Python Package for managing keys, request SSL certificates from ACME.
Project description
CertApi
CertApi is a Python package for requesting SSL certificates from ACME. This is to be used as a base library for building other tools, or to integrate Certificate creation feature in you app.
For a detailed list of changes, please refer to the CHANGELOG.md.
Installation
You can install CertApi using pip
pip install certapi
Example: Low Leve API : Certificate with Cloudflare
import json
from certapi import CertApiException, CloudflareChallengeSolver, Key, AcmeCertIssuer
# Initialize the Cloudflare challenge solver
# The API key is read from the CLOUDFLARE_API_KEY environment variable, or you can set it below.
challenge_solver = CloudflareChallengeSolver(api_key=None)
## initialize cert issuer with a new account key
cert_issuer = AcmeCertIssuer(Key.generate('ecdsa'), challenge_solver)
# Preform setup i.e. fetching directory and registering ACME account
cert_issuer.setup()
try:
# Obtain a certificate for your domain
(key, cert) = cert_issuer.generate_key_and_cert_for_domain("your-domain.com")
print("------ Private Key -----")
print(key.to_pem())
print("------- Certificate ------")
print(cert)
except CertApiException as e:
print(f"An error occurred:", json.dumps(e.json_obj(), indent=2))
Example: High Level API (with AcmeCertManager)
The AcmeCertManager provides a high-level interface that handles certificate storage, automatic renewal checks, and multi-solver management.
from certapi import (
AcmeCertManager,
FileSystemKeyStore,
AcmeCertIssuer,
CloudflareChallengeSolver
)
# 1. Setup KeyStore to persist keys and certificates
key_store = FileSystemKeyStore("db")
# DNS-01 via Cloudflare (e.g. for wildcard certs or internal domains)
dns_solver = CloudflareChallengeSolver(api_token="your-cloudflare-token")
# 3. Initialize and Setup AcmeCertManager
# Create cert issuer with the default challenge solver
cert_issuer = AcmeCertIssuer.with_keystore(key_store, dns_solver)
cert_manager = AcmeCertManager(
key_store=key_store,
cert_issuer=cert_issuer,
challenge_solvers=[dns_solver], # other solvers can be used
renew_threshold_days=7
)
cert_manager.setup()
# 4. Issue or Reuse Certificate
# Automatically checks keystore and renews only if necessary
response = cert_manager.issue_certificate(["example.com", "www.example.com"])
for cert_data in response.issued:
print(f"Newly issued for: {cert_data.domains}")
print(cert_data.cert)
for cert_data in response.existing:
print(f"Reusing existing for: {cert_data.domains}")
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certapi-1.0.1.tar.gz.
File metadata
- Download URL: certapi-1.0.1.tar.gz
- Upload date:
- Size: 41.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e9bf89be7a5e8597dc5f8b543b79cbd5dc77d5e2cd7aaea28512fbde45c3f800
|
|
| MD5 |
fc26aab3ed902dffbf3270af1ed3681a
|
|
| BLAKE2b-256 |
00b66d2f7fdf2b438097dddb426c6c3e54cf32e2ad4021643e31887cca6875cf
|
File details
Details for the file certapi-1.0.1-py3-none-any.whl.
File metadata
- Download URL: certapi-1.0.1-py3-none-any.whl
- Upload date:
- Size: 47.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
322d9ed9c69a5d82292c18e65e0cff0a411e11303ef7f284516f823645135afc
|
|
| MD5 |
23bfc3fe2aa3a8fb432b118e879175e1
|
|
| BLAKE2b-256 |
bf1b4d418b97a0492251d3d88675f476654c71bb3efa23b9ef4e5a8356555d93
|
