Skip to main content

Python Package for managing keys, request SSL certificates from ACME.

Project description

CertApi

Certapi talks with DNS provider and ACME to issue SSL certificates and save it to a keystore.

CertApi is a base library for building other tools, or to integrate Certificate creation feature in your app. CertAPI also provides HTTP api server and can be deployed using Docker

Build Status codecov PyPI version

Installation

You can install CertApi using pip

pip install certapi

Example: Low Leve API : Certificate with Cloudflare

import json
from certapi import CertApiException, CloudflareChallengeSolver, Key, AcmeCertIssuer


# Initialize the Cloudflare challenge solver
# The API key is read from the CLOUDFLARE_API_KEY environment variable, or you can set it below.
challenge_solver = CloudflareChallengeSolver(api_key=None)

## initialize cert issuer with a new account key
cert_issuer = AcmeCertIssuer(Key.generate('ecdsa'), challenge_solver)

# Preform setup i.e. fetching directory and registering ACME account
cert_issuer.setup()

try:
    # Obtain a certificate for your domain
    (key, cert) = cert_issuer.generate_key_and_cert_for_domain("your-domain.com")

    print("------ Private Key -----")
    print(key.to_pem())
    print("------- Certificate ------")
    print(cert)
except CertApiException as e:
    print(f"An error occurred:", json.dumps(e.json_obj(), indent=2))

Example: High Level API (with AcmeCertManager)

The AcmeCertManager provides a high-level interface that handles certificate storage, automatic renewal checks, and multi-solver management.

from certapi import (
    AcmeCertManager, 
    FileSystemKeyStore, 
    AcmeCertIssuer, 
    CloudflareChallengeSolver
)

# 1. Setup KeyStore to persist keys and certificates
key_store = FileSystemKeyStore("db")


# DNS-01 via Cloudflare (e.g. for wildcard certs or internal domains)
dns_solver = CloudflareChallengeSolver(api_token="your-cloudflare-token")

# 3. Initialize and Setup AcmeCertManager
# Create cert issuer with the default challenge solver
cert_issuer = AcmeCertIssuer.with_keystore(key_store, dns_solver)

cert_manager = AcmeCertManager(
    key_store=key_store,
    cert_issuer=cert_issuer,
    challenge_solvers=[dns_solver], # other solvers can be used
    )
cert_manager.setup()

# 4. Issue or Reuse Certificate
# Automatically checks sand saves to keystore. Renews only if necessary.
response = cert_manager.issue_certificate(["example.com", "www.example.com"])

for cert_data in response.issued:
    print(f"Newly issued for: {cert_data.domains}")
    print(cert_data.cert)

for cert_data in response.existing:
    print(f"Reusing existing for: {cert_data.domains}")

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certapi-1.0.4.tar.gz (43.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certapi-1.0.4-py3-none-any.whl (48.8 kB view details)

Uploaded Python 3

File details

Details for the file certapi-1.0.4.tar.gz.

File metadata

  • Download URL: certapi-1.0.4.tar.gz
  • Upload date:
  • Size: 43.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.19

File hashes

Hashes for certapi-1.0.4.tar.gz
Algorithm Hash digest
SHA256 c213485b471092f3f008da607008e4ab17ceb15699cdcf56b7f7398972756af7
MD5 be8c20a8e0b472e84472b88ccbf35ac6
BLAKE2b-256 dda16fe1a5084af98f442bd6f874b07a0cc9ec0037bd2eedecddfad13676e990

See more details on using hashes here.

File details

Details for the file certapi-1.0.4-py3-none-any.whl.

File metadata

  • Download URL: certapi-1.0.4-py3-none-any.whl
  • Upload date:
  • Size: 48.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.19

File hashes

Hashes for certapi-1.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 5afeec1ade5b842043e20962bf5605ad4b951859f67f27a2a3f9ac2d41fe3769
MD5 477382c6cf894821dfc87ef2b0e6233c
BLAKE2b-256 c1e8a4ab66b4fcb9af96c98acae649fc1369063a645648d551a77934d1c8728c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page