certapi 1.1.12

Python Package for managing keys, request SSL certificates from ACME.

CertApi

Certapi talks with DNS provider and ACME to issue SSL certificates and save it to a keystore.

CertApi is a base library for building other tools, or to integrate Certificate creation feature in your app. CertAPI also provides HTTP api server and can be deployed using Docker

Why another library?

I designed this library so that it can be imported and plugged in to other python projects. Goal is not to provide CLIs or quick working demo, but to be versatile for any use case.

• Pluggable keystores for keys and certificates
• Pluggable Challenge solvers for DNS and Http challenge solving
• High-level manager with renewal checks and multi-solver support
• Same interface for working locally, or requesting certificate from certapi server.

See the developer guide in Developer.md for library usage and workflows.

Installation

You can install CertApi using pip

pip install certapi

CLI

CertApi also ships with a CLI for quick verification and certificate issuance.

## Certapi's dependencies are already included in the python installation. This doesn't affect the system.
sudo python3 -m pip install certapi --break-system-packages

1. With HTTP Challenge

HTTP challenge requires you to have seup the DNS correctly. The ACME server will verify your domain by making an HTTP request.

# Verify environment and HTTP routing
sudo certapi verify example.com www.example.com

# Obtain a certificate (requires root for HTTP-01)
sudo certapi obtain example.com www.example.com

2. With DNS Provider Key

Using DNS-01 challenge with Cloudflare doesn't require the DNS to be setup. Set your Cloudflare API key as an environment variable.

# Set Cloudflare API key or token
export CLOUDFLARE_API_KEY=...   # or CLOUDFLARE_API_TOKEN

# Verify DNS configuration
sudo certapi verify example.com

# Obtain a certificate using DNS-01
sudo certapi obtain example.com www.example.com