Configuration File Update w/o Certificate Issuance

[ohemorange]

Fixes #8822

This PR allows a user to modify the configuration of a certificate without renewing it. This can be used to add or modify hooks, change the authenticator, or modify other renewal options. It will attempt a dry run in the process to verify that the new options work.

Also creates a reconfigure help section:

$ certbot help reconfigure
usage: 

  certbot reconfigure --cert-name CERTNAME [options]

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG_FILE, --config CONFIG_FILE
                        path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini)

reconfigure:
  Common options that may be updated with the "reconfigure" subcommand:

  --cert-name CERTNAME  Certificate name to apply. This name is used by Certbot for housekeeping and in file paths; it doesn't
                        affect the content of the certificate itself. To see certificate names, run 'certbot certificates'. When
                        creating a new certificate, specifies the new certificate's name. (default: the first provided domain or
                        the name of an existing certificate on your system for the same domains)
  --run-deploy-hooks    When performing a test run using `--dry-run` or `reconfigure`, run any applicable deploy hooks. This
                        includes hooks set on the command line, saved in the certificate's renewal configuration file, or present
                        in the renewal-hooks directory. To exclude direcory hooks, use --no-directory-hooks. The hook(s) will only
                        be run if the dry run succeeds, and will use the current active certificate, not the temporary test
                        certificate acquired during the dry run. This flag is recommended when modifying the deploy hook using
                        `reconfigure`. (default: False)
  --pre-hook PRE_HOOK   Command to be run in a shell before obtaining any certificates. Intended primarily for renewal, where it
                        can be used to temporarily shut down a webserver that might conflict with the standalone plugin. This will
                        only be called if a certificate is actually to be obtained/renewed. When renewing several certificates
                        that have identical pre-hooks, only the first will be executed. (default: None)
  --post-hook POST_HOOK
                        Command to be run in a shell after attempting to obtain/renew certificates. Can be used to deploy renewed
                        certificates, or to restart any servers that were stopped by --pre-hook. This is only run if an attempt
                        was made to obtain/renew a certificate. If multiple renewed certificates have identical post-hooks, only
                        one will be run. (default: None)
  --deploy-hook DEPLOY_HOOK
                        Command to be run in a shell once for each successfully issued certificate. For this command, the shell
                        variable $RENEWED_LINEAGE will point to the config live subdirectory (for example,
                        "/etc/letsencrypt/live/example.com") containing the new certificates and keys; the shell variable
                        $RENEWED_DOMAINS will contain a space-delimited list of renewed certificate domains (for example,
                        "example.com www.example.com") (default: None)
  -a AUTHENTICATOR, --authenticator AUTHENTICATOR
                        Authenticator plugin name. (default: None)
  -i INSTALLER, --installer INSTALLER
                        Installer plugin name (also used to find domains). (default: None)
  --webroot             Obtain certificates by placing files in a webroot directory. (default: False)

[alexzorin]

The latest set of changes look good!

I think we'll need to stick # pylint: disable=too-many-lines at the top of storage.py.

[alexzorin]

Besides the error message about modifying domains on the certificate, this feels pretty finished!

I had suggested two things earlier:

1. An integration test that uses the reconfigure verb, just so we remain really sure that it really works.
2. Documenting the usage of this verb in the user guide. (I am 100% behind punting this to a follow-up PR though).

Also, master will need to be merged for CHANGELOG.

[ohemorange]

link does not yet exist, do not merge!

[alexzorin]

The link seems to have appeared today, let's merge! 🎉

[ohemorange]

Besides the error message about modifying domains on the certificate, this feels pretty finished!

Updated the message; waiting for shortlink to be created. I don't think it will interfere with any documentation changes, but we can always update the link location if needed.

An integration test that uses the reconfigure verb, just so we remain really sure that it really works.

Added a simple test for adding and updating, though I kept it basic since the unit tests are in fact updating the configuration file as well.

Documenting the usage of this verb in the user guide. (I am 100% behind punting this to a follow-up PR though).

Created #9531

Also, master will need to be merged for CHANGELOG.

Done

[alexzorin]

LGTM!