make it clear that torsocks is no longer optional

README.md

@@ -25,7 +25,7 @@ To install them in Debian, run: `sudo apt install openssl idn torsocks` and `pip
 
 `./main.sh` will run all scripts.  For the [trust stores repo](https://tildegit.org/nervuri/trust-stores), I use `time ./main.sh >log-stdout 2>log-stderr`.  For 893 hosts, the command takes around 80 minutes to complete with Tor verification and 45 minutes without.
 
-`get-certs.sh` accepts `tor` as an optional argument, to double-check certificates using the Tor network.  If you have `torsocks` installed, this option will automatically be used when you run `./main.sh`.
+`get-certs.sh` accepts `tor` as an optional argument, to double-check certificates using the Tor network.  This option will automatically be used when you run `./main.sh`.
 
 All trust store generators accept certificate expiry boundaries as arguments.  Ex:
 

get-certs.sh

@@ -90,8 +90,9 @@ while read -r host; do
     >&2 echo "$host_and_port - connection failed"
   fi
 
-  # If "tor" option is used, then connect again via Tor,
+  # If the "tor" option is used and the current host is not an onion
-  # to check if we get the same cert from a different network perspective.
+  # service, then connect again via Tor, to check if we get the same
+  # cert from a different network perspective.
   mismatch=0
   if [ "${1:-}" = 'tor' ] && [ -n "${host##*.onion}" ]; then
 

main.sh

@@ -20,7 +20,8 @@ if ! command -v agunua >/dev/null; then
   exit 1
 fi
 if ! command -v torsocks >/dev/null; then
-  >&2 echo '"torsocks" not installed! [optional]'
+  >&2 echo '"torsocks" not installed! [required]'
+  exit 1
 fi
 
 # Go where this script is.
@@ -32,11 +33,7 @@ echo '=== get hosts ==='
 ./get-hosts.sh
 
 echo '=== get certs ==='
-if command -v torsocks >/dev/null; then
+./get-certs.sh tor
-  ./get-certs.sh tor
-else
-  ./get-certs.sh
-fi
 
 echo '=== prune old certs ==='
 ./prune-old-certs.sh