = build_opener(HTTPSHandler())if using_https:# Strip out HTTPHandler to prevent MITM spoof:for handler in opener.handlers:if isinstance(handler, HTTPHandler):opener.handlers.remove(handler)return openerdef read_chunks(response, chunk_size):while True:chunk = response.read(chunk_size)if not chunk:breakyield chunkparsed_url = urlparse(url)response = opener(using_https=parsed_url.scheme == 'https').open(url)path = join(temp, parsed_url.path.split('/')[-1])actual_hash = sha256()with open(path, 'wb') as file:for chunk in read_chunks(response, 4096):file.write(chunk)actual_hash.update(chunk)actual_digest = actual_hash.hexdigest()if actual_digest != digest:raise HashError(url, path, actual_digest, digest)return pathdef get_index_base():"""Return the URL to the dir containing the "packages" folder.Try to wring something out of PIP_INDEX_URL, if set. Hack "/simple" off theend if it's there; that is likely to give us the right dir."""env_var = environ.get('PIP_INDEX_URL', '').rstrip('/')if env_var:SIMPLE = '/simple'if env_var.endswith(SIMPLE):return env_var[:-len(SIMPLE)]else:return env_varelse:return DEFAULT_INDEX_BASEdef main():python = sys.executable or 'python'pip_version = StrictVersion(check_output([python, '-m', 'pip', '--version']).decode('utf-8').split()[1])has_pip_cache = pip_version >= StrictVersion('6.0')index_base = get_index_base()temp = mkdtemp(prefix='pipstrap-')try:downloads = [hashed_download(index_base + '/packages/' + path,temp,digest)for path, digest in PACKAGES]# Calling pip as a module is the preferred way to avoid problems about pip self-upgrade.command = [python, '-m', 'pip', 'install', '--no-index', '--no-deps', '-U']# Disable cache since it is not used and it otherwise sometimes throws permission warnings:command.extend(['--no-cache-dir'] if has_pip_cache else [])command.extend(downloads)check_output(command)except HashError as exc:print(exc)except Exception:rmtree(temp)raiseelse:rmtree(temp)return 0return 1if __name__ == '__main__':sys.exit(main())UNLIKELY_EOF# -------------------------------------------------------------------------# Set PATH so pipstrap upgrades the right (v)env:PATH="$VENV_BIN:$PATH" "$VENV_BIN/python" "$TEMP_DIR/pipstrap.py"set +eif [ "$VERBOSE" = 1 ]; then"$VENV_BIN/pip" install --disable-pip-version-check --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt"elsePIP_OUT=`"$VENV_BIN/pip" install --disable-pip-version-check --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`fiPIP_STATUS=$?set -eif [ "$PIP_STATUS" != 0 ]; then# Report error. (Otherwise, be quiet.)error "Had a problem while installing Python packages."if [ "$VERBOSE" != 1 ]; thenerrorerror "pip prints the following errors: "error "====================================================="error "$PIP_OUT"error "====================================================="errorerror "Certbot has problem setting up the virtual environment."if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; thenerrorerror "Based on your pip output, the problem can likely be fixed by "error "increasing the available memory."elseerrorerror "We were not be able to guess the right solution from your pip "error "output."fierrorerror "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment"error "for possible solutions."error "You may also find some support resources at https://certbot.eff.org/support/ ."firm -rf "$VENV_PATH"exit 1fiif [ -d "$OLD_VENV_PATH" -a ! -L "$OLD_VENV_PATH" ]; thenrm -rf "$OLD_VENV_PATH"ln -s "$VENV_PATH" "$OLD_VENV_PATH"fisay "Installation succeeded."fiif [ "$INSTALL_ONLY" = 1 ]; thensay "Certbot is installed."exit 0fi"$VENV_BIN/letsencrypt" "$@"else# Phase 1: Upgrade certbot-auto if necessary, then self-invoke.## Each phase checks the version of only the thing it is responsible for# upgrading. Phase 1 checks the version of the latest release of# certbot-auto (which is always the same as that of the certbot# package). Phase 2 checks the version of the locally installed certbot.export PHASE_1_VERSION="$LE_AUTO_VERSION"if [ ! -f "$VENV_BIN/letsencrypt" ]; thenif ! OldVenvExists; thenif [ "$HELP" = 1 ]; thenecho "$USAGE"exit 0fi# If it looks like we've never bootstrapped before, bootstrap:Bootstrapfifiif [ "$OS_PACKAGES_ONLY" = 1 ]; thensay "OS packages installed."exit 0fiDeterminePythonVersion "NOCRASH"# Don't warn about file permissions if the user disabled the check or we# can't find an up-to-date Python.if [ "$PYVER" -ge "$MIN_PYVER" -a "$NO_PERMISSIONS_CHECK" != 1 ]; then# If the script fails for some reason, don't break certbot-auto.set +e# Suppress unexpected error output.CHECK_PERM_OUT=$(CheckPathPermissions "$LE_PYTHON" "$0" 2>/dev/null)CHECK_PERM_STATUS="$?"set -e# Only print output if the script ran successfully and it actually produced# output. The latter check resolves# https://github.com/certbot/certbot/issues/7012.if [ "$CHECK_PERM_STATUS" = 0 -a -n "$CHECK_PERM_OUT" ]; thenerror "$CHECK_PERM_OUT"fifiif [ "$NO_SELF_UPGRADE" != 1 ]; thenTEMP_DIR=$(TempDir)trap 'rm -rf "$TEMP_DIR"' EXIT# ---------------------------------------------------------------------------cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py"
"""Do downloading and JSON parsing without additional dependencies. ::# Print latest released version of LE to stdout:python fetch.py --latest-version# Download letsencrypt-auto script from git tag v1.2.3 into the folder I'm# in, and make sure its signature verifies:python fetch.py --le-auto-script v1.2.3On failure, return non-zero."""from __future__ import print_function, unicode_literalsfrom distutils.version import LooseVersion
from json import loads
from os import devnull, environ
from os.path import dirname, join
import re
import ssl
from subprocess import check_call, CalledProcessError
from sys import argv, exit
try:from urllib2 import build_opener, HTTPHandler, HTTPSHandlerfrom urllib2 import HTTPError, URLError
except ImportError:from urllib.request import build_opener, HTTPHandler, HTTPSHandlerfrom urllib.error import HTTPError, URLErrorPUBLIC_KEY = environ.get('LE_AUTO_PUBLIC_KEY', """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MR8W/galdxnpGqBsYbq
OzQb2eyW15YFjDDEMI0ZOzt8f504obNs920lDnpPD2/KqgsfjOgw2K7xWDJIj/18
xUvWPk3LDkrnokNiRkA3KOx3W6fHycKL+zID7zy+xZYBuh2fLyQtWV1VGQ45iNRp
9+Zo7rH86cdfgkdnWTlNSHyTLW9NbXvyv/E12bppPcEvgCTAQXgnDVJ0/sqmeiij
n9tTFh03aM+R2V/21h8aTraAS24qiPCz6gkmYGC8yr6mglcnNoYbsLNYZ69zF1XH
cXPduCPdPdfLlzVlKK1/U7hkA28eG3BIAMh6uJYBRJTpiGgaGdPd7YekUB8S6cy+
CQIDAQAB
-----END PUBLIC KEY-----
""")class ExpectedError(Exception):"""A novice-readable exception that also carries the original exception fordebugging"""class HttpsGetter(object):def __init__(self):"""Build an HTTPS opener."""# Based on pip 1.4.1's URLOpener# This verifies certs on only Python >=2.7.9, and when NO_CERT_VERIFY isn't set.if environ.get('NO_CERT_VERIFY') == '1' and hasattr(ssl, 'SSLContext'):self._opener = build_opener(HTTPSHandler(context=cert_none_context()))else:self._opener = build_opener(HTTPSHandler())# Strip out HTTPHandler to prevent MITM spoof:for handler in self._opener.handlers:if isinstance(handler, HTTPHandler):self._opener.handlers.remove(handler)def get(self, url):"""Return the document contents pointed to by an HTTPS URL.If something goes wrong (404, timeout, etc.), raise ExpectedError."""try:# socket module docs say default timeout is None: that is, no# timeoutreturn self._opener.open(url, timeout=30).read()except (HTTPError, IOError) as exc:raise ExpectedError("Couldn't download %s." % url, exc)def write(contents, dir, filename):"""Write something to a file in a certain directory."""with open(join(dir, filename), 'wb') as file:file.write(contents)def latest_stable_version(get):"""Return the latest stable release of letsencrypt."""metadata = loads(get(environ.get('LE_AUTO_JSON_URL','https://pypi.python.org/pypi/certbot/json')).decode('UTF-8'))# metadata['info']['version'] actually returns the latest of any kind of# release release, contrary to https://wiki.python.org/moin/PyPIJSON.# The regex is a sufficient regex for picking out prereleases for most# packages, LE included.return str(max(LooseVersion(r) for rin metadata['releases'].keys()if re.match('^[0-9.]+$', r)))def verified_new_le_auto(get, tag, temp_dir):"""Return the path to a verified, up-to-date letsencrypt-auto script.If the download's signature does not verify or something else goes wrongwith the verification process, raise ExpectedError."""le_auto_dir = environ.get('LE_AUTO_DIR_TEMPLATE','https://raw.githubusercontent.com/certbot/certbot/%s/''letsencrypt-auto-source/') % tagwrite(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto')write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig')write(PUBLIC_KEY.encode('UTF-8'), temp_dir, 'public_key.pem')try:with open(devnull, 'w') as dev_null:check_call(['openssl', 'dgst', '-sha256', '-verify',join(temp_dir, 'public_key.pem'),'-signature',join(temp_dir, 'letsencrypt-auto.sig'),join(temp_dir, 'letsencrypt-auto')],stdout=dev_null,stderr=dev_null)except CalledProcessError as exc:raise ExpectedError("Couldn't verify signature of downloaded ""certbot-auto.", exc)def cert_none_context():"""Create a SSLContext object to not check hostname."""# PROTOCOL_TLS isn't available before 2.7.13 but this code is for 2.7.9+, so use this.context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)context.verify_mode = ssl.CERT_NONEreturn contextdef main():get = HttpsGetter().getflag = argv[1]try:if flag == '--latest-version':print(latest_stable_version(get))elif flag == '--le-auto-script':tag = argv[2]verified_new_le_auto(get, tag, dirname(argv[0]))except ExpectedError as exc:print(exc.args[0], exc.args[1])return 1else:return 0if __name__ == '__main__':exit(main())UNLIKELY_EOF# ---------------------------------------------------------------------------if [ "$PYVER" -lt "$MIN_PYVER" ]; thenerror "WARNING: couldn't find Python $MIN_PYTHON_VERSION+ to check for updates."elif ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; thenerror "WARNING: unable to check for updates."fiLE_VERSION_STATE=`CompareVersions "$LE_PYTHON" "$LE_AUTO_VERSION" "$REMOTE_VERSION"`if [ "$LE_VERSION_STATE" = "UNOFFICIAL" ]; thensay "Unofficial certbot-auto version detected, self-upgrade is disabled: $LE_AUTO_VERSION"elif [ "$LE_VERSION_STATE" = "OUTDATED" ]; thensay "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."# Now we drop into Python so we don't have to install even more# dependencies (curl, etc.), for better flow control, and for the option of# future Windows compatibility."$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"# Install new copy of certbot-auto.# TODO: Deal with quotes in pathnames.say "Replacing certbot-auto..."# Clone permissions with cp. chmod and chown don't have a --reference# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"# Using mv rather than cp leaves the old file descriptor pointing to the# original copy so the shell can continue to read it unmolested. mv across# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the# cp is unlikely to fail if the rm doesn't.mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"fi  # A newer version is available.fi  # Self-upgrading is allowed.RerunWithArgs --le-auto-phase2 "$@"
fi

csdn博客里搜索: "Let's Encrypt官网一键式免费申请ssl证书脚本"   -- 和这个一样 ,是已经去掉序号的文本,直接下载上传执行

使用前关闭443端口,就是nginx, 起码我的是nginx, 你用的不一样, 就把你的443服务停掉

也可以自己动手:

地址一:  https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto

地址二:  https://fossies.org/linux/certbot/certbot-auto      //注: 该地址有序号,需自己去掉

使用方法:

1. linux下执行, 没有执行权限的话就给他rwx  chmod -R 700 certbot-auto

2. 执行:  ./certbot-auto

3. 让你输入域名配置到哪个服务中:   选择apache的话,输入1, 选择 nginx的话 输入2

4. 让你选择他找到的域名, 前面对应着域名的序号, 同样输入序号即可.

然后就等着吧.  再然后 自己摸索摸索吧, 脑子是个好东西.  你该动动了

Let'sEncrypt免费域名申请一键式脚本-目前最简单的脚本相关推荐

  1. 免费域名申请及免费DNS解析

    一:免费域名申请 1:freenom免费域名申请(有效期12个月) 我是通过科学上网才申请成功.普通方式申请容易出现各种问题不成功.因为freenom网站要连接国外各种服务器检测域名的可用性. 如下图 ...

  2. freenom免费域名申请及设置域名解析

    对于想低成本搭建网站,或者搭建一些测试项目,那么使用一个低成本的域名乃至免费的域名还是很有必要的.又比如,对于经常搭jingxiang的朋友来说,当一个购买不到2个月的域名被污染,那也是相当的心痛,适 ...

  3. EU.org免费域名申请教程

    前言 EU.org是由Paul Mockapetris在1996年创建的免费域名服务,给没有资金买域名的个人或公司提供永久免费的域名.虽然是二级域名,但是已经被一些网络公司(当然是国外的)认定为顶级域 ...

  4. eu.org申请免费域名 免费域名申请教程

    EU.org是由Paul Mockapetris在1996年创建的免费域名服务,给没有资金买域名的个人或公司提供永久免费的域名.虽然是二级域名,但是已经被一些网络公司(当然是国外的)认定为顶级域名. ...

  5. 【白嫖系列】永久免费域名申请教程 eu.org

  6. 免费域名注册的一些知识以及域名解析相关知识

    一.通常免费域名申请的条款(供参考) 1,只提供免费域名申请服务,不提供网页存放空间. 2,网站必须符合中国有关法规,否则本站将禁用其帐号. 3,不得在发送宣传邮件(垃圾邮件)时写本站提供的免费域名. ...

  7. Uni.me免费域名申请注册和使用教程

    You are here: Home » Uni.me免费域名申请注册和使用教程 Uni.me免费域名申请注册和使用教程 By admin on 10 十二月, 2012 免费域名 免费域名申请注册 ...

  8. 会声会影2022正式版一键式视频剪辑软件

    多场景适用,会声会影2022适用于个人.商店或是企业,可满足vlog视频.影视混剪.游戏解说.电子相册制作.淘宝主图视频.企业宣传片.线上网课制作等需求!下载末尾会声会影教程参考! 基础剪辑,一应俱全 ...

  9. 免费域名证书最新申请方式大全

    目前市场环境下,可获得域名SSL证书的方式有很多,一般有付费和免费划分.对于想免费使用域名SSL证书的朋友,这里收集整理了几个常用的SSL证书申请方式. 对于SSL证书的用处,简单的来说,就是加密数据 ...

  10. 利用腾讯云为你的域名申请并配置免费SSL一年

    我想,点进来的朋友,应该都知道SSL的重要性吧.这里就简单提一下,大型网站域名只有配置了SSL后,才会更加安全. 现在,微信小程序也开始要求后台必须是SSL配置后的域名了.说了这么多,估计有些人还是有 ...

最新文章

  1. C#实现类似qq的屏幕截图程序
  2. 为什么要使用openstry_为什么要使用双屏办公?
  3. 由于TempDB设置错误导致SQL Server无法重启错误的解决方案
  4. centos 6.4/6.5下源码编译安装mysql_CentOS 6.4/6.5下源码编译安装mysql
  5. 2.9 logistic 回归中的梯度下降法
  6. 2012.4.20总结
  7. 1121: [POI2008]激光发射器SZK
  8. mysql内存淘汰_mysql内存数据淘汰机制和大查询会不会把内存打爆?
  9. python语言程序设计教程答案赵璐_python语言程序设计教程课后答案赵璐
  10. 为linux下ibus添加五笔98输入法过程详解
  11. 【围棋棋盘绘制——html实现】
  12. iphone通讯录导入excel
  13. Photoshop-为图层添加一个镜头光晕
  14. vue实现:带关键字跳转企查查并搜索关键字对应的企业
  15. 启动redis失败 Could not create server TCP listening socket 127.0.0.1:6379: bind: 操作成功
  16. java中Map集合、模拟斗地主洗牌发牌、JDK9对集合添加的优化
  17. 【源码】Set集合源码剖析
  18. Windows10系统错误码0xc0000142怎么修复?
  19. 2022保密教育线上培训考试 05
  20. FANUC数控系统类有哪些最新发表的毕业论文呢?

热门文章

  1. CMMI认证的周期是多久?费用是多少?
  2. AIX 系统默认ftp
  3. Keil5 C51版 下载与安装教程(51单片机编程软件)
  4. 小程序毕设作品之微信小程序点餐系统毕业设计(4)开题报告
  5. 广东省广州市谷歌卫星地图下载
  6. 传智播客java测试题_传智播客java考试习题3
  7. siki暗黑战神项目总结,框架和主要的优化点
  8. ISO27001认证适用领域及认证流程
  9. 思维导图 进阶(01)关键词提取,思维导图的灵魂
  10. 3D数学基础(二)| 向量