a
����}|ägFe��ã��������������������@���sl���U�d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m Z ��d�d�l
Z
d�d�l�m�Z���d�d�l
m�Z���d�d l�m�Z���d�d
l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d
l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m Z ��d�d�l�m!Z!��d�d�l�m"Z"��d�d�l�m#Z#��d�d�l�m$Z$��d�d�l�m%Z%��d�d�l�m&Z&��d�d�l�m'Z'��d�d l�m(Z(��d�d!l�m)Z)��d�d"l*m+Z+��d�d#l,m-Z-��d�d$l.m/Z/��d�d%l0m1Z1��d�d&l2m3Z3��d�d'l4m5Z5��d�d(l4m6Z6��d�d)l7m8Z9��d�d�l:m;����m<����m=Z>��d�d*l?m@Z@��e� AeB¡�ZCd�aDe�e-��eEd+<�e9jFe�eG��e�d,œ�d-d.„�ZHe�e d/œ�d0d1„�ZId�S�)2z2Certbot command line argument & config processing.é����N)�Ú�Any)�Ú�List)�Ú�Optional)�Ú�Type)�Ú�NamespaceConfig)�Ú constants)�Ú�ARGPARSE_PARAMS_TO_REMOVE)�Ú�cli_command)�Ú�COMMAND_OVERVIEW)�Ú�DEPRECATED_OPTIONS)�Ú�EXIT_ACTIONS)�Ú�HELP_AND_VERSION_USAGE)�Ú�SHORT_USAGE)�Ú
VAR_MODIFIERS)�Ú�ZERO_ARG_ACTIONS)�Ú�_DeployHookAction)�Ú�_DomainsAction)�Ú�_EncodeReasonAction)�Ú�_PrefChallAction)�Ú�_RenewHookAction)�Ú�_user_agent_comment_type)�Ú�add_domains)�Ú�CaseInsensitiveList)�Ú�config_help)�Ú�CustomHelpFormatter)�Ú�flag_default)�Ú�HelpfulArgumentGroup)�Ú�nonnegative_int)�Ú�parse_preferred_challenges)�Ú read_file)�Ú�set_test_server_options)�Ú�_add_all_groups)�Ú�HelpfulArgumentParser)�Ú
_paths_parser)�Ú�_plugins_parsing)�Ú�_create_subparsers)�Ú VERB_HELP)�Ú
VERB_HELP_MAP)�Ú�disco)�Ú�enhancementsÚ�helpful_parser)�Ú�pluginsÚ�argsÚ�returnc��������������������C���sr���t�|�|�ƒ�}�t�|�ƒ���|�j�d�d�d�d�d�t�d�ƒ�d�d����|�j�d�d�d t�d ƒ�t�j�d
���|�j�d�d�d�d
d�t�d
ƒ�t�j�d����|�j�d�d�t�t�d�ƒ�d�d����|�j�d�d�d�d�t�d�ƒ�t�j�d����|�j�g�d�¢�d�d�d�d�d�t�d�ƒ�d�d����|�j�g�d�¢�t�j�d�t�d�ƒ�d�d����|�j�g�d�¢�d d!d"d#d$t t�d#ƒ�d%d& ��|�j�g�d'¢�d(d)d*d+d,���|�j�g�d'¢�d-d.d/d0d,���|�j�g�d1¢�d2d3d4t�d3ƒ�d5d6���|�j�g�d7¢�d8d�d9t�d9ƒ�d:d;���|�j�g�d<¢�d=d�d>t�d>ƒ�d?d;���|�j�d@dAg�dBd�t�dCƒ�dDd����|�j�g�dE¢�dFdGt�dHƒ�t
dHƒ�dI���|�j�g�dJ¢�dKd�t�dLƒ�dLdMdN���|�j�g�dJ¢�dOdPt�dLƒ�dLdQdN���|�j�g�dR¢�dSdTdUdVd�t�dVƒ�dWd����|�j�dAdXd�t�dYƒ�dZd����|�j�dAd[d\d] �t�j
¡�d^d_���|�j�dAd`g�dadbdcd�t�dcƒ�ddd����|�j�dAdedfd�t�dfƒ�dgd����|�j�dAdhdid�t�diƒ�djd����|�j�dAdkdidPt�diƒ�dld����|�j�dAdmdnd�t�dnƒ�dod����|�j�g�dp¢�dqd�t�drƒ�dsd����|�j�dAdtdud�t�duƒ�dvd����|�j�dwdAg�dxdyt�dzƒ�d{d|���|�j�dAd}d~d�t�d~ƒ�dd����|�j�g�d€¢�dd‚dƒd�t�dƒƒ�d„d����|�j�g�d…¢�d†d‡dˆd�t�dˆƒ�d‰t�j���d����|�j�dŠd‹d�t�dŒƒ�dd����|�j�g�dŽ¢�dd�t�dƒ�d‘d����|�j�dŠd’d�t
d“ƒ�t�d“ƒ�d”���|�j�g�d•¢�d–t�d—t�d—ƒ�t
d—ƒ�d˜���|�j�dŠd™g�dšd›t�d›ƒ�t
d›ƒ�d
���|�j�dŠdœg�dt�t�džƒ�t
džƒ�d����|�j�dŠdŸd�t�d ƒ�d¡d����|�j�d¢d£t�d¤t�d¥ƒ�t
d¥ƒ�d¦���|�j�d¢d§d¨d©g�t�t�dªƒ�t
dªƒ�d«���|�j�d¢d¬t�g�d¢�d¤t�d®ƒ�t
d®ƒ�d¯���|�j�d¢d°d�d±t�d±ƒ�t
d±ƒ�d;���|�j�d¢d²g�d³d�d´t�d´ƒ�dµd;���|�j�d¢d¶dPd´t�d´ƒ�d·d;���|�j�d¢d²g�d¸d�d¹t�d¹ƒ�dºd;���|�j�d¢d»dPd¹t�d¹ƒ�t�j�d;���|�j�d¢d²g�d¼d�d½t�d½ƒ�d¾d;���|�j�d¢d¿dPd½t�d½ƒ�t�j�d;���|�j�d¢dÀd�dÁt�dÁƒ�dÂd;���|�j�d¢dÃdPdÁt�dÁƒ�t�j�d;���|�j�d¢dÄd�t�dŃ�dÆd����|�j�g�dÇ¢�dÈdÉt�dɃ�t
dɃ�d
���|�j�g�dÊ¢�dËdÌt�t�d̃�dÍd����|�j�g�dŽ¢�dÎt�dÏt�dσ�t
dσ�d˜���|�j�d`dÐg�dÑdÒdÓ���|�j�d`dÐg�dÔdÕdÓ���|�j�d`dÐg�dÖt�t�j�d×���|�j�d`dØdPt�dÙƒ�dÙt�j�dN���|�j�d`dÐg�dÚt�dÛd×���|�j�d`dÜdPdÝt�d݃�dÞd;���|�j�d`dßdPt�dàƒ�dàdádN���|�j�d`dâd�t�dãƒ�dãdädN���|�j�d`dådPt�dæƒ�dædçdN���|� �dèdé¡���|� �dêdé¡���|� �dëdé¡���|� �dìdé¡���t� �|�j�¡���t�|�ƒ���t�|�ƒ���t�|�|�ƒ���|�a�|� �¡�S�)ía����Returns parsed command line arguments.
:param .PluginsRegistry plugins: available plugins
:param list args: command line arguments with the program name removed
:returns: parsed command line arguments
:rtype: configuration.NamespaceConfig
Nz�-vz --verboseZ
verbose_countÚ�countzbThis flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv.)�Ú�destÚ�actionÚ�defaultÚ�helpz�--verbose-levelZ
verbose_level)�r/���r1���r2���z�-tz�--textZ text_modeÚ
store_truez�--max-log-backupsZ�max_log_backupszÑSpecifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file.)�Ú�typer1���r2���z�--preconfigured-renewalZ�preconfigured_renewal)�NÚ
automationÚ�runÚ�certonlyÚ�enhancez�-nz�--non-interactivez�--noninteractiveZ�noninteractive_modez¦Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing)�NÚ�registerr6���r7���r8���Z�force_interactivezˆForce Certbot to be interactive even if it detects it's not being run in a terminal. This flag cannot be used with the renew subcommand.)�r0���r1���r2���)�Nr6���r7���Ú�certificatesr8���z�-dz --domainsz�--domainZ�domainsZ�DOMAINaÌ���Domain names to include. For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. All domains will be included as Subject Alternative Names on the certificate. The first domain will be used as the certificate name, unless otherwise specified or if you already have a certificate with the same name. In the case of a name conflict, a number like -0001 will be appended to the certificate name. (default: Ask))�r/���Ú�metavarr0���r1���r2���)�Nr6���r7���r9���z --eab-kidZ�eab_kidZ�EAB_KIDz+Key Identifier for External Account Binding)�r/���r;���r2���z�--eab-hmac-keyZ�eab_hmac_keyZ�EAB_HMAC_KEYz%HMAC key for External Account Binding) Nr6���r7���Z�manageÚ�deleter:���Ú�renewr8���Ú�reconfigurez�--cert-nameZ�certnameZ�CERTNAMEaã���Certificate name to apply. This name is used by Certbot for housekeeping and in file paths; it doesn't affect the content of the certificate itself. Certificate name cannot contain filepath separators (i.e. '/' or '\', depending on the platform). To see certificate names, run 'certbot certificates'. When creating a new certificate, specifies the new certificate's name. (default: the first provided domain or the name of an existing certificate on your system for the same domains))�r/���r;���r1���r2���)�NÚ�testingr=���r7���z --dry-runÚ�dry_runaÉ���Perform a test run against the Let's Encrypt staging server, obtaining test (invalid) certificates but not saving them to disk. This can only be used with the 'certonly' and 'renew' subcommands. It may trigger webserver reloads to temporarily modify & roll back configuration files. --pre-hook and --post-hook commands run by default. --deploy-hook commands do not run, unless enabled by --run-deploy-hooks. The test server may be overridden with --server.)�r0���r/���r1���r2���)�r?���r=���r7���r>���z�--run-deploy-hooksZ�run_deploy_hooksa����When performing a test run using `--dry-run` or `reconfigure`, run any applicable deploy hooks. This includes hooks set on the command line, saved in the certificate's renewal configuration file, or present in the renewal-hooks directory. To exclude directory hooks, use --no-directory-hooks. The hook(s) will only be run if the dry run succeeds, and will use the current active certificate, not the temporary test certificate acquired during the dry run. This flag is recommended when modifying the deploy hook using `reconfigure`.r9���r5���z!--register-unsafely-without-emailZ�register_unsafely_without_emaila"���Specifying this flag enables registering an account with no email address. This is strongly discouraged, because you will be unable to receive notice about impending expiration or revocation of your certificates or problems with your Certbot installation that will lead to failure to renew.)�r9���Ú�update_accountÚ
unregisterr5���z�-mz�--emailZ�email)�r1���r2���)�r9���rA���r5���z�--eff-emailZ eff_emailz"Share your e-mail address with EFF)�r0���r1���r/���r2���z�--no-eff-emailÚ�store_falsez(Don't share your e-mail address with EFF)�r5���r7���r6���z�--keep-until-expiringz�--keepz�--reinstallZ reinstallzÏIf the requested certificate matches an existing certificate, always keep the existing one until it is due for renewal (for the 'run' subcommand this means reinstall the existing certificate). (default: Ask)z�--expandÚ�expandzŒIf an existing certificate is a strict subset of the requested names, always expand and replace it with the additional names. (default: Ask)z --versionÚ�versionz�%(prog)s {0}z&show program's version number and exit)�r0���rE���r2���r=���z�--force-renewalz�--renew-by-defaultZ�renew_by_defaultz»If a certificate already exists for the requested domains, renew it now, regardless of whether it is near expiry. (Often --keep-until-expiring is more appropriate). Also implies --expand.z�--renew-with-new-domainsZ�renew_with_new_domainsz£If a certificate already exists for the requested certificate name but does not match the requested domains, renew it now, regardless of whether it is near expiry.z�--reuse-keyZ reuse_keyzDWhen renewing, use the same private key as the existing certificate.z�--no-reuse-keyzÑWhen renewing, do not use the same private key as the existing certificate. Not reusing private keys is the default behavior of Certbot. This option may be used to unset --reuse-key on an existing certificate.z --new-keyZ�new_keyzóWhen renewing or replacing a certificate, generate a new private key, even if --reuse-key is set on the existing certificate. Combining --new-key and --reuse-key will result in the private key being replaced and then reused in future renewals.)�r5���r=���r7���z�--allow-subset-of-namesZ�allow_subset_of_namesa8���When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system. This option cannot be used with --csr.z�--agree-tosZ�tosz5Agree to the ACME Subscriber Agreement (default: Ask)rB���z --accountZ
ACCOUNT_IDZ�accountz�Account ID to use)�r;���r1���r2���z�--duplicateZ duplicatezdAllow making a certificate lineage that duplicates an existing one (both can be renewed in parallel))�r5���r=���r7���r6���z�-qz�--quietÚ�quietz\Silence all output except errors. Useful for automation via cron. Implies --non-interactive.)�r?���Z�revoker6���z�--test-certz --stagingZ�stagingzmUse the Let's Encrypt staging server to obtain or revoke test (invalid) certificates; equivalent to --server r?���z�--debugÚ�debugz!Show tracebacks in case of errors)�Nr7���r6���z�--debug-challengesZ�debug_challengeszÀAfter setting up challenges, wait for user input before submitting to CA. When used in combination with the `-v` option, the challenge URLs or FQDNs and their expected return values are shown.z�--no-verify-sslZ
no_verify_ssl)�r0���r2���r1���)�r?���Ú
standalone�manualz�--http-01-portZ�http01_port)�r4���r/���r1���r2���rH���z�--http-01-addressZ�http01_addressZ�nginxz�--https-portZ
https_portz�--break-my-certsZ�break_my_certsz]Be willing to replace or renew valid certificates with invalid (testing/staging) certificatesZ�securityz�--rsa-key-size�NZ�rsa_key_size)�r4���r;���r1���r2���z
--key-typeZ�rsaZ�ecdsaZ�key_type)��choicesr4���r1���r2���z�--elliptic-curve)�Z secp256r1Z secp384r1Z secp521r1Z�elliptic_curve)�r4���rK���r;���r1���r2���z
--must-stapleZ�must_stapler8���z
--redirectZ�redirectz™Automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. (default: redirect enabled for install and run, disabled for enhance)z
--no-redirectz Do not automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. (default: redirect enabled for install and run, disabled for enhance)z�--hstsZ�hstsz‘Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use SSL for the domain. Defends against SSL Stripping.z --no-hstsz�--uirZ�uirz›Add the "Content-Security-Policy: upgrade-insecure-requests" header to every HTTP response. Forcing the browser to use https:// for every http:// resource.z�--no-uirz
--staple-ocspZ�staplezmEnables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.z�--no-staple-ocspz�--strict-permissionsZ�strict_permissionsz}Require that all configuration files are owned by the current user; only needed if your config is somewhere unsafe like /tmp/)�Nr7���r=���r6���z�--preferred-chainZ�preferred_chain)�rI���rH���r7���r=���z�--preferred-challengesZ�pref_challsa‹���A sorted, comma delimited list of the preferred challenge to use during authorization with the most preferred challenge listed first (Eg, "dns" or "http,dns"). Not all plugins support all challenges. See https://certbot.eff.org/docs/using.html#plugins for details. ACME Challenges are versioned, but if you pick "http" rather than "http-01", Certbot will select the latest version automatically.z�--issuance-timeoutZ�issuance_timeoutr>���z
--pre-hooku����Command to be run in a shell before obtaining any certificates. Unless --disable-hook-validation is used, the command’s first word must be the absolute pathname of an executable or one found via the PATH environment variable. Intended primarily for renewal, where it can be used to temporarily shut down a webserver that might conflict with the standalone plugin. This will only be called if a certificate is actually to be obtained/renewed. When renewing several certificates that have identical pre-hooks, only the first will be executed.)�r2���z�--post-hooku��Command to be run in a shell after attempting to obtain/renew certificates. Unless --disable-hook-validation is used, the command’s first word must be the absolute pathname of an executable or one found via the PATH environment variable. Can be used to deploy renewed certificates, or to restart any servers that were stopped by --pre-hook. This is only run if an attempt was made to obtain/renew a certificate. If multiple renewed certificates have identical post-hooks, only one will be run.z�--renew-hook)�r0���r2���z�--no-random-sleep-on-renewZ�random_sleep_on_renewz
--deploy-hookuA���Command to be run in a shell once for each successfully issued certificate. Unless --disable-hook-validation is used, the command’s first word must be the absolute pathname of an executable or one found via the PATH environment variable. For this command, the shell variable $RENEWED_LINEAGE will point to the config live subdirectory (for example, "/etc/letsencrypt/live/example.com") containing the new certificates and keys; the shell variable $RENEWED_DOMAINS will contain a space-delimited list of renewed certificate domains (for example, "example.com www.example.com")z�--disable-hook-validationZ�validate_hooksa„���Ordinarily the commands specified for --pre-hook/--post-hook/--deploy-hook will be checked for validity, to see if the programs being run are in the $PATH, so that mistakes can be caught early, even when the hooks aren't being run just yet. The validation is rather simplistic and fails if you use more advanced shell constructs, so you can use this switch to disable it. (default: False)z�--no-directory-hooksZ�directory_hooksz`Disable running executables found in Certbot's hook directories during renewal. (default: False)z�--disable-renew-updatesZ�disable_renew_updatesa����Disable automatic updates to your server configuration that would otherwise be done by the selected installer plugin, and triggered when the user executes "certbot renew", regardless of if the certificate is renewed. This setting does not apply to important TLS configuration updates.z�--no-autorenewZ autorenewz6Disable auto renewal of certificates. (default: False)z�--os-packages-onlyr����z�--no-self-upgradez�--no-bootstrapz�--no-permissions-check)�r"���r!���Ú�addr����Ú�argparseÚ�SUPPRESSr����r����Z�FORCE_INTERACTIVE_FLAGr����r����Ú�formatÚ�certbotÚ�__version__Z�STAGING_URIÚ�intÚ�strr����r����r����Z�add_deprecated_argumentr)���Z�populate_clir%���r#���r$���r*���Ú
parse_args)�r+���r,���Z�helpful©�rU���úB/usr/lib/python3.9/site-packages/certbot/_internal/cli/__init__.pyÚ�prepare_and_parse_args:���s’�����
�����
��þ������
þ����
�
þ���������ý���������ý�������������û�����������ü�������������û�����������ü�����������ü�����������ü�����������ü�����������ü����
����ý����
����ý�������þ����
��þ��������
��ü�������þ������
��ý�����������ü� �������ý���������ý���������ý������
��ý�����������ü� �������ý����
����ý���������ý�����������ü����
����ÿ�þ�������þ����
����ý���������ý����
����ý���������ý����
����ý���������ý�������þ�������þ���������ú���������ý�����������ü���������ý���������ý������
þ���������ý�������þ���������ý������
þ���������ý���������ý�����������ü����
������ü�������þ�������þ�����ÿ���������ý����
��þ�����������ü���������ý���������ý���������ý����������������
���rW���)�Ú�variabler-���c��������������������C���s6���t�d�u�r2t�j�D�]"}�|�j�d�u�r�|�j�|�k�r�|�j�����S�q�t�S�)�zFReturn our argparse type function for a config variable (default: str)N)�r*���Ú�actionsr4���r/���rS���)�rX���r0���rU���rU���rV���Ú
argparse_type��s
�������
�����rZ���)J�__doc__rM���Z�loggingZ�logging.handlers�sys�typingr����r����r����r����rP���Z�certbot.configurationr����Z�certbot._internalr����Z#certbot._internal.cli.cli_constantsr����r ���r
���r����r����r
���r����r����r����Z�certbot._internal.cli.cli_utilsr����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r ���Z!certbot._internal.cli.group_adderr!���Z�certbot._internal.cli.helpfulr"���Z"certbot._internal.cli.paths_parserr#���Z%certbot._internal.cli.plugins_parsingr$���Z certbot._internal.cli.subparsersr%���Z�certbot._internal.cli.verb_helpr&���r'���Z�certbot._internal.pluginsr(���Z
plugins_discoZ#certbot._internal.plugins.selectionZ _internalr+���Z selectionZ�plugin_selectionZ�certbot.pluginsr)���Z getLogger�__name__�loggerr*����__annotations__Z�PluginsRegistryrS���rW���rZ���rU���rU���rU���rV��������sn�������������������������������������������������������������������������������������������������
���
��ÿ����)