Release 0.18.1

Fix permissions error when upgrading certbot-auto. (#5086 ) (#5089 )
Now we always check if we have root access if --cb-auto-has-root is not given on the command line. This allows certbot-auto to properly acquire root when upgrading from an older version. People upgrading from 0.18.0 to 0.18.1 may check for root access twice, however, if root's user ID is 0, this check is essentially a noop. If root's user ID is not 0, we'll request root access a 2nd time during this upgrade. (cherry picked from commit 82d0ff1df2)
2017-09-08 11:39:48 -07:00 · 2017-09-07 19:40:42 -07:00 · 2017-09-07 05:56:52 -07:00
24 changed files with 125 additions and 96 deletions
--- a/acme/setup.py
+++ b/acme/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-apache/setup.py
+++ b/certbot-apache/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/42
+++ b/42
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.1"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {

 if [ "$1" = "--cb-auto-has-root" ]; then
  shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
  SetRootAuthMechanism
  if [ -n "$SUDO" ]; then
    echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
  fi
 fi

+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
  # Arguments: Platform name
  say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
      # if non-interactive mode or stdin and stdout are connected to a terminal
      if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
        rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
      else
        error "Skipping upgrade because new OS dependencies may need to be installed."
        error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.1 \
+    --hash=sha256:46e5f0b225ceef0afe81f7f2442c0dd23485f96b5e16cbd78c9e692dc551203e \
+    --hash=sha256:ae0aaf0cc1af53713232a222fb20891475ec9ff9d128a277c4e0f92ea7c36b4c
+acme==0.18.1 \
+    --hash=sha256:a1c3d8dddb573b69573294ccc089f9a12fd91ebdfe72d9bfcacc260df28c50cf \
+    --hash=sha256:1e4c6c0a3fb9906f0d1389a39c76d730e2691d7f168a219e464237381ddcc667
+certbot-apache==0.18.1 \
+    --hash=sha256:2eb78c6b22bc6028e4d7f169e1cbdca1ddedf3aa60e69f5f38952654b7a2a94d \
+    --hash=sha256:2a25b2909167ae5c583b034957e59e9923017cf52c6fa4b310cfca2a3a005fb4
+certbot-nginx==0.18.1 \
+    --hash=sha256:19be0c3800cacf97d4ca8a20c7a65585fb24af3a2c9164484b12c4da634b6833 \
+    --hash=sha256:bda89d4ebcfc9dc7ee41fe23ea2fc19e6c773a4a2873737d4b19210c752f5aca

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
    fi  # A newer version is available.
  fi  # Self-upgrading is allowed.

-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi
--- a/certbot-compatibility-test/setup.py
+++ b/certbot-compatibility-test/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 install_requires = [
    'certbot',
--- a/certbot-dns-cloudflare/setup.py
+++ b/certbot-dns-cloudflare/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-cloudxns/setup.py
+++ b/certbot-dns-cloudxns/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-digitalocean/setup.py
+++ b/certbot-dns-digitalocean/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-dnsimple/setup.py
+++ b/certbot-dns-dnsimple/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-dnsmadeeasy/setup.py
+++ b/certbot-dns-dnsmadeeasy/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-google/setup.py
+++ b/certbot-dns-google/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-luadns/setup.py
+++ b/certbot-dns-luadns/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-nsone/setup.py
+++ b/certbot-dns-nsone/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-rfc2136/setup.py
+++ b/certbot-dns-rfc2136/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot-dns-route53/setup.py
+++ b/certbot-dns-route53/setup.py
@@ -3,7 +3,7 @@ import sys
 from distutils.core import setup
 from setuptools import find_packages

-version = '0.18.0'
+version = '0.18.1'

 install_requires = [
    'acme=={0}'.format(version),
--- a/certbot-nginx/setup.py
+++ b/certbot-nginx/setup.py
@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages


-version = '0.18.0'
+version = '0.18.1'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
--- a/certbot/init.py
+++ b/certbot/init.py
@@ -1,4 +1,4 @@
 """Certbot client."""

 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '0.18.0'
+__version__ = '0.18.1'
--- a/certbot/cli.py
+++ b/certbot/cli.py
@@ -49,8 +49,13 @@ if "CERTBOT_AUTO" in os.environ:
    # user saved the script under a different name
    LEAUTO = os.path.basename(os.environ["CERTBOT_AUTO"])

-fragment = os.path.join(".local", "share", "letsencrypt")
-cli_command = LEAUTO if fragment in sys.argv[0] else "certbot"
+old_path_fragment = os.path.join(".local", "share", "letsencrypt")
+new_path_prefix = os.path.abspath(os.path.join(os.sep, "opt",
+                                               "eff.org", "certbot", "venv"))
+if old_path_fragment in sys.argv[0] or sys.argv[0].startswith(new_path_prefix):
+    cli_command = LEAUTO
+else:
+    cli_command = "certbot"

 # Argparse's help formatting has a lot of unhelpful peculiarities, so we want
 # to replace as much of it as we can...
--- a/docs/cli-help.txt
+++ b/docs/cli-help.txt
@@ -102,7 +102,7 @@ optional arguments:
                        case, and to know when to deprecate support for past
                        Python versions and flags. If you wish to hide this
                        information from the Let's Encrypt server, set this to
-                        "". (default: CertbotACMEClient/0.18.0 (certbot;
+                        "". (default: CertbotACMEClient/0.18.1 (certbot;
                        Ubuntu 16.04.3 LTS) Authenticator/XXX Installer/YYY
                        (SUBCOMMAND; flags: FLAGS) Py/2.7.12). The flags
                        encoded in the user agent are: --duplicate, --force-
--- a/42
+++ b/42
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.1"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {

 if [ "$1" = "--cb-auto-has-root" ]; then
  shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
  SetRootAuthMechanism
  if [ -n "$SUDO" ]; then
    echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
  fi
 fi

+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
  # Arguments: Platform name
  say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
      # if non-interactive mode or stdin and stdout are connected to a terminal
      if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
        rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
      else
        error "Skipping upgrade because new OS dependencies may need to be installed."
        error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.1 \
+    --hash=sha256:46e5f0b225ceef0afe81f7f2442c0dd23485f96b5e16cbd78c9e692dc551203e \
+    --hash=sha256:ae0aaf0cc1af53713232a222fb20891475ec9ff9d128a277c4e0f92ea7c36b4c
+acme==0.18.1 \
+    --hash=sha256:a1c3d8dddb573b69573294ccc089f9a12fd91ebdfe72d9bfcacc260df28c50cf \
+    --hash=sha256:1e4c6c0a3fb9906f0d1389a39c76d730e2691d7f168a219e464237381ddcc667
+certbot-apache==0.18.1 \
+    --hash=sha256:2eb78c6b22bc6028e4d7f169e1cbdca1ddedf3aa60e69f5f38952654b7a2a94d \
+    --hash=sha256:2a25b2909167ae5c583b034957e59e9923017cf52c6fa4b310cfca2a3a005fb4
+certbot-nginx==0.18.1 \
+    --hash=sha256:19be0c3800cacf97d4ca8a20c7a65585fb24af3a2c9164484b12c4da634b6833 \
+    --hash=sha256:bda89d4ebcfc9dc7ee41fe23ea2fc19e6c773a4a2873737d4b19210c752f5aca

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
    fi  # A newer version is available.
  fi  # Self-upgrading is allowed.

-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi
--- a/letsencrypt-auto-source/certbot-auto.asc
+++ b/letsencrypt-auto-source/certbot-auto.asc
@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2

-iQEcBAABCAAGBQJZry3aAAoJEE0XyZXNl3Xy2foH/0ehCksUM0JQWdHNjmEexo0l
-XBvtZz59BkQpERZRd7tuwiXzFCJ9VwxlCUo4DhmdT7IYrM3/qb5HoVWPMrw70ySX
-CgKB/SKKYiHFXLT0w/sT6RJDp1y/dt1+8+BWCCztI+1yaQiAsJBK3rzVjpcQRb15
-yoQs9tNQIBBKdocZISjOTX1pYcwkA7fBGbnep9ndsM1PSuGXk3CBDF2YRfVnxnwF
-Y6R1Psjjk6vsUK9KY8uPtNtH4w3W30tRVbQmBf2qOsPrr532W/Zjvo1UERhqpM/w
-fxjgo8XyJdMvilL/U3lZEsdzq2WTbS8nXto1mB0/QgVLENICsWoE8SVSql10iYo=
-=wcEX
+iQEcBAABCAAGBQJZsuPcAAoJEE0XyZXNl3XyrCkIAI+fJyipTParZlfPd87cYWOY
+QJeg7madSmRajYCUvtOn4Cm6bwcXZClHwXtiAlS7qXfDRDlKECoKGak7aUP7pd5w
+qG+efRB53XOyVGjl0PVSqOslhKaSved4k6vTZtHl/qqruVaDxiipoX3NdzWfeYdu
+LN0j87/y7BNxRqL9UirjsASfmMlx+41eDOuCC8tmnMsHOSnMll5siPSCngv/Mn4Q
+itHJRAGL4P8oRI7qsId3Yv+HwK46tT0L8ZbaxfsGbHUFWw5pOgb+Ea8QDqCSnqfR
+uuqHfNzjvY6wwcyAV945A3LK5MizxRkP3UX1MmvT8EWPT7lXMsf22Cicm8eas+k=
+=QEPM
 -----END PGP SIGNATURE-----
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.1"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {

 if [ "$1" = "--cb-auto-has-root" ]; then
  shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
  SetRootAuthMechanism
  if [ -n "$SUDO" ]; then
    echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
  fi
 fi

+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
  # Arguments: Platform name
  say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
      # if non-interactive mode or stdin and stdout are connected to a terminal
      if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
        rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
      else
        error "Skipping upgrade because new OS dependencies may need to be installed."
        error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.1 \
+    --hash=sha256:46e5f0b225ceef0afe81f7f2442c0dd23485f96b5e16cbd78c9e692dc551203e \
+    --hash=sha256:ae0aaf0cc1af53713232a222fb20891475ec9ff9d128a277c4e0f92ea7c36b4c
+acme==0.18.1 \
+    --hash=sha256:a1c3d8dddb573b69573294ccc089f9a12fd91ebdfe72d9bfcacc260df28c50cf \
+    --hash=sha256:1e4c6c0a3fb9906f0d1389a39c76d730e2691d7f168a219e464237381ddcc667
+certbot-apache==0.18.1 \
+    --hash=sha256:2eb78c6b22bc6028e4d7f169e1cbdca1ddedf3aa60e69f5f38952654b7a2a94d \
+    --hash=sha256:2a25b2909167ae5c583b034957e59e9923017cf52c6fa4b310cfca2a3a005fb4
+certbot-nginx==0.18.1 \
+    --hash=sha256:19be0c3800cacf97d4ca8a20c7a65585fb24af3a2c9164484b12c4da634b6833 \
+    --hash=sha256:bda89d4ebcfc9dc7ee41fe23ea2fc19e6c773a4a2873737d4b19210c752f5aca

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
    fi  # A newer version is available.
  fi  # Self-upgrading is allowed.

-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi
--- a/letsencrypt-auto-source/letsencrypt-auto.sig
+++ b/letsencrypt-auto-source/letsencrypt-auto.sig
--- a/letsencrypt-auto-source/letsencrypt-auto.template
+++ b/letsencrypt-auto-source/letsencrypt-auto.template
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {

 if [ "$1" = "--cb-auto-has-root" ]; then
  shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
  SetRootAuthMechanism
  if [ -n "$SUDO" ]; then
    echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
  fi
 fi

+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
  # Arguments: Platform name
  say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -406,8 +413,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
      # if non-interactive mode or stdin and stdout are connected to a terminal
      if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
        rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
      else
        error "Skipping upgrade because new OS dependencies may need to be installed."
        error
@@ -567,5 +573,5 @@ UNLIKELY_EOF
    fi  # A newer version is available.
  fi  # Self-upgrading is allowed.

-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi
--- a/letsencrypt-auto-source/pieces/certbot-requirements.txt
+++ b/letsencrypt-auto-source/pieces/certbot-requirements.txt
@@ -1,12 +1,12 @@
-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.1 \
+    --hash=sha256:46e5f0b225ceef0afe81f7f2442c0dd23485f96b5e16cbd78c9e692dc551203e \
+    --hash=sha256:ae0aaf0cc1af53713232a222fb20891475ec9ff9d128a277c4e0f92ea7c36b4c
+acme==0.18.1 \
+    --hash=sha256:a1c3d8dddb573b69573294ccc089f9a12fd91ebdfe72d9bfcacc260df28c50cf \
+    --hash=sha256:1e4c6c0a3fb9906f0d1389a39c76d730e2691d7f168a219e464237381ddcc667
+certbot-apache==0.18.1 \
+    --hash=sha256:2eb78c6b22bc6028e4d7f169e1cbdca1ddedf3aa60e69f5f38952654b7a2a94d \
+    --hash=sha256:2a25b2909167ae5c583b034957e59e9923017cf52c6fa4b310cfca2a3a005fb4
+certbot-nginx==0.18.1 \
+    --hash=sha256:19be0c3800cacf97d4ca8a20c7a65585fb24af3a2c9164484b12c4da634b6833 \
+    --hash=sha256:bda89d4ebcfc9dc7ee41fe23ea2fc19e6c773a4a2873737d4b19210c752f5aca