Certbot中文文檔certbot.plugins.enhancements module
New interface style Certbot enhancements
certbot.plugins.enhancements.``ENHANCEMENTS= [‘redirect’, ‘ensure-http-header’, ‘ocsp-stapling’]
List of possiblecertbot.interfaces.IInstallerenhancements.
List of expected options parameters: - redirect: None - ensure-http-header: name of header (i.e. Strict-Transport-Security) - ocsp-stapling: certificate chain file path
certbot.plugins.enhancements.``enabled_enhancements(config)[source]
Generator to yield the enabled new style enhancements.
Parameters: config (certbot.interfaces.IConfig) – Configuration.
certbot.plugins.enhancements.``are_requested(config)[source]
Checks if one or more of the requested enhancements are those of the new enhancement interfaces.
Parameters: config (certbot.interfaces.IConfig) – Configuration.
certbot.plugins.enhancements.``are_supported(config, installer)[source]
Checks that all of the requested enhancements are supported by the installer.
Parameters:
- config (
certbot.interfaces.IConfig) – Configuration.- installer (interfaces.IInstaller) – Installer object
Returns: If all the requested enhancements are supported by the installer
Return type: bool
certbot.plugins.enhancements.enable(lineage, domains, installer, config)[source]
Parameters:
- lineage (certbot.interfaces.RenewableCert) – Certificate lineage object
- domains (str) – List of domains in certificate to enhance
- installer (interfaces.IInstaller) – Installer object
- config (
certbot.interfaces.IConfig) – Configuration.
certbot.plugins.enhancements.populate_cli(add)[source]
Populates the command line flags for certbot._internal.cli.HelpfulParser
Parameters: add (func) – Add function of certbot._internal.cli.HelpfulParser
classcertbot.plugins.enhancements.AutoHSTSEnhancement[source]
Bases:object
Enhancement interface that installer plugins can implement in order to provide functionality that configures the software to have a ‘Strict-Transport-Security’ with initially low max-age value that will increase over time.
The plugins implementing new style enhancements are responsible of handling the saving of configuration checkpoints as well as calling possible restarts of managed software themselves. For update_autohsts method, the installer may have to call prepare() to finalize the plugin initialization.
Methods:
enable_autohsts is called when the header is initially installed using a low max-age value.
update_autohsts is called every time when Certbot is run using ‘renew’ verb. The max-age value should be increased over time using this method.
deploy_autohsts is called for every lineage that has had its certificate renewed. A long HSTS max-age value should be set here, as we should be confident that the user is able to automatically renew their certificates.update_autohsts(lineage, args, kwargs)[source]
Gets called for each lineage every time Certbot is run with ‘renew’ verb. Implementation of this method should increase the max-age value.
Parameters:
lineage –(certbot.interfaces.RenewableCert) -Certificate lineage object
deploy_autohsts(lineage, args, *kwargs)[source]
Gets called for a lineage when its certificate is successfully renewed. Long max-age value should be set in implementation of this method.
Parameters: lineage (certbot.interfaces.RenewableCert) – Certificate lineage object
enable_autohsts(lineage, domains, args, *kwargs)[source]
Enables the AutoHSTS enhancement, installing Strict-Transport-Security header with a low initial value to be increased over the subsequent runs of Certbot renew.
Parameters:
- lineage (certbot.interfaces.RenewableCert) – Certificate lineage object
- domains (
listofstr) – List of domains in certificate to enhance
