Many software packages do not support 128 bits arcs in OIDs (see
https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap4), use a
registered OID instead.

Certificates emitted using the legacy OID are migrated to the new OID on
renewal.

Mix of work by Vincent Pelletier <vincent@nexedi.com> and
Thomas Gambier <thomas.gambier@nexedi.com> finished by
Lukasz Nowak <luke@nexedi.com>

Just like other places in caucase-updater, print the next time of wake up.
This information is useful in logs, for debugging caucase-updater problems.

/reviewed-on nexedi/caucase!6

Timedeltas between utcnow() and now() depend on system timezone, so
they can last many hours when a few seconds is intended.

The now() here was entered by mistake.

/reviewed-on !5

Reduces backslash-doubling crazyness.

...when connection is used as a context manager (which is the expected
coding style anyway).
If silently ignored, rollback may be incomplete if a subtransaction already
committed.
And if commit only happen at outmost transaction, no-undo changes could
come undone if outer transaction aborts.

This is currently observed in the code, so no other change is needed.

This is used for serialisation, and there is no need for sub-second
precision.

- 405 (Method Not Allowed) response contains the list of methods allowed on
  current resource
- all responses contain a Date header

Makes test a bit more readable by naming what each value is.

Just call cli.manage directly to get produced exception, as it's what this
part of the test is really about.

argparse.__init__'s "version" argument is for backward-compatibility with
optparse, and is dropped in python3.

Make tests almost completely silent by default, while still printing output
generated during corresponding test on failure.
Produce more somewhat-apache-like error logs, both from httpd and wsgi
errors.

Show the error message without a traceback.

More consistent with address extraction.