+# cbwrapper updates Certbot, checks out the latest tagged version (as
+# opposed to the latest commit on master), configures the virtual
+# environment, then passes all of its arguments to the real certbot.
+# Unlike certbot-auto, this script does not need to be run as root,
+# but you lose some of the versatility that comes from the fact that
+# certbot-auto has been tested on countless hosts and configurations.
+# NOTE: do not use set -eu in this script, because we can't guarantee
+# that venv/bin/activate, which runs in the same shell, is "eu-clean".
+# # apt-get install ca-certificates dialog build-essential \
+# > python python-dev python-setuptools \
+# > libaugeas0 augeas-lenses libssl-dev libffi-dev
+# # easy_install --upgrade pip virtualenv
+# # useradd -md /etc/letsencrypt -s /bin/sh -g certbot_ certbot_
+# # mkdir -p /var/lib/letsencrypt /var/log/letsencrypt
+# # chown -R certbot_:certbot_ /var/lib/letsencrypt
+# # chown -R certbot_:certbot_ /var/log/letsencrypt
+# # ( crontab -lu certbot_; echo '13 13 * * * cbwrapper ...' ) | \
+# > crontab -u certbot_ -
+run_directory=~/.cbwrapper
+mkdir -p "$run_directory" && \
+cd "$run_directory" && \
+git clone https://github.com/certbot/certbot || true
+cd "$run_directory/certbot" && \
+git checkout master && \
+git checkout "$(git describe --abbrev=0)" && \
+rm -rf venv venv.*.bak && \
+. venv/bin/activate && \
+cd "$old_directory" && \