Async ACME client implementation
Project description
aioacme
Simple async client for ACME protocol.
Installation
pip install aioacme
Usage
Issue certificate with DNS-01 challenge:
import asyncio
import aioacme
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec, rsa
async def main():
account_key = serialization.load_pem_private_key(...)
async with aioacme.Client(
account_key=account_key,
directory_url=aioacme.LETS_ENCRYPT_STAGING_DIRECTORY
) as client:
order = await client.new_order([aioacme.Identifier("example.com")])
for authorization_uri in order.authorizations:
authorization = await client.get_authorization(authorization_uri)
if authorization.status is aioacme.AuthorizationStatus.valid:
# authorization reused
continue
challenge = next(
c for c in authorization.challenges if c.type is aioacme.ChallengeType.dns01
)
domain = client.get_dns_challenge_domain(authorization.identifier.value)
validation = client.get_dns_challenge_validation(challenge.token)
print(f"Please add TXT record {domain} with the following content: {validation}")
input("Press Enter when TXT record is created")
await client.answer_challenge(challenge.url)
while authorization.status not in (
aioacme.AuthorizationStatus.valid,
aioacme.AuthorizationStatus.invalid
):
await asyncio.sleep(1)
authorization = await client.get_authorization(authorization_uri)
if authorization.status is aioacme.AuthorizationStatus.invalid:
raise Exception(f"Authorization status is invalid: {authorization}")
key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
csr = (
x509.CertificateSigningRequestBuilder()
.subject_name(x509.Name([
x509.NameAttribute(x509.NameOID.COMMON_NAME, "example.com")
]))
.add_extension(x509.SubjectAlternativeName([
x509.DNSName("example.com")
]), critical=False)
.sign(key, hashes.SHA256())
)
order = await client.finalize_order(order.finalize, csr)
while order.status not in {aioacme.OrderStatus.valid, aioacme.OrderStatus.invalid}:
await asyncio.sleep(1)
order = await client.get_order(order.uri)
if order.status is aioacme.OrderStatus.invalid:
raise Exception(f"Order status is invalid: {order}")
cert = await client.get_certificate(order.certificate)
print(cert.decode("ascii"))
asyncio.run(main())
License
This project is licensed under the MIT License - see the LICENSE file for details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aioacme-0.2.1.tar.gz
(19.3 kB
view details)
Built Distribution
aioacme-0.2.1-py3-none-any.whl
(13.5 kB
view details)
File details
Details for the file aioacme-0.2.1.tar.gz.
File metadata
- Download URL: aioacme-0.2.1.tar.gz
- Upload date:
- Size: 19.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 72bb22f355e16bb48966b4da2ab0bf9aace34818176f66e8dec77e871cc99e8b |
|
| MD5 | 317cd8047b763db221dec686e053d34f |
|
| BLAKE2b-256 | cd91be20131eec643478e7754ffdca97beb0e8551532dd7425fea4ec67c5501d |
File details
Details for the file aioacme-0.2.1-py3-none-any.whl.
File metadata
- Download URL: aioacme-0.2.1-py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6b2ce94c9279835d2690cb03e4407afdb479975b28f10c83b7d8a4a295e7f29c |
|
| MD5 | da4880aa1d9feb5cedbe3b5e168c3198 |
|
| BLAKE2b-256 | 97422a9846b599d3135975622a6015c1fd20cd91f345e25867a4046fda7c6717 |
