Skip to main content

A tiny ACME (Let's Encrypt) Python 2 & 3 client library with minimal dependencies

Project description

A tiny ACME Python 2 & 3 client library with minimal dependencies. ACME is a protocol for domain certificate verification and signing initiated by Let’s Encrypt. This package is meant to be used as a library and also comes with command line scripts.

Installation

You can choose to either install it in your user’s home directory or in the system directories.

This package depends on having the OpenSSL executable in the PATH.

Using pip

To install it from PyPI using pip call:

pip install certsign

You can also install it from a code checkout using:

pip install .

Install to user home directory

With pip you can use the --user option to install it to your user’s home directory:

pip install --user certsign

If you install to the user directory on Linux $HOME/.local/bin should be in your $PATH-variable. On Linux you can add the following to .profile or .bashrc in your home directory, if $HOME/.local/bin is not already in you PATH.

# set PATH so it includes user's private .local/bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
  PATH="$HOME/.local/bin:$PATH"
fi

The location for the scripts and the method to add it to the PATH is different for MacOS/OSX and Windows.

Usage

As a library

Signing a Certificate Signing Request (CSR)

This is the primary usage of this library:

from certsign import client
account_key = 'acme_directory_account.key'
csr_file = 'your_domain.csr'
challenges_path = '/path/served/by/your/http/server'
account_email = 'you@example.com'

signed_cert = client.sign_csr(
  account_key, csr_file, challenges_path, account_email=account_email
)

Creating a private key and a CSR

from certsign import crypto

privkey_path = '/tmp/privkey.pem'
csr_path = '/tmp/example.com.csr'

privkey = crypto.create_private_key(bits=2048)
with open(privkey_path, 'bw') as f:
  f.write(privkey)

csr = crypto.create_csr(
  privkey_path,
  ['example.com', 'www.example.com'],
  openssl_conf='/etc/ssl/openssl.cnf'
)
with open(csr_path, 'bw') as f:
  f.write(csr)

Command line

certsign

For signing a Certificate Signing Request (CSR):

certsign --account-key /path/to/account/key --csr /path/to/domain.csr \
  --challenge-dir /path/served/by/your/http/server \
  --account-email you@example.com

certsign-tool

Create a private key:

certsign-tool privkey --bits=4096 --out=/path/to/privkey.pem

Create a CSR:

certsign-tool csr --privkey=/path/to/privkey.pem \
  --out=/path/to/example.com.csr example.com www.example.com

View the CSR you just created:

certsign-tool view /path/to/example.com.csr

certsign-server

A simple server to respond to ACME challenges:

certsign-server --challenge-dir /path/served/by/your/http/server \
  --addr localhost \
  --port 8000 \
  --pidfile /tmp/certsign.pid &

To kill the server when finished:

if [ -f /tmp/certsign.pid ]; then
  pkill -F /tmp/certsign.pid
fi

Development

It is recommended that you create a Python 3 virtual environment using pyvenv, and a Python 2 virtual environment using virtualenv.

Go to the root of this project (where setup.py is located) and run the following commands:

  • For Python 3: pyvenv venv-certsign-py3 and source venv-certsign-py3/bin/activate to activate.

  • For Python 2: virtualenv venv-certsign-py2 and source venv-certsign-py2/bin/activate to activate.

Set up a development environment using the following command (with literal square brackets):

pip install -e .[dev]

To run the test in your current environment:

python setup.py test

To run the tests for several Python versions:

tox

Release Process

The release proccess is based on the official documentation for distributing packages.

Create a ~/.pypirc file to upload to The Python Package Index (PyPI):

[distutils]
index-servers =
    pypi

[pypi]
username: somepypiuser
password: somepassword

Create a bindary and a source release and use twine to upload the packages. Also sign the packages using a gpg key:

python setup.py sdist bdist_wheel
twine upload -r pypi dist/*

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certsign-0.4.1.tar.gz (14.2 kB view details)

Uploaded Source

Built Distribution

certsign-0.4.1-py2.py3-none-any.whl (13.3 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file certsign-0.4.1.tar.gz.

File metadata

  • Download URL: certsign-0.4.1.tar.gz
  • Upload date:
  • Size: 14.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.12

File hashes

Hashes for certsign-0.4.1.tar.gz
Algorithm Hash digest
SHA256 ad60453602b008fd2968d8c3aa25f44f66f713d8efd30b3b32e1da995a0ad1da
MD5 91cd1e64708026fdd3f02f92bdbad7d6
BLAKE2b-256 2e7ed341b73d5f3a385730bcb63b346553d3b19883d01446242f4b9b23681d55

See more details on using hashes here.

File details

Details for the file certsign-0.4.1-py2.py3-none-any.whl.

File metadata

  • Download URL: certsign-0.4.1-py2.py3-none-any.whl
  • Upload date:
  • Size: 13.3 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.12

File hashes

Hashes for certsign-0.4.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 42cdfda1fade4a781272007ef3dbfee7e0b697b47965b4f21a6cd877ce77637d
MD5 8f7f63c1da73126df46d0b544bf4e268
BLAKE2b-256 0a6cc321a544fcb22ebbbb541f5045d46d7d3437fed084dbaae2bea14d7d2fa5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page