acme

In all of our current uses of os.umask or filesystem.umask, we always temporarily set it to a different value and then restore it using a try/finally block. I expect this pattern to continue.

Because of that, why don't we create a simple function in certbot.util that can be used as a context manager to set umask to a value and restore it to its previous value when exiting the with blo

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Beyonce said it best. If you like it then you shoulda put a test on it. Scenarios I like:

• Cert is created with right DN
• Cert is stored to X509Store after creation
• Cert request is not resubmitted
• Handles failures gracefully
• HTTP challenge/response works as expected
• Certificate renewal when cert is about to expiration

As @rjkroege mentioned in rjkroege/edwood#288 tokenizing the results of the getarg function would allow for more robust parsing of the given arguments.