From d2d006c2a70941f7b7a3b34bf808abc94494d07b Mon Sep 17 00:00:00 2001
From: Istvan Pusztai <istvanp@gmail.com>
Date: Fri, 25 Aug 2017 20:38:47 -0400
Subject: [PATCH 1/3] Allow whitespaces in domain ACL regex

In some cases there are extraneous spaces in the configuration file for visual aid (or simply accidental) preventing the domains from being picked up. Also adding `req.ssl_sni` as a valid criterion for non-http TLS traffic.
---
 certbot_haproxy/constants.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/certbot_haproxy/constants.py b/certbot_haproxy/constants.py
index 0b9be17..cd050b9 100644
--- a/certbot_haproxy/constants.py
+++ b/certbot_haproxy/constants.py
@@ -57,8 +57,8 @@
 from certbot_haproxy.util import MemoiseNoArgs
 
 RE_HAPROXY_DOMAIN_ACL = re.compile(
-    r'\s*acl (?P<name>[0-9a-z_\-.]+) '
-    r'hdr\(host\) -i '
+    r'\s*acl\s+(?P<name>[0-9a-z_\-.]+)\s+'
+    r'(?:hdr\(host\)|req\.ssl_sni)\s+-i\s+'
     r'(?P<domain>'  # Start group "domain"
     r'(?:[0-9-a-z](?:[a-z0-9-]{0,61}[a-z0-9]\.)+)'  # (sub-)domain parts
     r'(?:[0-9-a-z](?:[a-z0-9-]{0,61}[a-z0-9]))'  # TLD part

From 8b85f37a81751d94ac1131a3003e6e76fc1603fc Mon Sep 17 00:00:00 2001
From: Anthony Robinson <arobinson@qsfllc.com>
Date: Wed, 13 Sep 2017 08:24:58 -0400
Subject: [PATCH 2/3] Add Cent7 to constants

---
 certbot_haproxy/constants.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/certbot_haproxy/constants.py b/certbot_haproxy/constants.py
index cd050b9..ff8f4c8 100644
--- a/certbot_haproxy/constants.py
+++ b/certbot_haproxy/constants.py
@@ -10,6 +10,7 @@
   - Ubuntu Vivid (15.04)
   - Ubuntu Wily (15.10)
   - Ubuntu Xenial (16.04)
+  - CentOS (7)
 
 You can define new lists below following the instructions hereafter, please
 consider making a pull-request when you do so, so others may benefit of your
@@ -87,6 +88,17 @@
     crt_directory='/opt/certbot/haproxy_fullchains',
 )
 
+CLI_DEFAULTS_RHEL_BASED_SYSTEMD_OS = dict(
+    service_manager='systemctl',
+    version_cmd=['/usr/sbin/haproxy', '-v'],
+    restart_cmd=['sudo', 'systemctl', 'restart', 'haproxy'],
+    # Needs the config file as an argument:
+    conftest_cmd=['/usr/sbin/haproxy', '-c', '-f'],
+    haproxy_config='/etc/haproxy/haproxy.cfg',
+    # Needs to be writeable by the user that will run certbot
+    crt_directory='/opt/certbot/haproxy_fullchains',
+)
+
 CLI_DEFAULTS = {
     "debian": {
         '_min_version': '7',
@@ -102,6 +114,10 @@
         '15.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS,
         '15.10': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS,
         '16.04': CLI_DEFAULTS_DEBIAN_BASED_SYSTEMD_OS
+    },
+    "centos": {
+        '_min_version': '7',
+        '7': CLI_DEFAULTS_RHEL_BASED_SYSTEMD_OS
     }
 }
 

From 2fdefede2fb832a11c41b0352e769a3f715d7053 Mon Sep 17 00:00:00 2001
From: Rastislav Krist <rkrist@gmail.com>
Date: Mon, 18 Sep 2017 20:17:14 +0000
Subject: [PATCH 3/3] support for Gentoo + python 3.x

---
 certbot_haproxy/constants.py | 19 ++++++++++++++++++-
 certbot_haproxy/installer.py |  5 +++--
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/certbot_haproxy/constants.py b/certbot_haproxy/constants.py
index ff8f4c8..0570a65 100644
--- a/certbot_haproxy/constants.py
+++ b/certbot_haproxy/constants.py
@@ -99,6 +99,18 @@
     crt_directory='/opt/certbot/haproxy_fullchains',
 )
 
+CLI_DEFAULTS_GENTOO_BASED_SYSTEMD_OS = dict(
+    service_manager='/sbin/service',
+    version_cmd=['/usr/bin/haproxy', '-v'],
+    restart_cmd=['sudo', '/etc/init.d/haproxy', 'restart'],
+    # Needs the config file as an argument:
+    conftest_cmd=['/usr/bin/haproxy', '-c', '-f'],
+    haproxy_config='/etc/haproxy/haproxy.cfg',
+    # Needs to be writeable by the user that will run certbot
+    crt_directory='/opt/certbot/haproxy_fullchains',
+)
+
+
 CLI_DEFAULTS = {
     "debian": {
         '_min_version': '7',
@@ -118,7 +130,12 @@
     "centos": {
         '_min_version': '7',
         '7': CLI_DEFAULTS_RHEL_BASED_SYSTEMD_OS
-    }
+    },
+    "gentoo": {
+        '_min_version': '0',
+        '_max_version': '999999',
+        '': CLI_DEFAULTS_GENTOO_BASED_SYSTEMD_OS
+    },
 }
 
 logger = logging.getLogger(__name__)  # pylint:disable=invalid-name
diff --git a/certbot_haproxy/installer.py b/certbot_haproxy/installer.py
index 28c5fa4..fab601e 100644
--- a/certbot_haproxy/installer.py
+++ b/certbot_haproxy/installer.py
@@ -247,7 +247,7 @@ def prepare():
 
         # Check that a supported version of HAProxy is installed.
         version_cmd = constants.os_constant("version_cmd")
-        output = subprocess.check_output(version_cmd)
+        output = subprocess.check_output(version_cmd).decode('utf-8')
         matches = re.match(
             r'HA-Proxy version'
             r' (?P<version>[0-9]{1,4}\.[0-9]{1,4}\.[0-9a-z]{1,10}).*',
@@ -472,7 +472,8 @@ def save(self, title=None, temporary=False):
             path = os.path.dirname(os.path.abspath(filepath))
             if not os.path.exists(path):
                 os.makedirs(path)
-
+            if isinstance(contents, bytes):
+                contents = contents.decode('utf-8')
             with open(filepath, 'w') as cert:
                 cert.write(contents)
         self.new_crt_files = {}