Release 0.18.2

(cherry picked from commit f6be07da74)

acme/acme/crypto_util.py

@@ -2,6 +2,7 @@
 import binascii
 import contextlib
 import logging
+import os
 import re
 import socket
 import sys
@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None,
     """
     assert domains, "Must provide one or more hostnames for the cert."
     cert = OpenSSL.crypto.X509()
-    cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
+    cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16))
     cert.set_version(2)
 
     extensions = [

acme/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-apache/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-auto

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.2"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {
 
 if [ "$1" = "--cb-auto-has-root" ]; then
   shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
   SetRootAuthMechanism
   if [ -n "$SUDO" ]; then
     echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
   fi
 fi
 
+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
   # Arguments: Platform name
   say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
       # if non-interactive mode or stdin and stdout are connected to a terminal
       if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
         rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
       else
         error "Skipping upgrade because new OS dependencies may need to be installed."
         error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.2 \
+    --hash=sha256:e1d1fcd6248cdbdba92e3a769dc40567dbffc717bff86ef3431fadf31419a6b6 \
+    --hash=sha256:0122e6ee3fc1167fa91883b9f2ea1897f3d0d4612739f175827b5a3e8f259c9a
+acme==0.18.2 \
+    --hash=sha256:67e1270318a2f8ca5f309b22fc50669abfdb38c875133b20e8a1358e96591a7a \
+    --hash=sha256:718efa9b3a7e6defcc7179e214a838d43a2bcef7dbd77667a2e505504e453ef6
+certbot-apache==0.18.2 \
+    --hash=sha256:54d9a16a7ec87df0538a094a28aabf5415d92bda3e80742dfd0b3d1ed82d8760 \
+    --hash=sha256:07856f49db28593eb58ed970da2f6520b0d0d7402ac7757a5ea41fcb6a24a9ea
+certbot-nginx==0.18.2 \
+    --hash=sha256:7fac4ec1be4966ef828f2aca32a04db303a9b49453589961f2fb5867b70823c5 \
+    --hash=sha256:d35aeda6f2ce6213d84ecbbc658ca6cf13c98961c475867c70740552d05ae3e3
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
     fi  # A newer version is available.
   fi  # Self-upgrading is allowed.
 
-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi

certbot-compatibility-test/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 install_requires = [
     'certbot',

certbot-dns-cloudflare/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-cloudxns/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-digitalocean/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-dnsimple/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-dnsmadeeasy/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-google/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-luadns/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-nsone/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-rfc2136/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot-dns-route53/setup.py

@@ -3,7 +3,7 @@ import sys
 from distutils.core import setup
 from setuptools import find_packages
 
-version = '0.18.0'
+version = '0.18.2'
 
 install_requires = [
     'acme=={0}'.format(version),

certbot-nginx/setup.py

@@ -4,7 +4,7 @@ from setuptools import setup
 from setuptools import find_packages
 
 
-version = '0.18.0'
+version = '0.18.2'
 
 # Please update tox.ini when modifying dependency version requirements
 install_requires = [

certbot/__init__.py

@@ -1,4 +1,4 @@
 """Certbot client."""
 
 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '0.18.0'
+__version__ = '0.18.2'

certbot/cli.py

@@ -49,8 +49,13 @@ if "CERTBOT_AUTO" in os.environ:
     # user saved the script under a different name
     LEAUTO = os.path.basename(os.environ["CERTBOT_AUTO"])
 
-fragment = os.path.join(".local", "share", "letsencrypt")
-cli_command = LEAUTO if fragment in sys.argv[0] else "certbot"
+old_path_fragment = os.path.join(".local", "share", "letsencrypt")
+new_path_prefix = os.path.abspath(os.path.join(os.sep, "opt",
+                                               "eff.org", "certbot", "venv"))
+if old_path_fragment in sys.argv[0] or sys.argv[0].startswith(new_path_prefix):
+    cli_command = LEAUTO
+else:
+    cli_command = "certbot"
 
 # Argparse's help formatting has a lot of unhelpful peculiarities, so we want
 # to replace as much of it as we can...

docs/cli-help.txt

@@ -102,7 +102,7 @@ optional arguments:
                         case, and to know when to deprecate support for past
                         Python versions and flags. If you wish to hide this
                         information from the Let's Encrypt server, set this to
-                        "". (default: CertbotACMEClient/0.18.0 (certbot;
+                        "". (default: CertbotACMEClient/0.18.2 (certbot;
                         Ubuntu 16.04.3 LTS) Authenticator/XXX Installer/YYY
                         (SUBCOMMAND; flags: FLAGS) Py/2.7.12). The flags
                         encoded in the user agent are: --duplicate, --force-

letsencrypt-auto

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.2"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {
 
 if [ "$1" = "--cb-auto-has-root" ]; then
   shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
   SetRootAuthMechanism
   if [ -n "$SUDO" ]; then
     echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
   fi
 fi
 
+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
   # Arguments: Platform name
   say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
       # if non-interactive mode or stdin and stdout are connected to a terminal
       if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
         rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
       else
         error "Skipping upgrade because new OS dependencies may need to be installed."
         error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.2 \
+    --hash=sha256:e1d1fcd6248cdbdba92e3a769dc40567dbffc717bff86ef3431fadf31419a6b6 \
+    --hash=sha256:0122e6ee3fc1167fa91883b9f2ea1897f3d0d4612739f175827b5a3e8f259c9a
+acme==0.18.2 \
+    --hash=sha256:67e1270318a2f8ca5f309b22fc50669abfdb38c875133b20e8a1358e96591a7a \
+    --hash=sha256:718efa9b3a7e6defcc7179e214a838d43a2bcef7dbd77667a2e505504e453ef6
+certbot-apache==0.18.2 \
+    --hash=sha256:54d9a16a7ec87df0538a094a28aabf5415d92bda3e80742dfd0b3d1ed82d8760 \
+    --hash=sha256:07856f49db28593eb58ed970da2f6520b0d0d7402ac7757a5ea41fcb6a24a9ea
+certbot-nginx==0.18.2 \
+    --hash=sha256:7fac4ec1be4966ef828f2aca32a04db303a9b49453589961f2fb5867b70823c5 \
+    --hash=sha256:d35aeda6f2ce6213d84ecbbc658ca6cf13c98961c475867c70740552d05ae3e3
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
     fi  # A newer version is available.
   fi  # Self-upgrading is allowed.
 
-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi

letsencrypt-auto-source/certbot-auto.asc

@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQEcBAABCAAGBQJZry3aAAoJEE0XyZXNl3Xy2foH/0ehCksUM0JQWdHNjmEexo0l
-XBvtZz59BkQpERZRd7tuwiXzFCJ9VwxlCUo4DhmdT7IYrM3/qb5HoVWPMrw70ySX
-CgKB/SKKYiHFXLT0w/sT6RJDp1y/dt1+8+BWCCztI+1yaQiAsJBK3rzVjpcQRb15
-yoQs9tNQIBBKdocZISjOTX1pYcwkA7fBGbnep9ndsM1PSuGXk3CBDF2YRfVnxnwF
-Y6R1Psjjk6vsUK9KY8uPtNtH4w3W30tRVbQmBf2qOsPrr532W/Zjvo1UERhqpM/w
-fxjgo8XyJdMvilL/U3lZEsdzq2WTbS8nXto1mB0/QgVLENICsWoE8SVSql10iYo=
-=wcEX
+iQEcBAABCAAGBQJZwqrMAAoJEE0XyZXNl3XyIXUIAIu7mgLgtiCp5eKcmPhqazMz
+G20Je4lhAmdaErQTv7c1JK3bLWYR0RAl9EW1ASzm51YCn4hFWNKzeRw/Q03EnTLD
+gg9irgicggniCkIhJRQQhMVbd4PsFJChJkyuxfoTnsCuWwGmbp7OGGoIUIlIrUcK
+UWmm/RAq1oetIAry1zTg0nIhZSyuqjqGGgpln7Dxd2PskQ6hbKxp7db7bbzog7pP
+rACaAwCZ/L1I53vJlwBOhaJD9lgeTZt6hD9wAlAZgTg1q/B4EpFKq0H9jBxvjdTN
+MtZv9W5bXi7zYb2GxQSVs7pCzS4yPVo0f2+W9Qx2CSkTqa8e5rljm3anKRdnYp0=
+=oEDw
 -----END PGP SIGNATURE-----

letsencrypt-auto-source/letsencrypt-auto

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.18.0"
+LE_AUTO_VERSION="0.18.2"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -187,8 +187,7 @@ SetRootAuthMechanism() {
 
 if [ "$1" = "--cb-auto-has-root" ]; then
   shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
   SetRootAuthMechanism
   if [ -n "$SUDO" ]; then
     echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
   fi
 fi
 
+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
   # Arguments: Platform name
   say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -825,8 +832,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
       # if non-interactive mode or stdin and stdout are connected to a terminal
       if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
         rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
       else
         error "Skipping upgrade because new OS dependencies may need to be installed."
         error
@@ -1071,18 +1077,18 @@ letsencrypt==0.7.0 \
     --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
     --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
 
-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.2 \
+    --hash=sha256:e1d1fcd6248cdbdba92e3a769dc40567dbffc717bff86ef3431fadf31419a6b6 \
+    --hash=sha256:0122e6ee3fc1167fa91883b9f2ea1897f3d0d4612739f175827b5a3e8f259c9a
+acme==0.18.2 \
+    --hash=sha256:67e1270318a2f8ca5f309b22fc50669abfdb38c875133b20e8a1358e96591a7a \
+    --hash=sha256:718efa9b3a7e6defcc7179e214a838d43a2bcef7dbd77667a2e505504e453ef6
+certbot-apache==0.18.2 \
+    --hash=sha256:54d9a16a7ec87df0538a094a28aabf5415d92bda3e80742dfd0b3d1ed82d8760 \
+    --hash=sha256:07856f49db28593eb58ed970da2f6520b0d0d7402ac7757a5ea41fcb6a24a9ea
+certbot-nginx==0.18.2 \
+    --hash=sha256:7fac4ec1be4966ef828f2aca32a04db303a9b49453589961f2fb5867b70823c5 \
+    --hash=sha256:d35aeda6f2ce6213d84ecbbc658ca6cf13c98961c475867c70740552d05ae3e3
 
 UNLIKELY_EOF
     # -------------------------------------------------------------------------
@@ -1491,5 +1497,5 @@ UNLIKELY_EOF
     fi  # A newer version is available.
   fi  # Self-upgrading is allowed.
 
-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi

letsencrypt-auto-source/letsencrypt-auto.template

@@ -187,8 +187,7 @@ SetRootAuthMechanism() {
 
 if [ "$1" = "--cb-auto-has-root" ]; then
   shift 1
-elif [ "$1" != "--le-auto-phase2" ]; then
-  # if $1 is --le-auto-phase2, we've executed this branch before
+else
   SetRootAuthMechanism
   if [ -n "$SUDO" ]; then
     echo "Requesting to rerun $0 with root privileges..."
@@ -197,6 +196,14 @@ elif [ "$1" != "--le-auto-phase2" ]; then
   fi
 fi
 
+# Runs this script again with the given arguments. --cb-auto-has-root is added
+# to the command line arguments to ensure we don't try to acquire root a
+# second time. After the script is rerun, we exit the current script.
+RerunWithArgs() {
+    "$0" --cb-auto-has-root "$@"
+    exit 0
+}
+
 BootstrapMessage() {
   # Arguments: Platform name
   say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
@@ -406,8 +413,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
       # if non-interactive mode or stdin and stdout are connected to a terminal
       if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
         rm -rf "$VENV_PATH"
-        "$0" "$@"
-        exit 0
+        RerunWithArgs "$@"
       else
         error "Skipping upgrade because new OS dependencies may need to be installed."
         error
@@ -567,5 +573,5 @@ UNLIKELY_EOF
     fi  # A newer version is available.
   fi  # Self-upgrading is allowed.
 
-  "$0" --le-auto-phase2 "$@"
+  RerunWithArgs --le-auto-phase2 "$@"
 fi

letsencrypt-auto-source/pieces/certbot-requirements.txt

@@ -1,12 +1,12 @@
-certbot==0.18.0 \
-    --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
-    --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
-acme==0.18.0 \
-    --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
-    --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
-certbot-apache==0.18.0 \
-    --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
-    --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
-certbot-nginx==0.18.0 \
-    --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
-    --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
+certbot==0.18.2 \
+    --hash=sha256:e1d1fcd6248cdbdba92e3a769dc40567dbffc717bff86ef3431fadf31419a6b6 \
+    --hash=sha256:0122e6ee3fc1167fa91883b9f2ea1897f3d0d4612739f175827b5a3e8f259c9a
+acme==0.18.2 \
+    --hash=sha256:67e1270318a2f8ca5f309b22fc50669abfdb38c875133b20e8a1358e96591a7a \
+    --hash=sha256:718efa9b3a7e6defcc7179e214a838d43a2bcef7dbd77667a2e505504e453ef6
+certbot-apache==0.18.2 \
+    --hash=sha256:54d9a16a7ec87df0538a094a28aabf5415d92bda3e80742dfd0b3d1ed82d8760 \
+    --hash=sha256:07856f49db28593eb58ed970da2f6520b0d0d7402ac7757a5ea41fcb6a24a9ea
+certbot-nginx==0.18.2 \
+    --hash=sha256:7fac4ec1be4966ef828f2aca32a04db303a9b49453589961f2fb5867b70823c5 \
+    --hash=sha256:d35aeda6f2ce6213d84ecbbc658ca6cf13c98961c475867c70740552d05ae3e3