Merge branch 'master' into pypi

README.md

@@ -84,8 +84,9 @@ openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /e
 You must prove you own the domains you want a certificate for, so Let's Encrypt
 requires you host some files on them. This script will generate and write those
 files in the folder you specify, so all you need to do is make sure that this
-folder is served under the ".well-known/acme-challenge/" url path. NOTE: This
-must be on port 80 (not port 443).
+folder is served under the ".well-known/acme-challenge/" url path. NOTE: Let's
+Encrypt will perform a plain HTTP request to port 80 on your server, so you
+must serve the challenge files via HTTP (a redirect to HTTPS is fine too).
 
 ```
 #make some challenge folder (modify to suit your needs)
@@ -127,7 +128,7 @@ configure an nginx server:
 
 ```
 #NOTE: For nginx, you need to append the Let's Encrypt intermediate cert to your cert
-wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
+wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
 cat signed.crt intermediate.pem > chained.pem
 ```
 
@@ -173,7 +174,7 @@ Example of a `renew_cert.sh`:
 ```sh
 #!/usr/bin/sh
 python /path/to/acme_tiny.py --account-key /path/to/account.key --csr /path/to/domain.csr --acme-dir /var/www/challenges/ > /tmp/signed.crt || exit
-wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
+wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
 cat /tmp/signed.crt intermediate.pem > /path/to/chained.pem
 service nginx reload
 ```

acme_tiny.py

@@ -59,7 +59,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA):
             resp = urlopen(url, data.encode('utf8'))
             return resp.getcode(), resp.read()
         except IOError as e:
-            return getattr(e, "code", None), getattr(e, "read", e.reason.__str__)()
+            return getattr(e, "code", None), getattr(e, "read", e.__str__)()
 
     # find domains
     log.info("Parsing CSR...")

tests/test_module.py

@@ -38,7 +38,7 @@ class TestModule(unittest.TestCase):
         sys.stdout = old_stdout
         out, err = Popen(["openssl", "x509", "-text", "-noout"], stdin=PIPE,
             stdout=PIPE, stderr=PIPE).communicate(crt)
-        self.assertIn("Issuer: CN=happy hacker fake CA", out.decode("utf8"))
+        self.assertIn("Issuer: CN=Fake LE Intermediate", out.decode("utf8"))
 
     def test_success_san(self):
         """ Successfully issue a certificate via subject alt name """
@@ -55,7 +55,7 @@ class TestModule(unittest.TestCase):
         sys.stdout = old_stdout
         out, err = Popen(["openssl", "x509", "-text", "-noout"], stdin=PIPE,
             stdout=PIPE, stderr=PIPE).communicate(crt)
-        self.assertIn("Issuer: CN=happy hacker fake CA", out.decode("utf8"))
+        self.assertIn("Issuer: CN=Fake LE Intermediate", out.decode("utf8"))
 
     def test_success_cli(self):
         """ Successfully issue a certificate via command line interface """
@@ -68,7 +68,7 @@ class TestModule(unittest.TestCase):
         ], stdout=PIPE, stderr=PIPE).communicate()
         out, err = Popen(["openssl", "x509", "-text", "-noout"], stdin=PIPE,
             stdout=PIPE, stderr=PIPE).communicate(crt)
-        self.assertIn("Issuer: CN=happy hacker fake CA", out.decode("utf8"))
+        self.assertIn("Issuer: CN=Fake LE Intermediate", out.decode("utf8"))
 
     def test_missing_account_key(self):
         """ OpenSSL throws an error when the account key is missing """