"certbot.storage"
*****************

Renewable certificates storage.

certbot.storage.renewal_conf_files(config)

   Build a list of all renewal configuration files.

   Parameters:
      **config** (*certbot.interfaces.IConfig*) – Configuration object

   Returns:
      list of renewal configuration files

   Return type:
      "list" of "str"

certbot.storage.renewal_file_for_certname(config, certname)

   Return /path/to/certname.conf in the renewal conf directory

certbot.storage.cert_path_for_cert_name(config, cert_name)

   If "--cert-name" was specified, but you need a value for "--cert-
   path".

   Parameters:
      * **config** (*configuration.NamespaceConfig*) – parsed
        command line arguments

      * **cert_name** (*str*) – cert name.

certbot.storage.config_with_defaults(config=None)

   Merge supplied config, if provided, on top of builtin defaults.

certbot.storage.add_time_interval(base_time, interval, textparser=<parsedatetime.Calendar object>)

   Parse the time specified time interval, and add it to the base_time

   The interval can be in the English-language format understood by
   parsedatetime, e.g., ‘10 days’, ‘3 weeks’, ‘6 months’, ‘9 hours’,
   or a sequence of such intervals like ‘6 months 1 week’ or ‘3 days
   12 hours’. If an integer is found with no associated unit, it is
   interpreted by default as a number of days.

   Parameters:
      * **base_time** (*datetime.datetime*) – The time to be added
        with the interval.

      * **interval** (*str*) – The time interval to parse.

   Returns:
      The base_time plus the interpretation of the time interval.

   Return type:
      "datetime.datetime"

certbot.storage.write_renewal_config(o_filename, n_filename, archive_dir, target, relevant_data)

   Writes a renewal config file with the specified name and values.

   Parameters:
      * **o_filename** (*str*) – Absolute path to the previous
        version of config file

      * **n_filename** (*str*) – Absolute path to the new
        destination of config file

      * **archive_dir** (*str*) – Absolute path to the archive
        directory

      * **target** (*dict*) – Maps ALL_FOUR to their symlink paths

      * **relevant_data** (*dict*) – Renewal configuration options
        to save

   Returns:
      Configuration object for the new config file

   Return type:
      configobj.ConfigObj

certbot.storage.rename_renewal_config(prev_name, new_name, cli_config)

   Renames cli_config.certname’s config to cli_config.new_certname.

   Parameters:
      **cli_config** (*NamespaceConfig*) – parsed command line
      arguments

certbot.storage.update_configuration(lineagename, archive_dir, target, cli_config)

   Modifies lineagename’s config to contain the specified values.

   Parameters:
      * **lineagename** (*str*) – Name of the lineage being modified

      * **archive_dir** (*str*) – Absolute path to the archive
        directory

      * **target** (*dict*) – Maps ALL_FOUR to their symlink paths

      * **cli_config** (*NamespaceConfig*) – parsed command line
        arguments

   Returns:
      Configuration object for the updated config file

   Return type:
      configobj.ConfigObj

certbot.storage.get_link_target(link)

   Get an absolute path to the target of link.

   Parameters:
      **link** (*str*) – Path to a symbolic link

   Returns:
      Absolute path to the target of link

   Return type:
      str

   Raises:
      **CertStorageError** – If link does not exists.

certbot.storage._relevant(option)

   Is this option one that could be restored for future renewal
   purposes? :param str option: the name of the option

   Return type:
      bool

certbot.storage.relevant_values(all_values)

   Return a new dict containing only items relevant for renewal.

   Parameters:
      **all_values** (*dict*) – The original values.

   Returns:
      A new dictionary containing items that can be used in renewal.

   Rtype dict:
certbot.storage.lineagename_for_filename(config_filename)

   Returns the lineagename for a configuration filename.

certbot.storage.renewal_filename_for_lineagename(config, lineagename)

   Returns the lineagename for a configuration filename.

certbot.storage._relpath_from_file(archive_dir, from_file)

   Path to a directory from a file

certbot.storage.full_archive_path(config_obj, cli_config, lineagename)

   Returns the full archive path for a lineagename

   Uses cli_config to determine archive path if not available from
   config_obj.

   Parameters:
      * **config_obj** (*configobj.ConfigObj*) – Renewal conf file
        contents (can be None)

      * **cli_config** (*configuration.NamespaceConfig*) – Main
        config file

      * **lineagename** (*str*) – Certificate name

certbot.storage._full_live_path(cli_config, lineagename)

   Returns the full default live path for a lineagename

certbot.storage.delete_files(config, certname)

   Delete all files related to the certificate.

   If some files are not found, ignore them and continue.

class certbot.storage.RenewableCert(config_filename, cli_config, update_symlinks=False)

   Bases: "object"

   Renewable certificate.

   Represents a lineage of certificates that is under the management
   of Certbot, indicated by the existence of an associated renewal
   configuration file.

   Note that the notion of “current version” for a lineage is
   maintained on disk in the structure of symbolic links, and is not
   explicitly stored in any instance variable in this object. The
   RenewableCert object is able to determine information about the
   current (or other) version by accessing data on disk, but does not
   inherently know any of this information except by examining the
   symbolic links as needed. The instance variables mentioned below
   point to symlinks that reflect the notion of “current version” of
   each managed object, and it is these paths that should be used when
   configuring servers to use the certificate managed in a lineage.
   These paths are normally within the “live” directory, and their
   symlink targets – the actual cert files – are normally found within
   the “archive” directory.

   Variables:
      * **cert** (*str*) – The path to the symlink representing the
        current version of the certificate managed by this lineage.

      * **privkey** (*str*) – The path to the symlink representing
        the current version of the private key managed by this
        lineage.

      * **chain** (*str*) – The path to the symlink representing the
        current version of the chain managed by this lineage.

      * **fullchain** (*str*) – The path to the symlink representing
        the current version of the fullchain (combined chain and cert)
        managed by this lineage.

      * **configuration** (*configobj.ConfigObj*) – The renewal
        configuration options associated with this lineage, obtained
        from parsing the renewal configuration file and/or systemwide
        defaults.

   key_path

      Duck type for self.privkey

   cert_path

      Duck type for self.cert

   chain_path

      Duck type for self.chain

   fullchain_path

      Duck type for self.fullchain

   target_expiry

      The current target certificate’s expiration datetime

      Returns:
         Expiration datetime of the current target certificate

      Return type:
         "datetime.datetime"

   archive_dir

      Returns the default or specified archive directory

   relative_archive_dir(from_file)

      Returns the default or specified archive directory as a relative
      path

      Used for creating symbolic links.

   is_test_cert

      Returns true if this is a test cert from a staging server.

   _check_symlinks()

      Raises an exception if a symlink doesn’t exist

   _update_symlinks()

      Updates symlinks to use archive_dir

   _consistent()

      Are the files associated with this lineage self-consistent?

      Returns:
         Whether the files stored in connection with this lineage
         appear to be correct and consistent with one another.

      Return type:
         bool

   _fix()

      Attempt to fix defects or inconsistencies in this lineage.

      Todo: Currently unimplemented.

   _previous_symlinks()

      Returns the kind and path of all symlinks used in recovery.

      Returns:
         list of (kind, symlink) tuples

      Return type:
         list

   _fix_symlinks()

      Fixes symlinks in the event of an incomplete version update.

      If there is no problem with the current symlinks, this function
      has no effect.

   current_target(kind)

      Returns full path to which the specified item currently points.

      Parameters:
         **kind** (*str*) – the lineage member item (“cert”,
         “privkey”, “chain”, or “fullchain”)

      Returns:
         The path to the current version of the specified member.

      Return type:
         str or None

   current_version(kind)

      Returns numerical version of the specified item.

      For example, if kind is “chain” and the current chain link
      points to a file named “chain7.pem”, returns the integer 7.

      Parameters:
         **kind** (*str*) – the lineage member item (“cert”,
         “privkey”, “chain”, or “fullchain”)

      Returns:
         the current version of the specified member.

      Return type:
         int

   version(kind, version)

      The filename that corresponds to the specified version and kind.

      Warning: The specified version may not exist in this lineage.
        There is no guarantee that the file path returned by this
        method actually exists.

      Parameters:
         * **kind** (*str*) – the lineage member item (“cert”,
           “privkey”, “chain”, or “fullchain”)

         * **version** (*int*) – the desired version

      Returns:
         The path to the specified version of the specified member.

      Return type:
         str

   available_versions(kind)

      Which alternative versions of the specified kind of item exist?

      The archive directory where the current version is stored is
      consulted to obtain the list of alternatives.

      Parameters:
         **kind** (*str*) – the lineage member item ( "cert",
         "privkey", "chain", or "fullchain")

      Returns:
         all of the version numbers that currently exist

      Return type:
         "list" of "int"

   newest_available_version(kind)

      Newest available version of the specified kind of item?

      Parameters:
         **kind** (*str*) – the lineage member item ("cert",
         "privkey", "chain", or "fullchain")

      Returns:
         the newest available version of this member

      Return type:
         int

   latest_common_version()

      Newest version for which all items are available?

      Returns:
         the newest available version for which all members ("cert,
         ``privkey", "chain", and "fullchain") exist

      Return type:
         int

   next_free_version()

      Smallest version newer than all full or partial versions?

      Returns:
         the smallest version number that is larger than any version
         of any item currently stored in this lineage

      Return type:
         int

   ensure_deployed()

      Make sure we’ve deployed the latest version.

      Returns:
         False if a change was needed, True otherwise

      Return type:
         bool

      May need to recover from rare interrupted / crashed states.

   has_pending_deployment()

      Is there a later version of all of the managed items?

      Returns:
         "True" if there is a complete version of this lineage with a
         larger version number than the current version, and "False"
         otherwise

      Return type:
         bool

   _update_link_to(kind, version)

      Make the specified item point at the specified version.

      (Note that this method doesn’t verify that the specified version
      exists.)

      Parameters:
         * **kind** (*str*) – the lineage member item (“cert”,
           “privkey”, “chain”, or “fullchain”)

         * **version** (*int*) – the desired version

   update_all_links_to(version)

      Change all member objects to point to the specified version.

      Parameters:
         **version** (*int*) – the desired version

   names(version=None)

      What are the subject names of this certificate?

      (If no version is specified, use the current version.)

      Parameters:
         **version** (*int*) – the desired version number

      Returns:
         the subject names

      Return type:
         "list" of "str"

      Raises:
         **CertStorageError** – if could not find cert file.

   autodeployment_is_enabled()

      Is automatic deployment enabled for this cert?

      If autodeploy is not specified, defaults to True.

      Returns:
         True if automatic deployment is enabled

      Return type:
         bool

   should_autodeploy(interactive=False)

      Should this lineage now automatically deploy a newer version?

      This is a policy question and does not only depend on whether
      there is a newer version of the cert. (This considers whether
      autodeployment is enabled, whether a relevant newer version
      exists, and whether the time interval for autodeployment has
      been reached.)

      Parameters:
         **interactive** (*bool*) – set to True to examine the
         question regardless of whether the renewal configuration
         allows automated deployment (for interactive use). Default
         False.

      Returns:
         whether the lineage now ought to autodeploy an existing newer
         cert version

      Return type:
         bool

   ocsp_revoked(version=None)

      Is the specified cert version revoked according to OCSP?

      Also returns True if the cert version is declared as intended to
      be revoked according to Let’s Encrypt OCSP extensions. (If no
      version is specified, uses the current version.)

      This method is not yet implemented and currently always returns
      False.

      Parameters:
         **version** (*int*) – the desired version number

      Returns:
         whether the certificate is or will be revoked

      Return type:
         bool

   autorenewal_is_enabled()

      Is automatic renewal enabled for this cert?

      If autorenew is not specified, defaults to True.

      Returns:
         True if automatic renewal is enabled

      Return type:
         bool

   should_autorenew()

      Should we now try to autorenew the most recent cert version?

      This is a policy question and does not only depend on whether
      the cert is expired. (This considers whether autorenewal is
      enabled, whether the cert is revoked, and whether the time
      interval for autorenewal has been reached.)

      Note that this examines the numerically most recent cert
      version, not the currently deployed version.

      Returns:
         whether an attempt should now be made to autorenew the most
         current cert version in this lineage

      Return type:
         bool

   classmethod new_lineage(lineagename, cert, privkey, chain, cli_config)

      Create a new certificate lineage.

      Attempts to create a certificate lineage – enrolled for
      potential future renewal – with the (suggested) lineage name
      lineagename, and the associated cert, privkey, and chain (the
      associated fullchain will be created automatically). Optional
      configurator and renewalparams record the configuration that was
      originally used to obtain this cert, so that it can be reused
      later during automated renewal.

      Returns a new RenewableCert object referring to the created
      lineage. (The actual lineage name, as well as all the relevant
      file paths, will be available within this object.)

      Parameters:
         * **lineagename** (*str*) – the suggested name for this
           lineage (normally the current cert’s first subject DNS
           name)

         * **cert** (*str*) – the initial certificate version in PEM
           format

         * **privkey** (*str*) – the private key in PEM format

         * **chain** (*str*) – the certificate chain in PEM format

         * **cli_config** (*NamespaceConfig*) – parsed command line
           arguments

      Returns:
         the newly-created RenewalCert object

      Return type:
         "storage.renewableCert"

   save_successor(prior_version, new_cert, new_privkey, new_chain, cli_config)

      Save new cert and chain as a successor of a prior version.

      Returns the new version number that was created.

      Note: this function does NOT update links to deploy this
        version

      Parameters:
         * **prior_version** (*int*) – the old version to which this
           version is regarded as a successor (used to choose a
           privkey, if the key has not changed, but otherwise this
           information is not permanently recorded anywhere)

         * **new_cert** (*bytes*) – the new certificate, in PEM
           format

         * **new_privkey** (*bytes*) – the new private key, in PEM
           format, or "None", if the private key has not changed

         * **new_chain** (*bytes*) – the new chain, in PEM format

         * **cli_config** (*NamespaceConfig*) – parsed command line
           arguments

      Returns:
         the new version number that was created

      Return type:
         int
