revert dependency on new certbot

error out on newer python and oldersetuptools
depend on latest version of certbot because we're not planning to install mock sometimes
2020-04-13 13:44:09 -07:00 · 2020-04-13 13:43:10 -07:00 · 2020-04-10 16:38:26 -07:00 · 2020-04-10 16:33:58 -07:00 · 2020-04-10 15:04:19 -07:00
186 changed files with 867 additions and 1517 deletions
--- a/.azure-pipelines/main.yml
+++ b/.azure-pipelines/main.yml
@@ -1,6 +1,10 @@
 trigger:
+  # apache-parser-v2 is a temporary branch for doing work related to
+  # rewriting the parser in the Apache plugin.
+  - apache-parser-v2
  - master
 pr:
+  - apache-parser-v2
  - master
  - '*.x'

--- a/.gitignore
+++ b/.gitignore
@@ -51,10 +51,3 @@ tests/letstest/venv3/
 .certbot_test_workspace
 **/assets/pebble*
 **/assets/challtestsrv*
-
-# snap files
-.snapcraft
-parts
-prime
-stage
-*.snap
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,23 +11,20 @@ before_script:
  # Use Travis retry feature for farm tests since they are flaky
  - 'if [[ "$TOXENV" == "travis-test-farm"* ]]; then export TRAVIS_RETRY=travis_retry; fi'
  - export TOX_TESTENV_PASSENV=TRAVIS
-  - 'if [[ "$SNAP" == true ]]; then snap/local/build_and_install.sh; fi'

 # Only build pushes to the master branch, PRs, and branches beginning with
-# `test-`, `travis-test-`, or of the form `digit(s).digit(s).x` or
-# `vdigit(s).digit(s).digit(s)`. As documented at
-# https://docs.travis-ci.com/user/customizing-the-build/#safelisting-or-blocklisting-branches,
-# this includes tags so pushing tags of the form `vdigit(s).digit(s).digit(s)`
-# will also trigger tests. This reduces the number of simultaneous Travis runs,
-# which speeds turnaround time on review since there is a cap of on the number
-# of simultaneous runs.
+# `test-`, `travis-test-`, or of the form `digit(s).digit(s).x`. This reduces
+# the number of simultaneous Travis runs, which speeds turnaround time on
+# review since there is a cap of on the number of simultaneous runs.
 branches:
  # When changing these branches, please ensure the documentation under
  # "Running tests in CI" is still correct.
  only:
+    # apache-parser-v2 is a temporary branch for doing work related to
+    # rewriting the parser in the Apache plugin.
+    - apache-parser-v2
    - master
-    - /^\d+\.\d+\.x$/  # this matches our point release branches
-    - /^v\d+\.\d+\.\d+$/  # this matches our release tags
+    - /^\d+\.\d+\.x$/
    - /^(travis-)?test-.*$/

 # Jobs for the main test suite are always executed (including on PRs) except for pushes on master.
@@ -35,17 +32,197 @@ not-on-master: &not-on-master
  if: NOT (type = push AND branch = master)

 # Jobs for the extended test suite are executed for cron jobs and pushes to
-# non-development branches.
+# non-development branches. See the explanation for apache-parser-v2 above.
 extended-test-suite: &extended-test-suite
-  if: type = cron OR (type = push AND branch != master)
+  if: type = cron OR (type = push AND branch NOT IN (apache-parser-v2, master))

 matrix:
  include:
+    # Main test suite
+    - python: "2.7"
+      env: ACME_SERVER=pebble TOXENV=integration
+      <<: *not-on-master
+
+    # This job is always executed, including on master
+    - python: "2.7"
+      env: TOXENV=py27-cover FYI="py27 tests + code coverage"
+
+    - python: "3.7"
+      env: TOXENV=lint
+      <<: *not-on-master
+    - python: "3.5"
+      env: TOXENV=mypy
+      <<: *not-on-master
+    - python: "2.7"
+      # Ubuntu Trusty or older must be used because the oldest version of
+      # cryptography we support cannot be compiled against the version of
+      # OpenSSL in Xenial or newer.
+      dist: trusty
+      env: TOXENV='py27-{acme,apache,apache-v2,certbot,dns,nginx}-oldest'
+      <<: *not-on-master
+    - python: "3.5"
+      env: TOXENV=py35
+      <<: *not-on-master
+    - python: "3.8"
+      env: TOXENV=py38
+      <<: *not-on-master
+    - sudo: required
+      env: TOXENV=apache_compat
+      services: docker
+      before_install:
+      addons:
+      <<: *not-on-master
+    - sudo: required
+      env: TOXENV=le_auto_xenial
+      services: docker
+      <<: *not-on-master
+    - python: "2.7"
+      env: TOXENV=apacheconftest-with-pebble
+      <<: *not-on-master
+    - python: "2.7"
+      env: TOXENV=nginxroundtrip
+      <<: *not-on-master
+
+    # Extended test suite on cron jobs and pushes to tested branches other than master
+    - sudo: required
+      env: TOXENV=nginx_compat
+      services: docker
+      before_install:
+      addons:
+      <<: *extended-test-suite
    - python: "3.7"
      env:
        - TOXENV=travis-test-farm-apache2
        - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw="
      <<: *extended-test-suite
+    - python: "3.7"
+      env:
+        - TOXENV=travis-test-farm-leauto-upgrades
+        - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw="
+      git:
+        depth: false  # This is needed to have the history to checkout old versions of certbot-auto.
+      <<: *extended-test-suite
+    - python: "3.7"
+      env:
+        - TOXENV=travis-test-farm-certonly-standalone
+        - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw="
+      <<: *extended-test-suite
+    - python: "3.7"
+      env:
+        - TOXENV=travis-test-farm-sdists
+        - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw="
+      <<: *extended-test-suite
+    - python: "3.7"
+      env: TOXENV=py37 CERTBOT_NO_PIN=1
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration-certbot-oldest
+      # Ubuntu Trusty or older must be used because the oldest version of
+      # cryptography we support cannot be compiled against the version of
+      # OpenSSL in Xenial or newer.
+      dist: trusty
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration-certbot-oldest
+      # Ubuntu Trusty or older must be used because the oldest version of
+      # cryptography we support cannot be compiled against the version of
+      # OpenSSL in Xenial or newer.
+      dist: trusty
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration-nginx-oldest
+      # Ubuntu Trusty or older must be used because the oldest version of
+      # cryptography we support cannot be compiled against the version of
+      # OpenSSL in Xenial or newer.
+      dist: trusty
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "2.7"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration-nginx-oldest
+      # Ubuntu Trusty or older must be used because the oldest version of
+      # cryptography we support cannot be compiled against the version of
+      # OpenSSL in Xenial or newer.
+      dist: trusty
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.6"
+      env: TOXENV=py36
+      <<: *extended-test-suite
+    - python: "3.7"
+      env: TOXENV=py37
+      <<: *extended-test-suite
+    - python: "3.5"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.5"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.6"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.6"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.7"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.7"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration
+      sudo: required
+      services: docker
+      <<: *extended-test-suite
+    - python: "3.8"
+      env: ACME_SERVER=boulder-v1 TOXENV=integration
+      <<: *extended-test-suite
+    - python: "3.8"
+      env: ACME_SERVER=boulder-v2 TOXENV=integration
+      <<: *extended-test-suite
+    - sudo: required
+      env: TOXENV=le_auto_jessie
+      services: docker
+      <<: *extended-test-suite
+    - sudo: required
+      env: TOXENV=le_auto_centos6
+      services: docker
+      <<: *extended-test-suite
+    - sudo: required
+      env: TOXENV=le_auto_oraclelinux6
+      services: docker
+      <<: *extended-test-suite
+    - sudo: required
+      env: TOXENV=docker_dev
+      services: docker
+      addons:
+        apt:
+          packages:  # don't install nginx and apache
+            - libaugeas0
+      <<: *extended-test-suite

 # container-based infrastructure
 sudo: false
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -21,7 +21,6 @@ Authors
 * [Andrzej Górski](https://github.com/andrzej3393)
 * [Anselm Levskaya](https://github.com/levskaya)
 * [Antoine Jacoutot](https://github.com/ajacoutot)
-* [April King](https://github.com/april)
 * [asaph](https://github.com/asaph)
 * [Axel Beckert](https://github.com/xtaran)
 * [Bas](https://github.com/Mechazawa)
@@ -237,7 +236,6 @@ Authors
 * [Stefan Weil](https://github.com/stweil)
 * [Steve Desmond](https://github.com/stevedesmond-ca)
 * [sydneyli](https://github.com/sydneyli)
-* [taixx046](https://github.com/taixx046)
 * [Tan Jay Jun](https://github.com/jayjun)
 * [Tapple Gao](https://github.com/tapple)
 * [Telepenin Nikolay](https://github.com/telepenin)
--- a/acme/acme/client.py
+++ b/acme/acme/client.py
@@ -1123,8 +1123,8 @@ class ClientNetwork(object):
            debug_content = response.content.decode("utf-8")
        logger.debug('Received response:\nHTTP %d\n%s\n\n%s',
                     response.status_code,
-                     "\n".join("{0}: {1}".format(k, v)
-                                for k, v in response.headers.items()),
+                     "\n".join(["{0}: {1}".format(k, v)
+                                for k, v in response.headers.items()]),
                     debug_content)
        return response

--- a/acme/docs/conf.py
+++ b/acme/docs/conf.py
@@ -13,6 +13,7 @@
 # serve to show the default.

 import os
+import shlex
 import sys

 here = os.path.abspath(os.path.dirname(__file__))
--- a/acme/setup.py
+++ b/acme/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
@@ -17,6 +15,7 @@ install_requires = [
    # 1.1.0+ is required to avoid the warnings described at
    # https://github.com/certbot/josepy/issues/13.
    'josepy>=1.1.0',
+    'mock',
    # Connection.set_tlsext_host_name (>=0.13)
    'PyOpenSSL>=0.13.1',
    'pyrfc3339',
@@ -27,15 +26,6 @@ install_requires = [
    'six>=1.9.0',  # needed for python_2_unicode_compatible
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 dev_extras = [
    'pytest',
    'pytest-xdist',
--- a/acme/tests/challenges_test.py
+++ b/acme/tests/challenges_test.py
@@ -3,10 +3,7 @@ import unittest

 import josepy as jose
 import OpenSSL
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import requests
 from six.moves.urllib import parse as urllib_parse

--- a/acme/tests/client_test.py
+++ b/acme/tests/client_test.py
@@ -6,10 +6,7 @@ import json
 import unittest

 import josepy as jose
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import OpenSSL
 import requests
 from six.moves import http_client  # pylint: disable=import-error
--- a/acme/tests/errors_test.py
+++ b/acme/tests/errors_test.py
@@ -1,10 +1,7 @@
 """Tests for acme.errors."""
 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock


 class BadNonceTest(unittest.TestCase):
@@ -38,7 +35,7 @@ class PollErrorTest(unittest.TestCase):
    def setUp(self):
        from acme.errors import PollError
        self.timeout = PollError(
-            exhausted={mock.sentinel.AR},
+            exhausted=set([mock.sentinel.AR]),
            updated={})
        self.invalid = PollError(exhausted=set(), updated={
            mock.sentinel.AR: mock.sentinel.AR2})
--- a/acme/tests/magic_typing_test.py
+++ b/acme/tests/magic_typing_test.py
@@ -2,10 +2,7 @@
 import sys
 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock


 class MagicTypingTest(unittest.TestCase):
--- a/acme/tests/messages_test.py
+++ b/acme/tests/messages_test.py
@@ -2,10 +2,7 @@
 import unittest

 import josepy as jose
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from acme import challenges
 import test_util
--- a/acme/tests/standalone_test.py
+++ b/acme/tests/standalone_test.py
@@ -4,10 +4,7 @@ import threading
 import unittest

 import josepy as jose
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import requests
 from six.moves import http_client  # pylint: disable=import-error
 from six.moves import socketserver  # type: ignore  # pylint: disable=import-error
@@ -122,8 +119,8 @@ class TLSALPN01ServerTest(unittest.TestCase):
        )}
        # Use different certificate for challenge.
        self.challenge_certs = {b'localhost': (
-            test_util.load_pyopenssl_private_key('rsa4096_key.pem'),
-            test_util.load_cert('rsa4096_cert.pem'),
+            test_util.load_pyopenssl_private_key('rsa1024_key.pem'),
+            test_util.load_cert('rsa1024_cert.pem'),
        )}
        from acme.standalone import TLSALPN01Server
        self.server = TLSALPN01Server(("localhost", 0), certs=self.certs,
--- a/acme/tests/testdata/README
+++ b/acme/tests/testdata/README
@@ -4,7 +4,7 @@ to use appropriate extension for vector filenames: .pem for PEM and

 The following command has been used to generate test keys:

-  for k in 256 512 1024 2048 4096; do openssl genrsa -out rsa${k}_key.pem $k; done
+  for x in 256 512 1024 2048; do openssl genrsa -out rsa${k}_key.pem $k; done

 and for the CSR:

--- a/acme/tests/testdata/rsa4096_cert.pem
+++ b/acme/tests/testdata/rsa4096_cert.pem
@@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFDTCCAvWgAwIBAgIUImqDrP53V69vFROsjP/gL0YtoA4wDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMjAwNTI3MjMyNDE0WhcNMjAw
-NjI2MjMyNDE0WjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBANY9LKLk9Dxn0MUMQFHwBoTN4ehDSWBws2KcytpF
-mc8m9Mfk1wmb4fQSKYtK3wIFMfIyo9HQu0nKqMkkUw52o3ZXyOv+oWwF5qNy2BKu
-lh5OMSkaZ0o13zoPpW42e+IUnyxvg70+0urD+sUue4cyTHh/nBIUjrM/05ZJ/ac8
-HR0RK3H41YoqBjq69JjMZczZZhbNFit3s6p0R1TbVAgc3ckqbtX5BDyQMQQCP4Ed
-m4DgbAFVqdcPUCC5W3F3fmuQiPKHiADzONZnXpy6lUvLDWqcd6loKp+nKHM6OkXX
-8hmD7pE1PYMQo4hqOfhBR2IgMjAShwd5qUFjl1m2oo0Qm3PFXOk6i2ZQdS6AA/yd
-B5/mX0RnM2oIdFZPb6UZFSmtEgs9sTzn+hMUyNSZQRE54px1ur1xws2R+vbsCyM5
-+KoFVxDjVjU9TlZx3GvDvnqz/tbHjji6l8VHZYOBMBUXbKHu2U6pJFZ5Zp7k68/z
-a3Fb9Pjtn3iRkXEyC0N5kLgqO4QTlExnxebV8aMvQpWd/qefnMn9qPYIZPEXSQAR
-mEBIahkcACb60s+acG0WFFluwBPtBqEr8Q67XlSF0Ibf4iBiRzpPobhlWta1nrFg
-4IWHMSoZ0PE75bhIGBEkhrpcXQCAxXmAfxfjKDH7jdJ1fRdnZ/9+OzwYGVX5GH/l
-0QDtAgMBAAGjUzBRMB0GA1UdDgQWBBQh3xiz/o1nEU2ySylZ9gxCXvIPGzAfBgNV
-HSMEGDAWgBQh3xiz/o1nEU2ySylZ9gxCXvIPGzAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4ICAQAELoXz31oR9pdAwidlv9ZBOKiC7KBWy8VMqXNVkfTn
-bVRxAUex7zleLFIOkWnqadsMesU9sIwrbLzBcZ8Q/vBY+z2xOPdXcgcAoAmdKWoq
-YBQNiqng9r54sqlzB/77QZCf5fdktESe7NTxhCifgx5SAWq7IUQs/lm3tnMUSAfE
-5ctuN6M+w8K54y3WDprcfMHpnc3ZHeSPhVQApHM0h/bDvXq0bRS7kmq27Hb153Qm
-nH3TwYB5pPSWW38NbUc+s/a7mItO7S8ly8yGbA0j9c/IbN5lM+OCdk06asz3+c8E
-uo8nuCBoYO5+6AqC2N7WJ3Tdr/pFA8jTbd6VNVlgCWTIR8ZosL5Fgkfv+4fUBrHt
-zdVUqMUzvga5rvZnwnJ5Qfu/drHeAAo9MTNFQNe2QgDlYfWBh5GweolgmFSwrpkY
-v/5wLtIyv/ASHKswybbqMIlpttcLTXjx5yuh8swttT6Wh+FQqqQ32KSRB3StiwyK
-oH0ZhrwYHiFYNlPxecGX6XUta6rFtTlEdkBGSnXzgiTzL2l+Nc0as0V5B9RninZG
-qJ+VOChSQ0OFvg1riSXv7tMvbLdGQnxwTRL3t6BMS8I4LA2m3ZfWUcuXT783ODTH
-16f1Q1AgXd2csstTWO9cv+N/0fpX31nqrm6+CrGduSr2u4HjYYnlLIUhmdTvK3fX
-Fg==
-----END CERTIFICATE-----
--- a/acme/tests/testdata/rsa4096_key.pem
+++ b/acme/tests/testdata/rsa4096_key.pem
@@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIJKgIBAAKCAgEA1j0souT0PGfQxQxAUfAGhM3h6ENJYHCzYpzK2kWZzyb0x+TX
-CZvh9BIpi0rfAgUx8jKj0dC7ScqoySRTDnajdlfI6/6hbAXmo3LYEq6WHk4xKRpn
-SjXfOg+lbjZ74hSfLG+DvT7S6sP6xS57hzJMeH+cEhSOsz/Tlkn9pzwdHRErcfjV
-iioGOrr0mMxlzNlmFs0WK3ezqnRHVNtUCBzdySpu1fkEPJAxBAI/gR2bgOBsAVWp
-1w9QILlbcXd+a5CI8oeIAPM41mdenLqVS8sNapx3qWgqn6coczo6RdfyGYPukTU9
-gxCjiGo5+EFHYiAyMBKHB3mpQWOXWbaijRCbc8Vc6TqLZlB1LoAD/J0Hn+ZfRGcz
-agh0Vk9vpRkVKa0SCz2xPOf6ExTI1JlBETninHW6vXHCzZH69uwLIzn4qgVXEONW
-NT1OVnHca8O+erP+1seOOLqXxUdlg4EwFRdsoe7ZTqkkVnlmnuTrz/NrcVv0+O2f
-eJGRcTILQ3mQuCo7hBOUTGfF5tXxoy9ClZ3+p5+cyf2o9ghk8RdJABGYQEhqGRwA
-JvrSz5pwbRYUWW7AE+0GoSvxDrteVIXQht/iIGJHOk+huGVa1rWesWDghYcxKhnQ
-8TvluEgYESSGulxdAIDFeYB/F+MoMfuN0nV9F2dn/347PBgZVfkYf+XRAO0CAwEA
-AQKCAgEA0hZdTkQtCYtYm9LexDsXeWYX8VcCfrMmBj7xYcg9A3oVMmzDPuYBVwH0
-gWbjd6y2hOaJ5TfGYZ99kvmvBRDsTSHaoyopC7BhssjtAKz6Ay/0X3VH8usPQ3WS
-aZi+NT65tK6KRqtz08ppgLGLa1G00bl5x/Um1rpxeACI4FU/y4BJ1VMJvJpnT3KE
-Z86Qyagqx5NH+UpCApZSWPFX3zjHePzGgcfXErjniCHYOnpZQrFQ2KIzkfSvQ9fg
-x01ByKOM2CB2C1B33TCzBAioXRH6zyAu7A59NeCK9ywTduhDvie1a+oEryFC7IQW
-4s7I/H3MGX4hsf/pLXlHMy+5CZJOjRaC2h+pypfbbcuiXu6Sn64kHNpiI7SxI5DI
-MIRjyG7MdUcrzq0Rt8ogwwpbCoRqrl/w3bhxtqmeZaEZtyxbjlm7reK2YkIFDgyz
-JMqiJK5ZAi+9L/8c0xhjjAQQ0sIzrjmjA8U+6YnWL9jU5qXTVnBB8XQucyeeZGgk
-yRHyMur71qOXN8z3UEva7MHkDTUBlj8DgTz6sEjqCipaWl0CXfDNa4IhHIXD5qiF
-wplhq7OeS0v6EGG/UFa3Q/lFntxtrayxJX7uvvSccGzjPKXTjpWUELLi/FdnIsum
-eXT3RgIEYozj4BibDXaBLfHTCVzxOr7AAEvKM9XWSUgLA0paSWECggEBAO9ZBeE1
-GWzd1ejTTkcxBC9AK2rNsYG8PdNqiof/iTbuJWNeRqpG+KB/0CNIpjZ2X5xZd0tM
-FDpHTFehlP26Roxuq50iRAFc+SN5KoiO0A3JuJAidreIgRTia1saUUrypHqWrYEA
-VZVj2AI8Pyg3s1OkR2frFskY7hXBVb/pJNDP/m9xTXXIYiIXYkHYe+4RIJCnAxRv
-q5YHKaX+0Ull9YCZJCxmwvcHat8sgu8qkiwUMEM6QSNEkrEbdnWYBABvC1AR6sws
-7MP1h9+j22n4Zc/3D6kpFZEL9Erx8nNyhbOZ6q2Tdnf6YKVVjZdyVa8VyNnR0ROl
-3BjkFaHb/bg4e4kCggEBAOUk8ZJS3qBeGCOjug384zbHGcnhUBYtYJiOz+RXBtP+
-PRksbFtTkgk1sHuSGO8YRddU4Qv7Av1xL8o+DEsLBSD0YQ7pmLrR/LK+iDQ5N63O
-Fve9uJH0ybxAOkiua7G24+lTsVUP//KWToL4Wh5zbHBBjL5D2Z9zoeVbcE87xhva
-lImMVr4Ex252DqNP9wkZxBjudFyJ/C/TnXrjPcgwhxWTC7sLQMhE5p+490G7c4hX
-PywkIKrANbu37KDiAvVS+dC66ZgpL/NUDkeloAmGNO08LGzbV6YKchlvDyWU/AvW
-0hYjbL0FUq7K/wp1G9fumolB+fbI25K9c13X93STzUUCggEBAJDsNFUyk5yJjbYW
-C/WrRj9d+WwH9Az77+uNPSgvn+O0usq6EMuVgYGdImfa21lqv2Wp/kOHY1AOT7lX
-yyD+oyzw7dSNJOQ2aVwDR6+72Vof5DLRy1RBwPbmSd61xrc8yD658YCEtU1pUSe5
-VvyBDYH9nIbdn8RP5gkiMUusXXBaIFNWJXLFzDWcNxBrhk6V7EPp/EFphFmpKJyr
-+AkbRVWCZJbF+hMdWKadCwLJogwyhS6PnVU/dhrq6AU38GRa2Fy5HJRYN1xH1Oej
-DX3Su8L6c28Xw0k6FcczTHx+wVoIPkKvYTIwVkiFzt/+iMckx6KsGo5tBSHFKRwC
-WlQrTxECggEBALjUruLnY1oZ7AC7bTUhOimSOfQEgTQSUCtebsRxijlvhtsKYTDd
-XRt+qidStjgN7S/+8DRYuZWzOeg5WnMhpXZqiOudcyume922IGl3ibjxVsdoyjs5
-J4xohlrgDlBgBMDNWGoTqNGFejjcmNydH+gAh8VlN2INxJYbxqCyx17qVgwJHmLR
-uggYxD/pHYvCs9GkbknCp5/wYsOgDtKuihfV741lS1D/esN1UEQ+LrfYIEW7snno
-5q7Pcdhn1hkKYCWEzy2Ec4Aj2gzixQ9JqOF/OxpnZvCw1k47rg0TeqcWFYnz8x8Y
-7xO8/DH0OoxXk2GJzVXJuItJs4gLzzfCjL0CggEAJFHfC9jisdy7CoWiOpNCSF1B
-S0/CWDz77cZdlWkpTdaXGGp1MA/UKUFPIH8sOHfvpKS660+X4G/1ZBHmFb4P5kFF
-Qy8UyUMKtSOEdZS6KFlRlfSCAMd5aSTmCvq4OSjYEpMRwUhU/iEJNkn9Z1Soehe0
-U3dxJ8KiT1071geO6rRquSHoSJs6Y0WQKriYYQJOhh4Axs3PQihER2eyh+WGk8YJ
-02m0mMsjntqnXtdc6IcdKaHp9ko+OpM9QZLsvt19fxBcrXj/i21uUXrzuNtKfO6M
-JqGhsOrO2dh8lMhvodENvgKA0DmYDC9N7ogo7bxTNSedcjBF46FhJoqii8m70Q==
-----END RSA PRIVATE KEY-----
--- a/certbot-apache/certbot_apache/_internal/apache_util.py
+++ b/certbot-apache/certbot_apache/_internal/apache_util.py
@@ -130,7 +130,7 @@ def included_in_paths(filepath, paths):
    :rtype: bool
    """

-    return any(fnmatch.fnmatch(filepath, path) for path in paths)
+    return any([fnmatch.fnmatch(filepath, path) for path in paths])


 def parse_defines(apachectl):
@@ -144,7 +144,7 @@ def parse_defines(apachectl):
    :rtype: dict
    """

-    variables = {}
+    variables = dict()
    define_cmd = [apachectl, "-t", "-D",
                  "DUMP_RUN_CFG"]
    matches = parse_from_subprocess(define_cmd, r"Define: ([^ \n]*)")
--- a/certbot-apache/certbot_apache/_internal/assertions.py
+++ b/certbot-apache/certbot_apache/_internal/assertions.py
@@ -132,9 +132,9 @@ def assertEqualPathsList(first, second):  # pragma: no cover
    Checks that the two lists of file paths match. This assertion allows for wildcard
    paths.
    """
-    if any(isPass(path) for path in first):
+    if any([isPass(path) for path in first]):
        return
-    if any(isPass(path) for path in second):
+    if any([isPass(path) for path in second]):
        return
    for fpath in first:
        assert any([fnmatch.fnmatch(fpath, spath) for spath in second])
--- a/certbot-apache/certbot_apache/_internal/augeasparser.py
+++ b/certbot-apache/certbot_apache/_internal/augeasparser.py
@@ -339,7 +339,7 @@ class AugeasBlockNode(AugeasDirectiveNode):
    def find_blocks(self, name, exclude=True):
        """Recursive search of BlockNodes from the sequence of children"""

-        nodes = []
+        nodes = list()
        paths = self._aug_find_blocks(name)
        if exclude:
            paths = self.parser.exclude_dirs(paths)
@@ -351,7 +351,7 @@ class AugeasBlockNode(AugeasDirectiveNode):
    def find_directives(self, name, exclude=True):
        """Recursive search of DirectiveNodes from the sequence of children"""

-        nodes = []
+        nodes = list()
        ownpath = self.metadata.get("augeaspath")

        directives = self.parser.find_dir(name, start=ownpath, exclude=exclude)
@@ -374,7 +374,7 @@ class AugeasBlockNode(AugeasDirectiveNode):
        :param str comment: Comment content to search for.
        """

-        nodes = []
+        nodes = list()
        ownpath = self.metadata.get("augeaspath")

        comments = self.parser.find_comments(comment, start=ownpath)
--- a/certbot-apache/certbot_apache/_internal/configurator.py
+++ b/certbot-apache/certbot_apache/_internal/configurator.py
@@ -115,7 +115,6 @@ class ApacheConfigurator(common.Installer):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/apache2",
-        bin=None
    )

    def option(self, key):
@@ -146,7 +145,7 @@ class ApacheConfigurator(common.Installer):
        """
        opts = ["enmod", "dismod", "le_vhost_ext", "server_root", "vhost_root",
                "logs_root", "challenge_location", "handle_modules", "handle_sites",
-                "ctl", "bin"]
+                "ctl"]
        for o in opts:
            # Config options use dashes instead of underscores
            if self.conf(o.replace("_", "-")) is not None:
@@ -195,8 +194,6 @@ class ApacheConfigurator(common.Installer):
                 "(Only Ubuntu/Debian currently)")
        add("ctl", default=DEFAULTS["ctl"],
            help="Full path to Apache control script")
-        add("bin", default=DEFAULTS["bin"],
-            help="Full path to apache2/httpd binary")

    def __init__(self, *args, **kwargs):
        """Initialize an Apache Configurator.
@@ -211,12 +208,12 @@ class ApacheConfigurator(common.Installer):
        super(ApacheConfigurator, self).__init__(*args, **kwargs)

        # Add name_server association dict
-        self.assoc = {}  # type: Dict[str, obj.VirtualHost]
+        self.assoc = dict()  # type: Dict[str, obj.VirtualHost]
        # Outstanding challenges
        self._chall_out = set()  # type: Set[KeyAuthorizationAnnotatedChallenge]
        # List of vhosts configured per wildcard domain on this run.
        # used by deploy_cert() and enhance()
-        self._wildcard_vhosts = {}  # type: Dict[str, List[obj.VirtualHost]]
+        self._wildcard_vhosts = dict()  # type: Dict[str, List[obj.VirtualHost]]
        # Maps enhancements to vhosts we've enabled the enhancement for
        self._enhanced_vhosts = defaultdict(set)  # type: DefaultDict[str, Set[obj.VirtualHost]]
        # Temporary state for AutoHSTS enhancement
@@ -272,25 +269,18 @@ class ApacheConfigurator(common.Installer):
        """
        if self._openssl_version:
            return self._openssl_version
-        # Step 1. Determine the location of ssl_module
+        # Step 1. Check for LoadModule directive
        try:
            ssl_module_location = self.parser.modules['ssl_module']
        except KeyError:
            if warn_on_no_mod_ssl:
                logger.warning("Could not find ssl_module; not disabling session tickets.")
            return None
-        if ssl_module_location:
-            # Possibility A: ssl_module is a DSO
-            ssl_module_location = self.parser.standard_path_from_server_root(ssl_module_location)
-        else:
-            # Possibility B: ssl_module is statically linked into Apache
-            if self.option("bin"):
-                ssl_module_location = self.option("bin")
-            else:
-                logger.warning("ssl_module is statically linked but --apache-bin is "
-                               "missing; not disabling session tickets.")
-                return None
-        # Step 2. Grep in the binary for openssl version
+        if not ssl_module_location:
+            logger.warning("Could not find ssl_module; not disabling session tickets.")
+            return None
+        ssl_module_location = self.parser.standard_path_from_server_root(ssl_module_location)
+        # Step 2. Grep in the .so for openssl version
        contents = self._open_module_file(ssl_module_location)
        if not contents:
            logger.warning("Unable to read ssl_module file; not disabling session tickets.")
@@ -446,7 +436,7 @@ class ApacheConfigurator(common.Installer):
        """Initializes the ParserNode parser root instance."""

        if HAS_APACHECONFIG:
-            apache_vars = {}
+            apache_vars = dict()
            apache_vars["defines"] = apache_util.parse_defines(self.option("ctl"))
            apache_vars["includes"] = apache_util.parse_includes(self.option("ctl"))
            apache_vars["modules"] = apache_util.parse_modules(self.option("ctl"))
@@ -558,7 +548,7 @@ class ApacheConfigurator(common.Installer):

        # Go through the vhosts, making sure that we cover all the names
        # present, but preferring the SSL vhosts
-        filtered_vhosts = {}
+        filtered_vhosts = dict()
        for vhost in vhosts:
            for name in vhost.get_names():
                if vhost.ssl:
@@ -584,7 +574,7 @@ class ApacheConfigurator(common.Installer):

        # Make sure we create SSL vhosts for the ones that are HTTP only
        # if requested.
-        return_vhosts = []
+        return_vhosts = list()
        for vhost in dialog_output:
            if not vhost.ssl:
                return_vhosts.append(self.make_vhost_ssl(vhost))
@@ -605,11 +595,6 @@ class ApacheConfigurator(common.Installer):
        # cert_key... can all be parsed appropriately
        self.prepare_server_https("443")

-        # If we haven't managed to enable mod_ssl by this point, error out
-        if "ssl_module" not in self.parser.modules:
-            raise errors.MisconfigurationError("Could not find ssl_module; "
-                "not installing certificate.")
-
        # Add directives and remove duplicates
        self._add_dummy_ssl_directives(vhost.path)
        self._clean_vhost(vhost)
@@ -624,6 +609,21 @@ class ApacheConfigurator(common.Installer):
            path["chain_path"] = self.parser.find_dir(
                "SSLCertificateChainFile", None, vhost.path)

+        # Handle errors when certificate/key directives cannot be found
+        if not path["cert_path"]:
+            logger.warning(
+                "Cannot find an SSLCertificateFile directive in %s. "
+                "VirtualHost was not modified", vhost.path)
+            raise errors.PluginError(
+                "Unable to find an SSLCertificateFile directive")
+        elif not path["cert_key"]:
+            logger.warning(
+                "Cannot find an SSLCertificateKeyFile directive for "
+                "certificate in %s. VirtualHost was not modified", vhost.path)
+            raise errors.PluginError(
+                "Unable to find an SSLCertificateKeyFile directive for "
+                "certificate")
+
        logger.info("Deploying Certificate to VirtualHost %s", vhost.filep)

        if self.version < (2, 4, 8) or (chain_path and not fullchain_path):
@@ -1579,7 +1579,7 @@ class ApacheConfigurator(common.Installer):
                        result.append(comment)
                        sift = True

-                    result.append('\n'.join('# ' + l for l in chunk))
+                    result.append('\n'.join(['# ' + l for l in chunk]))
                else:
                    result.append('\n'.join(chunk))
        return result, sift
@@ -1719,7 +1719,7 @@ class ApacheConfigurator(common.Installer):
        for addr in vhost.addrs:
            # In Apache 2.2, when a NameVirtualHost directive is not
            # set, "*" and "_default_" will conflict when sharing a port
-            addrs = {addr,}
+            addrs = set((addr,))
            if addr.get_addr() in ("*", "_default_"):
                addrs.update(obj.Addr((a, addr.get_port(),))
                             for a in ("*", "_default_"))
@@ -1910,7 +1910,7 @@ class ApacheConfigurator(common.Installer):
        try:
            self._autohsts = self.storage.fetch("autohsts")
        except KeyError:
-            self._autohsts = {}
+            self._autohsts = dict()

    def _autohsts_save_state(self):
        """
@@ -2471,7 +2471,7 @@ class ApacheConfigurator(common.Installer):
        if len(matches) != 1:
            raise errors.PluginError("Unable to find Apache version")

-        return tuple(int(i) for i in matches[0].split("."))
+        return tuple([int(i) for i in matches[0].split(".")])

    def more_info(self):
        """Human-readable string to help understand the module"""
--- a/certbot-apache/certbot_apache/_internal/display_ops.py
+++ b/certbot-apache/certbot_apache/_internal/display_ops.py
@@ -21,7 +21,7 @@ def select_vhost_multiple(vhosts):
    :rtype: :class:`list`of type `~obj.Vhost`
    """
    if not vhosts:
-        return []
+        return list()
    tags_list = [vhost.display_repr()+"\n" for vhost in vhosts]
    # Remove the extra newline from the last entry
    if tags_list:
@@ -37,7 +37,7 @@ def select_vhost_multiple(vhosts):
 def _reversemap_vhosts(names, vhosts):
    """Helper function for select_vhost_multiple for mapping string
    representations back to actual vhost objects"""
-    return_vhosts = []
+    return_vhosts = list()

    for selection in names:
        for vhost in vhosts:
--- a/certbot-apache/certbot_apache/_internal/dualparser.py
+++ b/certbot-apache/certbot_apache/_internal/dualparser.py
@@ -49,7 +49,7 @@ class DualNodeBase(object):

        pass_primary = assertions.isPassNodeList(primary_res)
        pass_secondary = assertions.isPassNodeList(secondary_res)
-        new_nodes = []
+        new_nodes = list()

        if pass_primary and pass_secondary:
            # Both unimplemented
@@ -221,7 +221,7 @@ class DualBlockNode(DualNodeBase):
        implementations to a list of tuples.
        """

-        matched = []
+        matched = list()
        for p in primary_list:
            match = None
            for s in secondary_list:
--- a/certbot-apache/certbot_apache/_internal/override_arch.py
+++ b/certbot-apache/certbot_apache/_internal/override_arch.py
@@ -24,5 +24,4 @@ class ArchConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/httpd/conf",
-        bin=None,
    )
--- a/certbot-apache/certbot_apache/_internal/override_centos.py
+++ b/certbot-apache/certbot_apache/_internal/override_centos.py
@@ -35,7 +35,6 @@ class CentOSConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/httpd/conf.d",
-        bin=None,
    )

    def config_test(self):
--- a/certbot-apache/certbot_apache/_internal/override_darwin.py
+++ b/certbot-apache/certbot_apache/_internal/override_darwin.py
@@ -24,5 +24,4 @@ class DarwinConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/apache2/other",
-        bin=None,
    )
--- a/certbot-apache/certbot_apache/_internal/override_debian.py
+++ b/certbot-apache/certbot_apache/_internal/override_debian.py
@@ -33,7 +33,6 @@ class DebianConfigurator(configurator.ApacheConfigurator):
        handle_modules=True,
        handle_sites=True,
        challenge_location="/etc/apache2",
-        bin=None,
    )

    def enable_site(self, vhost):
--- a/certbot-apache/certbot_apache/_internal/override_fedora.py
+++ b/certbot-apache/certbot_apache/_internal/override_fedora.py
@@ -29,7 +29,6 @@ class FedoraConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/httpd/conf.d",
-        bin=None,
    )

    def config_test(self):
--- a/certbot-apache/certbot_apache/_internal/override_gentoo.py
+++ b/certbot-apache/certbot_apache/_internal/override_gentoo.py
@@ -27,7 +27,6 @@ class GentooConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/apache2/vhosts.d",
-        bin=None,
    )

    def _prepare_options(self):
--- a/certbot-apache/certbot_apache/_internal/override_suse.py
+++ b/certbot-apache/certbot_apache/_internal/override_suse.py
@@ -24,5 +24,4 @@ class OpenSUSEConfigurator(configurator.ApacheConfigurator):
        handle_modules=False,
        handle_sites=False,
        challenge_location="/etc/apache2/vhosts.d",
-        bin=None,
    )
--- a/certbot-apache/certbot_apache/_internal/parser.py
+++ b/certbot-apache/certbot_apache/_internal/parser.py
@@ -30,7 +30,7 @@ class ApacheParser(object):

    """
    arg_var_interpreter = re.compile(r"\$\{[^ \}]*}")
-    fnmatch_chars = {"*", "?", "\\", "[", "]"}
+    fnmatch_chars = set(["*", "?", "\\", "[", "]"])

    def __init__(self, root, vhostroot=None, version=(2, 4),
                 configurator=None):
@@ -741,7 +741,7 @@ class ApacheParser(object):
        """
        if sys.version_info < (3, 6):
            # This strips off final /Z(?ms)
-            return fnmatch.translate(clean_fn_match)[:-7]  # pragma: no cover
+            return fnmatch.translate(clean_fn_match)[:-7]
        # Since Python 3.6, it returns a different pattern like (?s:.*\.load)\Z
        return fnmatch.translate(clean_fn_match)[4:-3]  # pragma: no cover

@@ -945,8 +945,8 @@ def case_i(string):
    :param str string: string to make case i regex

    """
-    return "".join("[" + c.upper() + c.lower() + "]"
-                    if c.isalpha() else c for c in re.escape(string))
+    return "".join(["[" + c.upper() + c.lower() + "]"
+                    if c.isalpha() else c for c in re.escape(string)])


 def get_aug_path(file_path):
--- a/certbot-apache/certbot_apache/_internal/parsernode_util.py
+++ b/certbot-apache/certbot_apache/_internal/parsernode_util.py
@@ -11,7 +11,7 @@ def validate_kwargs(kwargs, required_names):
    :param list required_names: List of required parameter names.
    """

-    validated_kwargs = {}
+    validated_kwargs = dict()
    for name in required_names:
        try:
            validated_kwargs[name] = kwargs.pop(name)
--- a/certbot-apache/setup.py
+++ b/certbot-apache/setup.py
@@ -6,7 +6,7 @@ from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -22,11 +22,11 @@ install_requires = [
 setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
 if setuptools_known_environment_markers:
    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
 elif sys.version_info < (3,3):
    install_requires.append('mock')
+else:
+    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
+                       'of setuptools. Version 36.2+ of setuptools is required.')

 dev_extras = [
    'apacheconfig>=0.3.2',
--- a/certbot-apache/tests/augeasnode_test.py
+++ b/certbot-apache/tests/augeasnode_test.py
@@ -2,9 +2,10 @@
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 import os
+import unittest
 import util

 from certbot import errors
--- a/certbot-apache/tests/autohsts_test.py
+++ b/certbot-apache/tests/autohsts_test.py
@@ -6,7 +6,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock
 import six  # pylint: disable=unused-import  # six is used in mock.patch()

 from certbot import errors
--- a/certbot-apache/tests/centos6_test.py
+++ b/certbot-apache/tests/centos6_test.py
@@ -19,12 +19,12 @@ def get_vh_truth(temp_dir, config_name):
        obj.VirtualHost(
            os.path.join(prefix, "test.example.com.conf"),
            os.path.join(aug_pre, "test.example.com.conf/VirtualHost"),
-            {obj.Addr.fromstring("*:80")},
+            set([obj.Addr.fromstring("*:80")]),
            False, True, "test.example.com"),
        obj.VirtualHost(
            os.path.join(prefix, "ssl.conf"),
            os.path.join(aug_pre, "ssl.conf/VirtualHost"),
-            {obj.Addr.fromstring("_default_:443")},
+            set([obj.Addr.fromstring("_default_:443")]),
            True, True, None)
    ]
    return vh_truth
@@ -104,7 +104,7 @@ class CentOS6Tests(util.ApacheTest):
        pre_loadmods = self.config.parser.find_dir(
            "LoadModule", "ssl_module", exclude=False)
        # LoadModules are not within IfModule blocks
-        self.assertFalse(any("ifmodule" in m.lower() for m in pre_loadmods))
+        self.assertFalse(any(["ifmodule" in m.lower() for m in pre_loadmods]))
        self.config.assoc["test.example.com"] = self.vh_truth[0]
        self.config.deploy_cert(
            "random.demo", "example/cert.pem", "example/key.pem",
--- a/certbot-apache/tests/centos_test.py
+++ b/certbot-apache/tests/centos_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.compat import filesystem
@@ -24,12 +24,12 @@ def get_vh_truth(temp_dir, config_name):
        obj.VirtualHost(
            os.path.join(prefix, "centos.example.com.conf"),
            os.path.join(aug_pre, "centos.example.com.conf/VirtualHost"),
-            {obj.Addr.fromstring("*:80")},
+            set([obj.Addr.fromstring("*:80")]),
            False, True, "centos.example.com"),
        obj.VirtualHost(
            os.path.join(prefix, "ssl.conf"),
            os.path.join(aug_pre, "ssl.conf/VirtualHost"),
-            {obj.Addr.fromstring("_default_:443")},
+            set([obj.Addr.fromstring("_default_:443")]),
            True, True, None)
    ]
    return vh_truth
--- a/certbot-apache/tests/configurator_reverter_test.py
+++ b/certbot-apache/tests/configurator_reverter_test.py
@@ -5,7 +5,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 import util
--- a/certbot-apache/tests/configurator_test.py
+++ b/certbot-apache/tests/configurator_test.py
@@ -9,7 +9,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock
 import six  # pylint: disable=unused-import  # six is used in mock.patch()

 from acme import challenges
@@ -102,7 +102,7 @@ class MultipleVhostsTest(util.ApacheTest):
        parserargs = ["server_root", "enmod", "dismod", "le_vhost_ext",
                      "vhost_root", "logs_root", "challenge_location",
                      "handle_modules", "handle_sites", "ctl"]
-        exp = {}
+        exp = dict()

        for k in ApacheConfigurator.OS_DEFAULTS:
            if k in parserargs:
@@ -143,9 +143,11 @@ class MultipleVhostsTest(util.ApacheTest):
        mock_utility = mock_getutility()
        mock_utility.notification = mock.MagicMock(return_value=True)
        names = self.config.get_all_names()
-        self.assertEqual(names, {"certbot.demo", "ocspvhost.com", "encryption-example.demo",
+        self.assertEqual(names, set(
+            ["certbot.demo", "ocspvhost.com", "encryption-example.demo",
             "nonsym.link", "vhost.in.rootconf", "www.certbot.demo",
-             "duplicate.example.com"})
+             "duplicate.example.com"]
+        ))

    @certbot_util.patch_get_utility()
    @mock.patch("certbot_apache._internal.configurator.socket.gethostbyaddr")
@@ -155,9 +157,9 @@ class MultipleVhostsTest(util.ApacheTest):
        mock_utility.notification.return_value = True
        vhost = obj.VirtualHost(
            "fp", "ap",
-            {obj.Addr(("8.8.8.8", "443")),
+            set([obj.Addr(("8.8.8.8", "443")),
                 obj.Addr(("zombo.com",)),
-                 obj.Addr(("192.168.1.2"))},
+                 obj.Addr(("192.168.1.2"))]),
            True, False)

        self.config.vhosts.append(vhost)
@@ -186,7 +188,7 @@ class MultipleVhostsTest(util.ApacheTest):

    def test_bad_servername_alias(self):
        ssl_vh1 = obj.VirtualHost(
-            "fp1", "ap1", {obj.Addr(("*", "443"))},
+            "fp1", "ap1", set([obj.Addr(("*", "443"))]),
            True, False)
        # pylint: disable=protected-access
        self.config._add_servernames(ssl_vh1)
@@ -199,7 +201,7 @@ class MultipleVhostsTest(util.ApacheTest):
        # pylint: disable=protected-access
        self.config._add_servernames(self.vh_truth[2])
        self.assertEqual(
-            self.vh_truth[2].get_names(), {"*.le.co", "ip-172-30-0-17"})
+            self.vh_truth[2].get_names(), set(["*.le.co", "ip-172-30-0-17"]))

    def test_get_virtual_hosts(self):
        """Make sure all vhosts are being properly found."""
@@ -270,7 +272,7 @@ class MultipleVhostsTest(util.ApacheTest):
    def test_choose_vhost_select_vhost_conflicting_non_ssl(self, mock_select):
        mock_select.return_value = self.vh_truth[3]
        conflicting_vhost = obj.VirtualHost(
-            "path", "aug_path", {obj.Addr.fromstring("*:443")},
+            "path", "aug_path", set([obj.Addr.fromstring("*:443")]),
            True, True)
        self.config.vhosts.append(conflicting_vhost)

@@ -279,14 +281,14 @@ class MultipleVhostsTest(util.ApacheTest):

    def test_find_best_http_vhost_default(self):
        vh = obj.VirtualHost(
-            "fp", "ap", {obj.Addr.fromstring("_default_:80")}, False, True)
+            "fp", "ap", set([obj.Addr.fromstring("_default_:80")]), False, True)
        self.config.vhosts = [vh]
        self.assertEqual(self.config.find_best_http_vhost("foo.bar", False), vh)

    def test_find_best_http_vhost_port(self):
        port = "8080"
        vh = obj.VirtualHost(
-            "fp", "ap", {obj.Addr.fromstring("*:" + port)},
+            "fp", "ap", set([obj.Addr.fromstring("*:" + port)]),
            False, True, "encryption-example.demo")
        self.config.vhosts.append(vh)
        self.assertEqual(self.config.find_best_http_vhost("foo.bar", False, port), vh)
@@ -314,8 +316,8 @@ class MultipleVhostsTest(util.ApacheTest):
    def test_find_best_vhost_variety(self):
        # pylint: disable=protected-access
        ssl_vh = obj.VirtualHost(
-            "fp", "ap", {obj.Addr(("*", "443")),
-                             obj.Addr(("zombo.com",))},
+            "fp", "ap", set([obj.Addr(("*", "443")),
+                             obj.Addr(("zombo.com",))]),
            True, False)
        self.config.vhosts.append(ssl_vh)
        self.assertEqual(self.config._find_best_vhost("zombo.com"), ssl_vh)
@@ -455,6 +457,41 @@ class MultipleVhostsTest(util.ApacheTest):
            "SSLCertificateChainFile", "two/cert_chain.pem",
            self.vh_truth[1].path))

+    def test_deploy_cert_invalid_vhost(self):
+        """For test cases where the `ApacheConfigurator` class' `_deploy_cert`
+        method is called with an invalid vhost parameter. Currently this tests
+        that a PluginError is appropriately raised when important directives
+        are missing in an SSL module."""
+        self.config.parser.modules["ssl_module"] = None
+        self.config.parser.modules["mod_ssl.c"] = None
+        self.config.parser.modules["socache_shmcb_module"] = None
+
+        def side_effect(*args):
+            """Mocks case where an SSLCertificateFile directive can be found
+            but an SSLCertificateKeyFile directive is missing."""
+            if "SSLCertificateFile" in args:
+                return ["example/cert.pem"]
+            return []
+
+        mock_find_dir = mock.MagicMock(return_value=[])
+        mock_find_dir.side_effect = side_effect
+
+        self.config.parser.find_dir = mock_find_dir
+
+        # Get the default 443 vhost
+        self.config.assoc["random.demo"] = self.vh_truth[1]
+
+        self.assertRaises(
+            errors.PluginError, self.config.deploy_cert, "random.demo",
+            "example/cert.pem", "example/key.pem", "example/cert_chain.pem")
+
+        # Remove side_effect to mock case where both SSLCertificateFile
+        # and SSLCertificateKeyFile directives are missing
+        self.config.parser.find_dir.side_effect = None
+        self.assertRaises(
+            errors.PluginError, self.config.deploy_cert, "random.demo",
+            "example/cert.pem", "example/key.pem", "example/cert_chain.pem")
+
    def test_is_name_vhost(self):
        addr = obj.Addr.fromstring("*:80")
        self.assertTrue(self.config.is_name_vhost(addr))
@@ -651,7 +688,7 @@ class MultipleVhostsTest(util.ApacheTest):
        self.assertEqual(ssl_vhost.path,
                         "/files" + ssl_vhost.filep + "/IfModule/Virtualhost")
        self.assertEqual(len(ssl_vhost.addrs), 1)
-        self.assertEqual({obj.Addr.fromstring("*:443")}, ssl_vhost.addrs)
+        self.assertEqual(set([obj.Addr.fromstring("*:443")]), ssl_vhost.addrs)
        self.assertEqual(ssl_vhost.name, "encryption-example.demo")
        self.assertTrue(ssl_vhost.ssl)
        self.assertFalse(ssl_vhost.enabled)
@@ -876,7 +913,7 @@ class MultipleVhostsTest(util.ApacheTest):
        self.config.parser.modules["rewrite_module"] = None
        mock_exe.return_value = True
        ssl_vh1 = obj.VirtualHost(
-            "fp1", "ap1", {obj.Addr(("*", "443"))},
+            "fp1", "ap1", set([obj.Addr(("*", "443"))]),
            True, False)
        ssl_vh1.name = "satoshi.com"
        self.config.vhosts.append(ssl_vh1)
@@ -977,7 +1014,7 @@ class MultipleVhostsTest(util.ApacheTest):

    def test_get_http_vhost_third_filter(self):
        ssl_vh = obj.VirtualHost(
-            "fp", "ap", {obj.Addr(("*", "443"))},
+            "fp", "ap", set([obj.Addr(("*", "443"))]),
            True, False)
        ssl_vh.name = "satoshi.com"
        self.config.vhosts.append(ssl_vh)
@@ -1180,8 +1217,8 @@ class MultipleVhostsTest(util.ApacheTest):
    def test_redirect_with_conflict(self):
        self.config.parser.modules["rewrite_module"] = None
        ssl_vh = obj.VirtualHost(
-            "fp", "ap", {obj.Addr(("*", "443")),
-                             obj.Addr(("zombo.com",))},
+            "fp", "ap", set([obj.Addr(("*", "443")),
+                             obj.Addr(("zombo.com",))]),
            True, False)
        # No names ^ this guy should conflict.

@@ -1223,7 +1260,7 @@ class MultipleVhostsTest(util.ApacheTest):
        self.config.get_version = mock.Mock(return_value=(2, 3, 9))
        # For full testing... give names...
        self.vh_truth[1].name = "default.com"
-        self.vh_truth[1].aliases = {"yes.default.com"}
+        self.vh_truth[1].aliases = set(["yes.default.com"])

        # pylint: disable=protected-access
        self.config._enable_redirect(self.vh_truth[1], "")
@@ -1234,7 +1271,7 @@ class MultipleVhostsTest(util.ApacheTest):
        self.config.get_version = mock.Mock(return_value=(2, 2))
        # For full testing... give names...
        self.vh_truth[1].name = "default.com"
-        self.vh_truth[1].aliases = {"yes.default.com"}
+        self.vh_truth[1].aliases = set(["yes.default.com"])

        # pylint: disable=protected-access
        self.config._enable_redirect(self.vh_truth[1], "")
@@ -1314,16 +1351,6 @@ class MultipleVhostsTest(util.ApacheTest):
                self.assertTrue(mock_add.called)
        shutil.rmtree(tmp_path)

-    def test_deploy_cert_no_mod_ssl(self):
-        # Create
-        ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0])
-        self.config.parser.modules["socache_shmcb_module"] = None
-        self.config.prepare_server_https = mock.Mock()
-
-        self.assertRaises(errors.MisconfigurationError, self.config.deploy_cert,
-            "encryption-example.demo", "example/cert.pem", "example/key.pem",
-            "example/cert_chain.pem", "example/fullchain.pem")
-
    @mock.patch("certbot_apache._internal.parser.ApacheParser.parsed_in_original")
    def test_choose_vhost_and_servername_addition_parsed(self, mock_parsed):
        ret_vh = self.vh_truth[8]
@@ -1585,7 +1612,7 @@ class MultiVhostsTest(util.ApacheTest):
        self.assertEqual(ssl_vhost.path,
                         "/files" + ssl_vhost.filep + "/IfModule/VirtualHost")
        self.assertEqual(len(ssl_vhost.addrs), 1)
-        self.assertEqual({obj.Addr.fromstring("*:443")}, ssl_vhost.addrs)
+        self.assertEqual(set([obj.Addr.fromstring("*:443")]), ssl_vhost.addrs)
        self.assertEqual(ssl_vhost.name, "banana.vomit.com")
        self.assertTrue(ssl_vhost.ssl)
        self.assertFalse(ssl_vhost.enabled)
@@ -1772,22 +1799,12 @@ class InstallSslOptionsConfTest(util.ApacheTest):
            AH02556: "SSLOpenSSLConfCmd %s %s" applied to %s
            OpenSSL 1.0.2g  1 Mar 2016
            """
-        # ssl_module as a DSO
        self.config.parser.modules['ssl_module'] = '/fake/path'
        with mock.patch("certbot_apache._internal.configurator."
            "ApacheConfigurator._open_module_file") as mock_omf:
            mock_omf.return_value = some_string_contents
            self.assertEqual(self.config.openssl_version(), "1.0.2g")

-        # ssl_module statically linked
-        self.config._openssl_version = None
-        self.config.parser.modules['ssl_module'] = None
-        self.config.options['bin'] = '/fake/path/to/httpd'
-        with mock.patch("certbot_apache._internal.configurator."
-            "ApacheConfigurator._open_module_file") as mock_omf:
-            mock_omf.return_value = some_string_contents
-            self.assertEqual(self.config.openssl_version(), "1.0.2g")
-
    def test_current_version(self):
        self.config.version = (2, 4, 10)
        self.config._openssl_version = '1.0.2m'
@@ -1809,20 +1826,11 @@ class InstallSslOptionsConfTest(util.ApacheTest):
            self.assertEqual(self.config.openssl_version(), None)
            self.assertTrue("Could not find ssl_module" in mock_log.call_args[0][0])

-        # When no ssl_module is present at all
        self.config._openssl_version = None
-        self.assertTrue("ssl_module" not in self.config.parser.modules)
-        with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
-            self.assertEqual(self.config.openssl_version(), None)
-            self.assertTrue("Could not find ssl_module" in mock_log.call_args[0][0])
-
-        # When ssl_module is statically linked but --apache-bin not provided
-        self.config._openssl_version = None
-        self.config.options['bin'] = None
        self.config.parser.modules['ssl_module'] = None
        with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
            self.assertEqual(self.config.openssl_version(), None)
-            self.assertTrue("ssl_module is statically linked but" in mock_log.call_args[0][0])
+            self.assertTrue("Could not find ssl_module" in mock_log.call_args[0][0])

        self.config.parser.modules['ssl_module'] = "/fake/path"
        with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
--- a/certbot-apache/tests/debian_test.py
+++ b/certbot-apache/tests/debian_test.py
@@ -5,7 +5,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-apache/tests/display_ops_test.py
+++ b/certbot-apache/tests/display_ops_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.display import util as display_util
@@ -96,9 +96,9 @@ class SelectVhostTest(unittest.TestCase):

        self.vhosts.append(
            obj.VirtualHost(
-                "path", "aug_path", {obj.Addr.fromstring("*:80")},
+                "path", "aug_path", set([obj.Addr.fromstring("*:80")]),
                False, False,
-                "wildcard.com", {"*.wildcard.com"}))
+                "wildcard.com", set(["*.wildcard.com"])))

        self.assertEqual(self.vhosts[5], self._call(self.vhosts))

--- a/certbot-apache/tests/dualnode_test.py
+++ b/certbot-apache/tests/dualnode_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot_apache._internal import assertions
 from certbot_apache._internal import augeasparser
--- a/certbot-apache/tests/entrypoint_test.py
+++ b/certbot-apache/tests/entrypoint_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot_apache._internal import configurator
 from certbot_apache._internal import entrypoint
--- a/certbot-apache/tests/fedora_test.py
+++ b/certbot-apache/tests/fedora_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.compat import filesystem
--- a/certbot-apache/tests/gentoo_test.py
+++ b/certbot-apache/tests/gentoo_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.compat import filesystem
@@ -24,19 +24,19 @@ def get_vh_truth(temp_dir, config_name):
        obj.VirtualHost(
            os.path.join(prefix, "gentoo.example.com.conf"),
            os.path.join(aug_pre, "gentoo.example.com.conf/VirtualHost"),
-            {obj.Addr.fromstring("*:80")},
+            set([obj.Addr.fromstring("*:80")]),
            False, True, "gentoo.example.com"),
        obj.VirtualHost(
            os.path.join(prefix, "00_default_vhost.conf"),
            os.path.join(aug_pre, "00_default_vhost.conf/IfDefine/VirtualHost"),
-            {obj.Addr.fromstring("*:80")},
+            set([obj.Addr.fromstring("*:80")]),
            False, True, "localhost"),
        obj.VirtualHost(
            os.path.join(prefix, "00_default_ssl_vhost.conf"),
            os.path.join(aug_pre,
                         "00_default_ssl_vhost.conf" +
                         "/IfDefine/IfDefine/IfModule/VirtualHost"),
-            {obj.Addr.fromstring("_default_:443")},
+            set([obj.Addr.fromstring("_default_:443")]),
            True, True, "localhost")
    ]
    return vh_truth
--- a/certbot-apache/tests/http_01_test.py
+++ b/certbot-apache/tests/http_01_test.py
@@ -5,7 +5,7 @@ import errno
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from acme import challenges
 from certbot import achallenges
--- a/certbot-apache/tests/obj_test.py
+++ b/certbot-apache/tests/obj_test.py
@@ -14,13 +14,13 @@ class VirtualHostTest(unittest.TestCase):
        self.addr_default = Addr.fromstring("_default_:443")

        self.vhost1 = VirtualHost(
-            "filep", "vh_path", {self.addr1}, False, False, "localhost")
+            "filep", "vh_path", set([self.addr1]), False, False, "localhost")

        self.vhost1b = VirtualHost(
-            "filep", "vh_path", {self.addr1}, False, False, "localhost")
+            "filep", "vh_path", set([self.addr1]), False, False, "localhost")

        self.vhost2 = VirtualHost(
-            "fp", "vhp", {self.addr2}, False, False, "localhost")
+            "fp", "vhp", set([self.addr2]), False, False, "localhost")

    def test_repr(self):
        self.assertEqual(repr(self.addr2),
@@ -42,7 +42,7 @@ class VirtualHostTest(unittest.TestCase):

        complex_vh = VirtualHost(
            "fp", "vhp",
-            {Addr.fromstring("*:443"), Addr.fromstring("1.2.3.4:443")},
+            set([Addr.fromstring("*:443"), Addr.fromstring("1.2.3.4:443")]),
            False, False)
        self.assertTrue(complex_vh.conflicts([self.addr1]))
        self.assertTrue(complex_vh.conflicts([self.addr2]))
@@ -57,14 +57,14 @@ class VirtualHostTest(unittest.TestCase):
    def test_same_server(self):
        from certbot_apache._internal.obj import VirtualHost
        no_name1 = VirtualHost(
-            "fp", "vhp", {self.addr1}, False, False, None)
+            "fp", "vhp", set([self.addr1]), False, False, None)
        no_name2 = VirtualHost(
-            "fp", "vhp", {self.addr2}, False, False, None)
+            "fp", "vhp", set([self.addr2]), False, False, None)
        no_name3 = VirtualHost(
-            "fp", "vhp", {self.addr_default},
+            "fp", "vhp", set([self.addr_default]),
            False, False, None)
        no_name4 = VirtualHost(
-            "fp", "vhp", {self.addr2, self.addr_default},
+            "fp", "vhp", set([self.addr2, self.addr_default]),
            False, False, None)

        self.assertTrue(self.vhost1.same_server(self.vhost2))
--- a/certbot-apache/tests/parser_test.py
+++ b/certbot-apache/tests/parser_test.py
@@ -5,7 +5,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-apache/tests/parsernode_configurator_test.py
+++ b/certbot-apache/tests/parsernode_configurator_test.py
@@ -4,7 +4,7 @@ import unittest
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock

 import util

--- a/certbot-apache/tests/util.py
+++ b/certbot-apache/tests/util.py
@@ -8,7 +8,7 @@ import josepy as jose
 try:
    import mock
 except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+    from unittest import mock
 import zope.component

 from certbot.compat import os
@@ -145,71 +145,71 @@ def get_vh_truth(temp_dir, config_name):
            obj.VirtualHost(
                os.path.join(prefix, "encryption-example.conf"),
                os.path.join(aug_pre, "encryption-example.conf/Virtualhost"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "encryption-example.demo"),
            obj.VirtualHost(
                os.path.join(prefix, "default-ssl.conf"),
                os.path.join(aug_pre,
                             "default-ssl.conf/IfModule/VirtualHost"),
-                {obj.Addr.fromstring("_default_:443")}, True, True),
+                set([obj.Addr.fromstring("_default_:443")]), True, True),
            obj.VirtualHost(
                os.path.join(prefix, "000-default.conf"),
                os.path.join(aug_pre, "000-default.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80"),
-                     obj.Addr.fromstring("[::]:80")},
+                set([obj.Addr.fromstring("*:80"),
+                     obj.Addr.fromstring("[::]:80")]),
                False, True, "ip-172-30-0-17"),
            obj.VirtualHost(
                os.path.join(prefix, "certbot.conf"),
                os.path.join(aug_pre, "certbot.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, False, True,
+                set([obj.Addr.fromstring("*:80")]), False, True,
                "certbot.demo", aliases=["www.certbot.demo"]),
            obj.VirtualHost(
                os.path.join(prefix, "mod_macro-example.conf"),
                os.path.join(aug_pre,
                             "mod_macro-example.conf/Macro/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, False, True,
+                set([obj.Addr.fromstring("*:80")]), False, True,
                modmacro=True),
            obj.VirtualHost(
                os.path.join(prefix, "default-ssl-port-only.conf"),
                os.path.join(aug_pre, ("default-ssl-port-only.conf/"
                                       "IfModule/VirtualHost")),
-                {obj.Addr.fromstring("_default_:443")}, True, True),
+                set([obj.Addr.fromstring("_default_:443")]), True, True),
            obj.VirtualHost(
                os.path.join(prefix, "wildcard.conf"),
                os.path.join(aug_pre, "wildcard.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, False, True,
+                set([obj.Addr.fromstring("*:80")]), False, True,
                "ip-172-30-0-17", aliases=["*.blue.purple.com"]),
            obj.VirtualHost(
                os.path.join(prefix, "ocsp-ssl.conf"),
                os.path.join(aug_pre, "ocsp-ssl.conf/IfModule/VirtualHost"),
-                {obj.Addr.fromstring("10.2.3.4:443")}, True, True,
+                set([obj.Addr.fromstring("10.2.3.4:443")]), True, True,
                "ocspvhost.com"),
            obj.VirtualHost(
                os.path.join(prefix, "non-symlink.conf"),
                os.path.join(aug_pre, "non-symlink.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, False, True,
+                set([obj.Addr.fromstring("*:80")]), False, True,
                "nonsym.link"),
            obj.VirtualHost(
                os.path.join(prefix, "default-ssl-port-only.conf"),
                os.path.join(aug_pre,
                             "default-ssl-port-only.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, True, True, ""),
+                set([obj.Addr.fromstring("*:80")]), True, True, ""),
            obj.VirtualHost(
                os.path.join(temp_dir, config_name,
                             "apache2/apache2.conf"),
                "/files" + os.path.join(temp_dir, config_name,
                                        "apache2/apache2.conf/VirtualHost"),
-                {obj.Addr.fromstring("*:80")}, False, True,
+                set([obj.Addr.fromstring("*:80")]), False, True,
                "vhost.in.rootconf"),
            obj.VirtualHost(
                os.path.join(prefix, "duplicatehttp.conf"),
                os.path.join(aug_pre, "duplicatehttp.conf/VirtualHost"),
-                {obj.Addr.fromstring("10.2.3.4:80")}, False, True,
+                set([obj.Addr.fromstring("10.2.3.4:80")]), False, True,
                "duplicate.example.com"),
            obj.VirtualHost(
                os.path.join(prefix, "duplicatehttps.conf"),
                os.path.join(aug_pre, "duplicatehttps.conf/IfModule/VirtualHost"),
-                {obj.Addr.fromstring("10.2.3.4:443")}, True, True,
+                set([obj.Addr.fromstring("10.2.3.4:443")]), True, True,
                "duplicate.example.com")]
        return vh_truth
    if config_name == "debian_apache_2_4/multi_vhosts":
@@ -220,27 +220,27 @@ def get_vh_truth(temp_dir, config_name):
            obj.VirtualHost(
                os.path.join(prefix, "default.conf"),
                os.path.join(aug_pre, "default.conf/VirtualHost[1]"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "ip-172-30-0-17"),
            obj.VirtualHost(
                os.path.join(prefix, "default.conf"),
                os.path.join(aug_pre, "default.conf/VirtualHost[2]"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "banana.vomit.com"),
            obj.VirtualHost(
                os.path.join(prefix, "multi-vhost.conf"),
                os.path.join(aug_pre, "multi-vhost.conf/VirtualHost[1]"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "1.multi.vhost.tld"),
            obj.VirtualHost(
                os.path.join(prefix, "multi-vhost.conf"),
                os.path.join(aug_pre, "multi-vhost.conf/IfModule/VirtualHost"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "2.multi.vhost.tld"),
            obj.VirtualHost(
                os.path.join(prefix, "multi-vhost.conf"),
                os.path.join(aug_pre, "multi-vhost.conf/VirtualHost[2]"),
-                {obj.Addr.fromstring("*:80")},
+                set([obj.Addr.fromstring("*:80")]),
                False, True, "3.multi.vhost.tld")]
        return vh_truth
    return None  # pragma: no cover
--- a/45
+++ b/45
@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="1.5.0"
+LE_AUTO_VERSION="1.3.0"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -910,11 +910,20 @@ elif [ -f /etc/manjaro-release ]; then
  }
  BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
 elif [ -f /etc/gentoo-release ]; then
-  DEPRECATED_OS=1
+  Bootstrap() {
+    DeprecationBootstrap "Gentoo" BootstrapGentooCommon
+  }
+  BOOTSTRAP_VERSION="BootstrapGentooCommon $BOOTSTRAP_GENTOO_COMMON_VERSION"
 elif uname | grep -iq FreeBSD ; then
-  DEPRECATED_OS=1
+  Bootstrap() {
+    DeprecationBootstrap "FreeBSD" BootstrapFreeBsd
+  }
+  BOOTSTRAP_VERSION="BootstrapFreeBsd $BOOTSTRAP_FREEBSD_VERSION"
 elif uname | grep -iq Darwin ; then
-  DEPRECATED_OS=1
+  Bootstrap() {
+    DeprecationBootstrap "macOS" BootstrapMac
+  }
+  BOOTSTRAP_VERSION="BootstrapMac $BOOTSTRAP_MAC_VERSION"
 elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
@@ -1334,9 +1343,7 @@ cryptography==2.8 \
 distro==1.4.0 \
    --hash=sha256:362dde65d846d23baee4b5c058c8586f219b5a54be1cf5fc6ff55c4578392f57 \
    --hash=sha256:eedf82a470ebe7d010f1872c17237c79ab04097948800029994fa458e52fb4b4
-# Package enum34 needs to be explicitly limited to Python2.x, in order to avoid
-# certbot-auto failures on Python 3.6+ which enum34 doesn't support. See #5456.
-enum34==1.1.6 ; python_version < '3.4' \
+enum34==1.1.6 \
    --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850 \
    --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a \
    --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79 \
@@ -1533,18 +1540,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==1.5.0 \
-    --hash=sha256:ec1f01af06b52a6f079f5b02cb70e88f0671a7b13ecb3e45b040563e32c6e53a \
-    --hash=sha256:c52017a4f84137e1312c898d6ae69c5f7977d79d2bd4c2df013cbbf39b6539bf
-acme==1.5.0 \
-    --hash=sha256:66de67b394bb7606f97f2c21507e6eb6a88936db2a940f5c4893025f87e3852a \
-    --hash=sha256:b051ff7dd3935b2032c2f8c8386e905d9b658eba9f3455e352650d85bea9c8f0
-certbot-apache==1.5.0 \
-    --hash=sha256:d2c28be6dcd6c56a8040c8c733e72c1341238b1b47fb59f544eb832b9d5c81ba \
-    --hash=sha256:3eec5a49ae4fcf86213f962eb1e11d8a725b65e7dcee18f9b92c7aa73f821764
-certbot-nginx==1.5.0 \
-    --hash=sha256:3d27fd02ebe15b07ce5fa9525ceeda82aa5fdc45aa064729434faff0442d1f91 \
-    --hash=sha256:b38f101588af6d2b8ea7c2e3334f249afbe14461a85add2f1420091d860df983
+certbot==1.3.0 \
+    --hash=sha256:979793b36151be26c159f1946d065a0cbbcaed3e9ac452c19a142b0d2d2b42e3 \
+    --hash=sha256:bc2091cbbc2f432872ed69309046e79771d9c81cd441bde3e6a6553ecd04b1d8
+acme==1.3.0 \
+    --hash=sha256:b888757c750e393407a3cdf0eb5c2d06036951e10c41db4c83537617568561b6 \
+    --hash=sha256:c0de9e1fbcb4a28509825a4d19ab5455910862b23fa338acebc7bbe7c0abd20d
+certbot-apache==1.3.0 \
+    --hash=sha256:1050cd262bcc598957c45a6fa1febdf5e41e87176c0aebad3a1ab7268b0d82d9 \
+    --hash=sha256:4a6bb818a7a70803127590a54bb25c1e79810761c9d4c92cf9f16a56b518bd52
+certbot-nginx==1.3.0 \
+    --hash=sha256:46106b96429d1aaf3765635056352d2372941027a3bc26bbf964e4329202adc7 \
+    --hash=sha256:9aa0869c1250b7ea0a1eb1df6bdb5d0d6190d6ca0400da1033a8decc0df6f65b

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
--- a/certbot-ci/certbot_integration_tests/assets/hook.py
+++ b/certbot-ci/certbot_integration_tests/assets/hook.py
@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-from __future__ import print_function
 import os
 import sys

@@ -8,4 +7,5 @@ if hook_script_type == 'deploy' and ('RENEWED_DOMAINS' not in os.environ or 'REN
    sys.stderr.write('Environment variables not properly set!\n')
    sys.exit(1)

-print(hook_script_type)
+with open(sys.argv[2], 'a') as file_h:
+    file_h.write(hook_script_type + '\n')
--- a/certbot-ci/certbot_integration_tests/certbot_tests/assertions.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/assertions.py
@@ -1,5 +1,4 @@
 """This module contains advanced assertions for the certbot integration tests."""
-import io
 import os

 try:
@@ -22,8 +21,7 @@ def assert_hook_execution(probe_path, probe_content):
    :param probe_path: path to the file that received the hook output
    :param probe_content: content expected when the hook is executed
    """
-    encoding = 'utf-8' if POSIX_MODE else 'utf-16'
-    with io.open(probe_path, 'rt', encoding=encoding) as file:
+    with open(probe_path, 'r') as file:
        data = file.read()

    lines = [line.strip() for line in data.splitlines()]
--- a/certbot-ci/certbot_integration_tests/certbot_tests/context.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/context.py
@@ -1,4 +1,5 @@
 """Module to handle the context of integration tests."""
+import logging
 import os
 import shutil
 import sys
--- a/certbot-ci/certbot_integration_tests/utils/acme_server.py
+++ b/certbot-ci/certbot_integration_tests/utils/acme_server.py
@@ -86,8 +86,7 @@ class ACMEServer(object):
                                                'alpine', 'rm', '-rf', '/workspace/boulder'])
                process.wait()
        finally:
-            if os.path.exists(self._workspace):
-                shutil.rmtree(self._workspace)
+            shutil.rmtree(self._workspace)
        if self._stdout != sys.stdout:
            self._stdout.close()
        print('=> Test infrastructure stopped and cleaned up.')
--- a/certbot-ci/certbot_integration_tests/utils/misc.py
+++ b/certbot-ci/certbot_integration_tests/utils/misc.py
@@ -140,12 +140,13 @@ def generate_test_file_hooks(config_dir, hook_probe):
            entrypoint_script = '''\
 #!/usr/bin/env bash
 set -e
-"{0}" "{1}" "{2}" >> "{3}"
+"{0}" "{1}" "{2}" "{3}"
 '''.format(sys.executable, hook_path, entrypoint_script_path, hook_probe)
        else:
-            entrypoint_script_path = os.path.join(hook_dir, 'entrypoint.ps1')
+            entrypoint_script_path = os.path.join(hook_dir, 'entrypoint.bat')
            entrypoint_script = '''\
-& "{0}" "{1}" "{2}" >> "{3}"
+@echo off
+"{0}" "{1}" "{2}" "{3}"
            '''.format(sys.executable, hook_path, entrypoint_script_path, hook_probe)

        with open(entrypoint_script_path, 'w') as file_h:
@@ -235,7 +236,7 @@ def generate_csr(domains, key_path, csr_path, key_type=RSA_KEY_TYPE):
        file_h.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))

    req = crypto.X509Req()
-    san = ', '.join('DNS:{0}'.format(item) for item in domains)
+    san = ', '.join(['DNS:{0}'.format(item) for item in domains])
    san_constraint = crypto.X509Extension(b'subjectAltName', False, san.encode('utf-8'))
    req.add_extensions([san_constraint])

--- a/certbot-compatibility-test/certbot_compatibility_test/configurators/apache/common.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/configurators/apache/common.py
@@ -3,10 +3,7 @@ import os
 import shutil
 import subprocess

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import zope.interface

 from certbot import errors as le_errors
--- a/certbot-compatibility-test/certbot_compatibility_test/test_driver.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/test_driver.py
@@ -96,7 +96,7 @@ def test_authenticator(plugin, config, temp_dir):

 def _create_achalls(plugin):
    """Returns a list of annotated challenges to test on plugin"""
-    achalls = []
+    achalls = list()
    names = plugin.get_testable_domain_names()
    for domain in names:
        prefs = plugin.get_chall_pref(domain)
--- a/certbot-compatibility-test/certbot_compatibility_test/validator_test.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/validator_test.py
@@ -1,10 +1,7 @@
 """Tests for certbot_compatibility_test.validator."""
 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import OpenSSL
 import requests

--- a/certbot-compatibility-test/setup.py
+++ b/certbot-compatibility-test/setup.py
@@ -1,29 +1,19 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 install_requires = [
    'certbot',
    'certbot-apache',
+    'mock',
    'six',
    'requests',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 if sys.version_info < (2, 7, 9):
    # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning)
    install_requires.append('ndg-httpsclient')
--- a/certbot-dns-cloudflare/setup.py
+++ b/certbot-dns-cloudflare/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.29.0',
    'certbot>=1.1.0',
    'cloudflare>=1.5.1',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-cloudflare/tests/dns_cloudflare_test.py
+++ b/certbot-dns-cloudflare/tests/dns_cloudflare_test.py
@@ -3,10 +3,7 @@
 import unittest

 import CloudFlare
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-cloudxns/setup.py
+++ b/certbot-dns-cloudxns/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-cloudxns/tests/dns_cloudxns_test.py
+++ b/certbot-dns-cloudxns/tests/dns_cloudxns_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError
 from requests.exceptions import RequestException

--- a/certbot-dns-digitalocean/setup.py
+++ b/certbot-dns-digitalocean/setup.py
@@ -1,33 +1,23 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
    'acme>=0.29.0',
    'certbot>=1.1.0',
+    'mock',
    'python-digitalocean>=1.11',
    'setuptools',
    'six',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-digitalocean/tests/dns_digitalocean_test.py
+++ b/certbot-dns-digitalocean/tests/dns_digitalocean_test.py
@@ -3,10 +3,7 @@
 import unittest

 import digitalocean
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-dnsimple/setup.py
+++ b/certbot-dns-dnsimple/setup.py
@@ -1,32 +1,22 @@
-from distutils.version import StrictVersion
 import os
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 # This package normally depends on dns-lexicon>=3.2.1 to address the
 # problem described in https://github.com/AnalogJ/lexicon/issues/387,
 # however, the fix there has been backported to older versions of
--- a/certbot-dns-dnsimple/tests/dns_dnsimple_test.py
+++ b/certbot-dns-dnsimple/tests/dns_dnsimple_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-dnsmadeeasy/setup.py
+++ b/certbot-dns-dnsmadeeasy/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-dnsmadeeasy/tests/dns_dnsmadeeasy_test.py
+++ b/certbot-dns-dnsmadeeasy/tests/dns_dnsmadeeasy_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-gehirn/setup.py
+++ b/certbot-dns-gehirn/setup.py
@@ -1,31 +1,21 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.1.22',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-gehirn/tests/dns_gehirn_test.py
+++ b/certbot-dns-gehirn/tests/dns_gehirn_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-google/setup.py
+++ b/certbot-dns-google/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,6 +12,7 @@ install_requires = [
    'acme>=0.29.0',
    'certbot>=1.1.0',
    'google-api-python-client>=1.5.5',
+    'mock',
    'oauth2client>=4.0',
    'setuptools',
    'zope.interface',
@@ -21,15 +20,6 @@ install_requires = [
    'httplib2'
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-google/tests/dns_google_test.py
+++ b/certbot-dns-google/tests/dns_google_test.py
@@ -6,10 +6,7 @@ from googleapiclient import discovery
 from googleapiclient.errors import Error
 from googleapiclient.http import HttpMock
 from httplib2 import ServerNotFoundError
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-linode/setup.py
+++ b/certbot-dns-linode/setup.py
@@ -1,31 +1,21 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.2.3',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-linode/tests/dns_linode_test.py
+++ b/certbot-dns-linode/tests/dns_linode_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-luadns/setup.py
+++ b/certbot-dns-luadns/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-luadns/tests/dns_luadns_test.py
+++ b/certbot-dns-luadns/tests/dns_luadns_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-nsone/setup.py
+++ b/certbot-dns-nsone/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-nsone/tests/dns_nsone_test.py
+++ b/certbot-dns-nsone/tests/dns_nsone_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-ovh/setup.py
+++ b/certbot-dns-ovh/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.7.14',  # Correct proxy use on OVH provider
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-ovh/tests/dns_ovh_test.py
+++ b/certbot-dns-ovh/tests/dns_ovh_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-dns-rfc2136/setup.py
+++ b/certbot-dns-rfc2136/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.29.0',
    'certbot>=1.1.0',
    'dnspython',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-rfc2136/tests/dns_rfc2136_test.py
+++ b/certbot-dns-rfc2136/tests/dns_rfc2136_test.py
@@ -5,10 +5,7 @@ import unittest
 import dns.flags
 import dns.rcode
 import dns.tsig
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-route53/setup.py
+++ b/certbot-dns-route53/setup.py
@@ -1,12 +1,10 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
@@ -14,19 +12,11 @@ install_requires = [
    'acme>=0.29.0',
    'certbot>=1.1.0',
    'boto3',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 class PyTest(TestCommand):
    user_options = []

--- a/certbot-dns-route53/tests/dns_route53_test.py
+++ b/certbot-dns-route53/tests/dns_route53_test.py
@@ -4,10 +4,7 @@ import unittest

 from botocore.exceptions import ClientError
 from botocore.exceptions import NoCredentialsError
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot import errors
 from certbot.compat import os
--- a/certbot-dns-sakuracloud/setup.py
+++ b/certbot-dns-sakuracloud/setup.py
@@ -1,31 +1,21 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
    'acme>=0.31.0',
    'certbot>=1.1.0',
    'dns-lexicon>=2.1.23',
+    'mock',
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-
 docs_extras = [
    'Sphinx>=1.0',  # autodoc_member_order = 'bysource', autodoc_default_flags
    'sphinx_rtd_theme',
--- a/certbot-dns-sakuracloud/tests/dns_sakuracloud_test.py
+++ b/certbot-dns-sakuracloud/tests/dns_sakuracloud_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 from requests.exceptions import HTTPError

 from certbot.compat import os
--- a/certbot-nginx/certbot_nginx/_internal/configurator.py
+++ b/certbot-nginx/certbot_nginx/_internal/configurator.py
@@ -748,7 +748,7 @@ class NginxConfigurator(common.Installer):

            # if there is no separate SSL block, break the block into two and
            # choose the SSL block.
-            if vhost.ssl and any(not addr.ssl for addr in vhost.addrs):
+            if vhost.ssl and any([not addr.ssl for addr in vhost.addrs]):
                _, vhost = self._split_block(vhost)

            header_directives = [
@@ -983,7 +983,7 @@ class NginxConfigurator(common.Installer):
            logger.warning("NGINX derivative %s is not officially supported by"
                           " certbot", product_name)

-        nginx_version = tuple(int(i) for i in product_version.split("."))
+        nginx_version = tuple([int(i) for i in product_version.split(".")])

        # nginx < 0.8.48 uses machine hostname as default server_name instead of
        # the empty string
--- a/certbot-nginx/certbot_nginx/_internal/display_ops.py
+++ b/certbot-nginx/certbot_nginx/_internal/display_ops.py
@@ -17,7 +17,7 @@ def select_vhost_multiple(vhosts):
    :rtype: :class:`list`of type `~obj.Vhost`
    """
    if not vhosts:
-        return []
+        return list()
    tags_list = [vhost.display_repr()+"\n" for vhost in vhosts]
    # Remove the extra newline from the last entry
    if tags_list:
@@ -33,7 +33,7 @@ def select_vhost_multiple(vhosts):
 def _reversemap_vhosts(names, vhosts):
    """Helper function for select_vhost_multiple for mapping string
    representations back to actual vhost objects"""
-    return_vhosts = []
+    return_vhosts = list()

    for selection in names:
        for vhost in vhosts:
--- a/certbot-nginx/certbot_nginx/_internal/parser.py
+++ b/certbot-nginx/certbot_nginx/_internal/parser.py
@@ -404,9 +404,9 @@ class NginxParser(object):
                if directive and directive[0] == 'listen':
                    # Exclude one-time use parameters which will cause an error if repeated.
                    # https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
-                    exclude = {'default_server', 'default', 'setfib', 'fastopen', 'backlog',
+                    exclude = set(('default_server', 'default', 'setfib', 'fastopen', 'backlog',
                                   'rcvbuf', 'sndbuf', 'accept_filter', 'deferred', 'bind',
-                                   'ipv6only', 'reuseport', 'so_keepalive'}
+                                   'ipv6only', 'reuseport', 'so_keepalive'))

                    for param in exclude:
                        # See: github.com/certbot/certbot/pull/6223#pullrequestreview-143019225
@@ -578,7 +578,7 @@ def _update_or_add_directives(directives, insert_at_top, block):


 INCLUDE = 'include'
-REPEATABLE_DIRECTIVES = {'server_name', 'listen', INCLUDE, 'rewrite', 'add_header'}
+REPEATABLE_DIRECTIVES = set(['server_name', 'listen', INCLUDE, 'rewrite', 'add_header'])
 COMMENT = ' managed by Certbot'
 COMMENT_BLOCK = [' ', '#', COMMENT]

--- a/certbot-nginx/certbot_nginx/_internal/parser_obj.py
+++ b/certbot-nginx/certbot_nginx/_internal/parser_obj.py
@@ -206,7 +206,7 @@ class Sentence(Parsable):
        :returns: whether this lists is parseable by `Sentence`.
        """
        return isinstance(lists, list) and len(lists) > 0 and \
-            all(isinstance(elem, six.string_types) for elem in lists)
+            all([isinstance(elem, six.string_types) for elem in lists])

    def parse(self, raw_list, add_spaces=False):
        """ Parses a list of string types into this object.
@@ -214,7 +214,7 @@ class Sentence(Parsable):
        if add_spaces:
            raw_list = _space_list(raw_list)
        if not isinstance(raw_list, list) or \
-                any(not isinstance(elem, six.string_types) for elem in raw_list):
+                any([not isinstance(elem, six.string_types) for elem in raw_list]):
            raise errors.MisconfigurationError("Sentence parsing expects a list of string types.")
        self._data = raw_list

--- a/certbot-nginx/local-oldest-requirements.txt
+++ b/certbot-nginx/local-oldest-requirements.txt
@@ -1,3 +1,3 @@
 # Remember to update setup.py to match the package versions below.
-acme[dev]==1.4.0
-certbot[dev]==1.4.0
+-e acme[dev]
+-e certbot[dev]
--- a/certbot-nginx/setup.py
+++ b/certbot-nginx/setup.py
@@ -1,33 +1,23 @@
-from distutils.version import StrictVersion
 import sys

-from setuptools import __version__ as setuptools_version
 from setuptools import find_packages
 from setuptools import setup
 from setuptools.command.test import test as TestCommand

-version = '1.6.0.dev0'
+version = '1.4.0.dev0'

 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'acme>=1.4.0',
-    'certbot>=1.4.0',
+    'acme>=1.4.0.dev0',
+    'certbot>=1.4.0.dev0',
+    'mock',
    'PyOpenSSL',
    'pyparsing>=1.5.5',  # Python3 support
    'setuptools',
    'zope.interface',
 ]

-setuptools_known_environment_markers = (StrictVersion(setuptools_version) >= StrictVersion('36.2'))
-if setuptools_known_environment_markers:
-    install_requires.append('mock ; python_version < "3.3"')
-elif 'bdist_wheel' in sys.argv[1:]:
-    raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
-                       'of setuptools. Version 36.2+ of setuptools is required.')
-elif sys.version_info < (3,3):
-    install_requires.append('mock')
-

 class PyTest(TestCommand):
    user_options = []
--- a/certbot-nginx/tests/configurator_test.py
+++ b/certbot-nginx/tests/configurator_test.py
@@ -1,10 +1,7 @@
 """Test for certbot_nginx._internal.configurator."""
 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import OpenSSL

 from acme import challenges
@@ -107,7 +104,7 @@ class NginxConfiguratorTest(util.NginxTest):
        filep = self.config.parser.abs_path('sites-enabled/example.com')
        mock_vhost = obj.VirtualHost(filep,
                                     None, None, None,
-                                     {'.example.com', 'example.*'},
+                                     set(['.example.com', 'example.*']),
                                     None, [0])
        self.config.parser.add_server_directives(
            mock_vhost,
@@ -153,11 +150,11 @@ class NginxConfiguratorTest(util.NginxTest):
        self._test_choose_vhosts_common('ipv6.com', 'ipv6_conf')

    def _test_choose_vhosts_common(self, name, conf):
-        conf_names = {'localhost_conf': {'localhost', r'~^(www\.)?(example|bar)\.'},
-                 'server_conf': {'somename', 'another.alias', 'alias'},
-                 'example_conf': {'.example.com', 'example.*'},
-                 'foo_conf': {'*.www.foo.com', '*.www.example.com'},
-                 'ipv6_conf': {'ipv6.com'}}
+        conf_names = {'localhost_conf': set(['localhost', r'~^(www\.)?(example|bar)\.']),
+                 'server_conf': set(['somename', 'another.alias', 'alias']),
+                 'example_conf': set(['.example.com', 'example.*']),
+                 'foo_conf': set(['*.www.foo.com', '*.www.example.com']),
+                 'ipv6_conf': set(['ipv6.com'])}

        conf_path = {'localhost': "etc_nginx/nginx.conf",
                   'alias': "etc_nginx/nginx.conf",
@@ -180,7 +177,7 @@ class NginxConfiguratorTest(util.NginxTest):
            self.assertTrue(vhost.ipv6_enabled())
            # Make sure that we have SSL enabled also for IPv6 addr
            self.assertTrue(
-                any(True for x in vhost.addrs if x.ssl and x.ipv6))
+                any([True for x in vhost.addrs if x.ssl and x.ipv6]))

    def test_choose_vhosts_bad(self):
        bad_results = ['www.foo.com', 'example', 't.www.bar.co',
--- a/certbot-nginx/tests/http_01_test.py
+++ b/certbot-nginx/tests/http_01_test.py
@@ -2,10 +2,7 @@
 import unittest

 import josepy as jose
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import six

 from acme import challenges
--- a/certbot-nginx/tests/obj_test.py
+++ b/certbot-nginx/tests/obj_test.py
@@ -98,10 +98,10 @@ class AddrTest(unittest.TestCase):

    def test_set_inclusion(self):
        from certbot_nginx._internal.obj import Addr
-        set_a = {self.addr1, self.addr2}
+        set_a = set([self.addr1, self.addr2])
        addr1b = Addr.fromstring("192.168.1.1")
        addr2b = Addr.fromstring("192.168.1.1:* ssl")
-        set_b = {addr1b, addr2b}
+        set_b = set([addr1b, addr2b])

        self.assertEqual(set_a, set_b)

@@ -120,8 +120,8 @@ class VirtualHostTest(unittest.TestCase):
        ]
        self.vhost1 = VirtualHost(
            "filep",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, raw1, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), raw1, [])
        raw2 = [
            ['listen', '69.50.225.155:9000'],
            [['if', '($scheme', '!=', '"https") '],
@@ -130,24 +130,24 @@ class VirtualHostTest(unittest.TestCase):
        ]
        self.vhost2 = VirtualHost(
            "filep",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, raw2, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), raw2, [])
        raw3 = [
            ['listen', '69.50.225.155:9000'],
            ['rewrite', '^(.*)$', '$scheme://www.domain.com$1', 'permanent']
        ]
        self.vhost3 = VirtualHost(
            "filep",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, raw3, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), raw3, [])
        raw4 = [
            ['listen', '69.50.225.155:9000'],
            ['server_name', 'return.com']
        ]
        self.vhost4 = VirtualHost(
            "filp",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, raw4, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), raw4, [])
        raw_has_hsts = [
            ['listen', '69.50.225.155:9000'],
            ['server_name', 'return.com'],
@@ -155,16 +155,16 @@ class VirtualHostTest(unittest.TestCase):
        ]
        self.vhost_has_hsts = VirtualHost(
            "filep",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, raw_has_hsts, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), raw_has_hsts, [])

    def test_eq(self):
        from certbot_nginx._internal.obj import Addr
        from certbot_nginx._internal.obj import VirtualHost
        vhost1b = VirtualHost(
            "filep",
-            {Addr.fromstring("localhost blah")}, False, False,
-            {'localhost'}, [], [])
+            set([Addr.fromstring("localhost blah")]), False, False,
+            set(['localhost']), [], [])

        self.assertEqual(vhost1b, self.vhost1)
        self.assertEqual(str(vhost1b), str(self.vhost1))
@@ -203,8 +203,8 @@ class VirtualHostTest(unittest.TestCase):
            ['#', ' managed by Certbot'], []]
        vhost_haystack = VirtualHost(
            "filp",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, test_haystack, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), test_haystack, [])
        test_bad_haystack = [['listen', '80'], ['root', '/var/www/html'],
            ['index', 'index.html index.htm index.nginx-debian.html'],
            ['server_name', 'two.functorkitten.xyz'], ['listen', '443 ssl'],
@@ -219,8 +219,8 @@ class VirtualHostTest(unittest.TestCase):
            ['#', ' managed by Certbot'], []]
        vhost_bad_haystack = VirtualHost(
            "filp",
-            {Addr.fromstring("localhost")}, False, False,
-            {'localhost'}, test_bad_haystack, [])
+            set([Addr.fromstring("localhost")]), False, False,
+            set(['localhost']), test_bad_haystack, [])
        self.assertTrue(vhost_haystack.contains_list(test_needle))
        self.assertFalse(vhost_bad_haystack.contains_list(test_needle))

--- a/certbot-nginx/tests/parser_obj_test.py
+++ b/certbot-nginx/tests/parser_obj_test.py
@@ -2,10 +2,7 @@

 import unittest

-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock

 from certbot_nginx._internal.parser_obj import COMMENT_BLOCK
 from certbot_nginx._internal.parser_obj import parse_raw
@@ -83,7 +80,7 @@ class ParsingHooksTest(unittest.TestCase):
        fake_parser1.should_parse = lambda x: False
        parsing_hooks.return_value = (fake_parser1,)
        self.assertRaises(errors.MisconfigurationError, parse_raw, [])
-        parsing_hooks.return_value = ()
+        parsing_hooks.return_value = tuple()
        self.assertRaises(errors.MisconfigurationError, parse_raw, [])

    def test_parse_raw_passes_add_spaces(self):
--- a/certbot-nginx/tests/parser_test.py
+++ b/certbot-nginx/tests/parser_test.py
@@ -126,7 +126,7 @@ class NginxParserTest(util.NginxTest):
        vhost = obj.VirtualHost(nparser.abs_path('sites-enabled/globalssl.com'),
                                [obj.Addr('4.8.2.6', '57', True, False,
                                          False, False)],
-                                True, True, {'globalssl.com'}, [], [0])
+                                True, True, set(['globalssl.com']), [], [0])

        globalssl_com = [x for x in vhosts if 'globalssl.com' in x.filep][0]
        self.assertEqual(vhost, globalssl_com)
@@ -139,8 +139,8 @@ class NginxParserTest(util.NginxTest):
                                 [obj.Addr('', '8080', False, False,
                                           False, False)],
                                 False, True,
-                                 {'localhost',
-                                      r'~^(www\.)?(example|bar)\.'},
+                                 set(['localhost',
+                                      r'~^(www\.)?(example|bar)\.']),
                                 [], [10, 1, 9])
        vhost2 = obj.VirtualHost(nparser.abs_path('nginx.conf'),
                                 [obj.Addr('somename', '8080', False, False,
@@ -148,7 +148,7 @@ class NginxParserTest(util.NginxTest):
                                  obj.Addr('', '8000', False, False,
                                           False, False)],
                                 False, True,
-                                 {'somename', 'another.alias', 'alias'},
+                                 set(['somename', 'another.alias', 'alias']),
                                 [], [10, 1, 12])
        vhost3 = obj.VirtualHost(nparser.abs_path('sites-enabled/example.com'),
                                 [obj.Addr('69.50.225.155', '9000',
@@ -156,19 +156,19 @@ class NginxParserTest(util.NginxTest):
                                  obj.Addr('127.0.0.1', '', False, False,
                                           False, False)],
                                 False, True,
-                                 {'.example.com', 'example.*'}, [], [0])
+                                 set(['.example.com', 'example.*']), [], [0])
        vhost4 = obj.VirtualHost(nparser.abs_path('sites-enabled/default'),
                                 [obj.Addr('myhost', '', False, True,
                                           False, False),
                                  obj.Addr('otherhost', '', False, True,
                                           False, False)],
-                                 False, True, {'www.example.org'},
+                                 False, True, set(['www.example.org']),
                                 [], [0])
        vhost5 = obj.VirtualHost(nparser.abs_path('foo.conf'),
                                 [obj.Addr('*', '80', True, True,
                                           False, False)],
-                                 True, True, {'*.www.foo.com',
-                                                  '*.www.example.com'},
+                                 True, True, set(['*.www.foo.com',
+                                                  '*.www.example.com']),
                                 [], [2, 1, 0])

        self.assertEqual(14, len(vhosts))
@@ -208,11 +208,11 @@ class NginxParserTest(util.NginxTest):
        nparser = parser.NginxParser(self.config_path)
        mock_vhost = obj.VirtualHost(nparser.abs_path('nginx.conf'),
                                     None, None, None,
-                                     {'localhost',
-                                           r'~^(www\.)?(example|bar)\.'},
+                                     set(['localhost',
+                                           r'~^(www\.)?(example|bar)\.']),
                                     None, [10, 1, 9])
        example_com = nparser.abs_path('sites-enabled/example.com')
-        names = {'.example.com', 'example.*'}
+        names = set(['.example.com', 'example.*'])
        mock_vhost.filep = example_com
        mock_vhost.names = names
        mock_vhost.path = [0]
@@ -232,8 +232,8 @@ class NginxParserTest(util.NginxTest):
        nparser = parser.NginxParser(self.config_path)
        mock_vhost = obj.VirtualHost(nparser.abs_path('nginx.conf'),
                                     None, None, None,
-                                     {'localhost',
-                                           r'~^(www\.)?(example|bar)\.'},
+                                     set(['localhost',
+                                           r'~^(www\.)?(example|bar)\.']),
                                     None, [10, 1, 9])
        nparser.add_server_directives(mock_vhost,
                                      [['foo', 'bar'], ['\n ', 'ssl_certificate', ' ',
@@ -243,7 +243,7 @@ class NginxParserTest(util.NginxTest):
        self.assertEqual(1, len(re.findall(ssl_re, dump)))

        example_com = nparser.abs_path('sites-enabled/example.com')
-        names = {'.example.com', 'example.*'}
+        names = set(['.example.com', 'example.*'])
        mock_vhost.filep = example_com
        mock_vhost.names = names
        mock_vhost.path = [0]
@@ -264,7 +264,7 @@ class NginxParserTest(util.NginxTest):
                           ]]])

        server_conf = nparser.abs_path('server.conf')
-        names = {'alias', 'another.alias', 'somename'}
+        names = set(['alias', 'another.alias', 'somename'])
        mock_vhost.filep = server_conf
        mock_vhost.names = names
        mock_vhost.path = []
@@ -279,7 +279,7 @@ class NginxParserTest(util.NginxTest):
        example_com = nparser.abs_path('sites-enabled/example.com')
        mock_vhost = obj.VirtualHost(example_com,
                                     None, None, None,
-                                     {'.example.com', 'example.*'},
+                                     set(['.example.com', 'example.*']),
                                     None, [0])
        nparser.add_server_directives(mock_vhost,
                                      [['\n  ', '#', ' ', 'what a nice comment']])
@@ -301,7 +301,7 @@ class NginxParserTest(util.NginxTest):

    def test_replace_server_directives(self):
        nparser = parser.NginxParser(self.config_path)
-        target = {'.example.com', 'example.*'}
+        target = set(['.example.com', 'example.*'])
        filep = nparser.abs_path('sites-enabled/example.com')
        mock_vhost = obj.VirtualHost(filep, None, None, None, target, None, [0])
        nparser.update_or_add_server_directives(
@@ -314,7 +314,7 @@ class NginxParserTest(util.NginxTest):
                           ['server_name', 'foobar.com'], ['#', COMMENT],
                           ['server_name', 'example.*'], []
                           ]]])
-        mock_vhost.names = {'foobar.com', 'example.*'}
+        mock_vhost.names = set(['foobar.com', 'example.*'])
        nparser.update_or_add_server_directives(
            mock_vhost, [['ssl_certificate', 'cert.pem']])
        self.assertEqual(
@@ -328,19 +328,19 @@ class NginxParserTest(util.NginxTest):

    def test_get_best_match(self):
        target_name = 'www.eff.org'
-        names = [{'www.eff.org', 'irrelevant.long.name.eff.org', '*.org'},
-                 {'eff.org', 'ww2.eff.org', 'test.www.eff.org'},
-                 {'*.eff.org', '.www.eff.org'},
-                 {'.eff.org', '*.org'},
-                 {'www.eff.', 'www.eff.*', '*.www.eff.org'},
-                 {'example.com', r'~^(www\.)?(eff.+)', '*.eff.*'},
-                 {'*', r'~^(www\.)?(eff.+)'},
-                 {'www.*', r'~^(www\.)?(eff.+)', '.test.eff.org'},
-                 {'*.org', r'*.eff.org', 'www.eff.*'},
-                 {'*.www.eff.org', 'www.*'},
-                 {'*.org'},
-                 set(),
-                 {'example.com'}]
+        names = [set(['www.eff.org', 'irrelevant.long.name.eff.org', '*.org']),
+                 set(['eff.org', 'ww2.eff.org', 'test.www.eff.org']),
+                 set(['*.eff.org', '.www.eff.org']),
+                 set(['.eff.org', '*.org']),
+                 set(['www.eff.', 'www.eff.*', '*.www.eff.org']),
+                 set(['example.com', r'~^(www\.)?(eff.+)', '*.eff.*']),
+                 set(['*', r'~^(www\.)?(eff.+)']),
+                 set(['www.*', r'~^(www\.)?(eff.+)', '.test.eff.org']),
+                 set(['*.org', r'*.eff.org', 'www.eff.*']),
+                 set(['*.www.eff.org', 'www.*']),
+                 set(['*.org']),
+                 set([]),
+                 set(['example.com'])]
        winners = [('exact', 'www.eff.org'),
                   (None, None),
                   ('exact', '.www.eff.org'),
--- a/certbot-nginx/tests/test_util.py
+++ b/certbot-nginx/tests/test_util.py
@@ -4,10 +4,7 @@ import shutil
 import tempfile

 import josepy as jose
-try:
-    import mock
-except ImportError: # pragma: no cover
-    from unittest import mock # type: ignore
+import mock
 import pkg_resources
 import zope.component

--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@@ -2,41 +2,7 @@

 Certbot adheres to [Semantic Versioning](https://semver.org/).

-## 1.6.0 - master
-
-### Added
-
-*
-
-### Changed
-
-* Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
-
-### Fixed
-
-*
-
-More details about these changes can be found on our GitHub repo.
-
-## 1.5.0 - 2020-06-02
-
-### Added
-
-* Require explicit confirmation of snap plugin permissions before connecting.
-
-### Changed
-
-* Improved error message in apache installer when mod_ssl is not available.
-
-### Fixed
-
-* Add support for OCSP responses which use a public key hash ResponderID, fixing
-  interoperability with Sectigo CAs.
-* Fix TLS-ALPN test that fails when run with newer versions of OpenSSL.
-
-More details about these changes can be found on our GitHub repo.
-
-## 1.4.0 - 2020-05-05
+## 1.4.0 - master

 ### Added

@@ -49,16 +15,10 @@ More details about these changes can be found on our GitHub repo.
 * Added TLS-ALPN-01 challenge support in the `acme` library. Support of this
  challenge in the Certbot client is planned to be added in a future release.
 * Added minimal proxy support for OCSP verification.
-* On Windows, hooks are now executed in a Powershell shell instead of a CMD shell,
-  allowing both `*.ps1` and `*.bat` as valid scripts for Certbot.

 ### Changed

-* Reorganized error message when a user entered an invalid email address.
 * Stop asking interactively if the user would like to add a redirect.
-* `mock` dependency is now conditional on Python 2 in all of our packages.
-* Deprecate certbot-auto on Gentoo, macOS, and FreeBSD.
-* Allow existing but empty archive and live dir to be used when creating new lineage.

 ### Fixed

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Erica Portnoy	96457b0e87	revert dependency on new certbot	2020-04-13 13:44:09 -07:00
Erica Portnoy	f8ed8cea2e	error out on newer python and oldersetuptools	2020-04-13 13:43:10 -07:00
Erica Portnoy	0eef0a0265	depend on latest version of certbot because we're not planning to install mock sometimes	2020-04-10 16:38:26 -07:00
Erica Portnoy	3c11d69f56	use unittest.mock when third-party mock isn't available in apache	2020-04-10 16:33:58 -07:00
Erica Portnoy	b25e971f54	Conditionally install mock in apache	2020-04-10 15:04:19 -07:00