certbot_deployer Pluggable certbot deploy hook framework
Project description
certbot_deployer
Certbot Deployer is a pluggable deploy hook framework for Certbot that streamlines the process of deploying certificates managed by Certbot.
The certbot_deployer package supports two primary use cases:
- Command-line usage:
certbot-deployeris intended to be run as a deploy hook launched by Certbot in order to deploy the certificates to arbitrary endpoints e.g. appliances, external machines, etc. - Plugin development: the library interface is used to build custom deployment plugins
Official Certbot Deployer plugins
Installation
You can install with pip:
python3 -m pip install certbot_deployer
# Also install any needed plugins, or the tool will effectively do nothing
# python3 -m pip install certbot_deployer_<someplugin>
Or install from source:
git clone <url>
pip install certbot_deployer
Usage
Certbot Deployer depends on plugins to actually do any work. Refer to the documentation for a particular plugin for its details, but the general form of this tool's usage will resemble the following:
# Note that the environment variable RENEWED_LINEAGE must be present for
# Certbot Deployer to work (it is automatically provided by Certbot when launching
# deploy hooks)
certbot-deployer pluginname --pluginarg1 --pluginarg2
Configuration file
It is possible to set default argument values for this tool and all plugins in a central configuration file. The following locations will be checked in order:
${XDG_CONFIG_HOME}/certbot_deployer/certbot_deployer.conf${HOME}/.config/certbot_deployer/certbot_deployer.conf/etc/certbot_deployer/certbot_deployer.conf
The config file should look like the following:
{
"pluginname": {
"string_option": "string_value",
"int_option": 999,
"option_that_takes_no_value": true
"list_option": [
"listopt1",
"listopt2"
]
}
As a Cerbot deploy hook
See Certbot User Guide for detailed documentation on Certbot.
As with any deploy hook, Certbot Deployer can be used as an argument for cert creation or renewal.
It is possible to run the deploy hook with a specific certificate:
certbot certonly --standalone -d 'sub.domain.tld' --deploy-hook "certbot-deployer pluginname --pluginarg1 --pluginarg2"
If all of the certificates managed by Certbot are being deployed with the same deployer plugin, it can be applied across the board:
certbot renew --deploy-hook "certbot-deployer pluginname --pluginarg1 --pluginarg2"
Certbot can also be configured to run specific hook commands on specific certificates in ${certbot_dir}/renewal/sub.domain.tld.conf. See Certbot Configuration File for more on this.
Plugin development
(For reference: Certbot Deployer plugin development technical reference)
Certbot Deployer is a framework that delegates certificate deployment tasks to deployer plugins - it effectively does nothing without any plugins.
These plugins are created by subclassing the abstract Deployer class, which defines the public interface for implementing custom deployment logic.
To implement your own deployer as a plugin, subclass Deployer and implement a small handful of requirements.
This design enables Certbot Deployer to automatically register, parse, and dispatch to your deployer plugin based on user input.
import argparse
from typing import ClassVar
from certbot_deploy.deployer import Deployer
class ExampleDeployer(Deployer):
subcommand: ClassVar[str] = "example"
@staticmethod
def register_args(*, parser: argparse.ArgumentParser) -> None:
'''
Register command-line arguments for the ExampleDeployer.
'''
parser.description = "Minimal Example Deployer"
parser.add_argument(
"--message",
type=str,
required=True,
help="A custom message to display during deployment",
)
@staticmethod
def argparse_post(*, args: argparse.Namespace) -> None:
'''
Optionally process parsed command-line arguments.
'''
# No extra processing needed for this minimal example.
@staticmethod
def entrypoint(
*, args: argparse.Namespace, certificate_bundle: CertificateBundle
) -> None:
'''
Execute the deployment process.
This is where one would generally process/deploy certificates
'''
print("Executing deployment with message:", args.message)
And with the following in your plugin's setup.cfg:
[options.entry_points]
certbot_deployer.plugins =
example = certbot_deployer_example:ExampleDeployer
The plugin can be installed into the same environment as this tool, and the new deployer can be called as follows:
$ certbot_deployer example --message "Hello, World!"
Executing deployment with message: Hello, World!
See also: Certbot Deployer plugin development technical reference
Contributing
Merge requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
To run the test suite:
# Dependent targets create venv and install dependencies
make
Please make sure to update tests along with any changes.
License
License :: OSI Approved :: MIT License
Resources
Logo sources:
==> CHANGELOG.md <==
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
0.2.1 - 2025-03-20
Fixed
- Fix broken path construction for config file in $HOME
0.2.0 - 2025-03-19
Added
- Introduce the ability to configure plugin arguments via central JSON config file
certbot_deploy.conf
0.1.2 - 2025-03-05
Fixed
- Fix poor handling of differences in
importlibin Python 3.9 reentry_points
0.1.1 - 2025-02-25
Changed
- bump patch
0.1.0 - 2025-02-25
Added
- initial commit
==> LICENSE <== Copyright 2025 IAS
Released under MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. End license text.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certbot_deployer-0.2.1.tar.gz.
File metadata
- Download URL: certbot_deployer-0.2.1.tar.gz
- Upload date:
- Size: 19.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
891ea253eb482a2782f3ad387a39360fe30806319e79408fd3bf69f8e0ab8484
|
|
| MD5 |
da224be449bc06bb155df352776237a0
|
|
| BLAKE2b-256 |
0f26edbcdb9d65aa6898af256502e848297ec65b3acf7c8507a35dca6b2b951b
|
File details
Details for the file certbot_deployer-0.2.1-py3-none-any.whl.
File metadata
- Download URL: certbot_deployer-0.2.1-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b78704593516cb8b8dd56e526db5d0a617dd6efc10f1a504468ee169c2259781
|
|
| MD5 |
727741d2d19d2bbc94c5608ab610dd4e
|
|
| BLAKE2b-256 |
71899f05613bd29938f147deb5e6ae1c3524a4963696089ee6d10d6de7bb212b
|
