ACMEv2 proxy to manage clients and observe rate limits of Let's Encrypt

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for smartarcs from gravatar.com smartarcs

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

keychestamp - KeyChest ACMEv2 Proxy

A simple proxy that logs activity of ACMEv2 clients (Let's Encrypt being the main ACMEv2 certificate issuer). The purpose is to provide a single source of data to manage use, and detect failures and malfunctioning of ACMEv2 clients.

Summary

Two big issues of using Let's Encrypt are client failures and rate-limits of Let's Encrypt. Undetected failures of local clients can happen as a result of server updates, software bugs, or changes in the issuance ecosystem. The rate-limits can be easily hit by a configuration error in a single Let's Encrypt client, or with the growth of the Let's Encrypt use.

keychestamp is a man-in-the-middle (MITM) proxy that extracts operationally important data from ACMEv2 requests. The data can be:

  • sent via a RESTful API to a monitoring service KeyChest, or
  • log locally into text files as JSON messages.

The two options are independent. The former gives access to real-time notifications and online reports, the latter allows you use the proxy without any external dependencies.

The proxy creates its own "root certificate" that is used to create local HTTPS connections between itself and ACMEv2 clients.

Dependencies

keychestamp contains all necessary processing code but it depends on its environment and a correct integration.

Install

Install the application

pip install keychestamp

or

pip install --upgrade --no-cache-dir keychestamp

It needs read-write access to /var/log/keychestamp folder to store local logs, and optionally read-access to /etc/keychestamp for its configuration.

The folders above can be prefixed with a command line switch env.

Install supervisor for automatic restarts

tbd

[program:keychestamp]
directory=/tmp
command=keychestamp
user=root
autostart=true
autorestart=true
stderr_logfile=/var/log/keychestamp/error.log
stdout_logfile=/var/log/keychestamp/audit.log

You can adjust parameters as required.

Restart the supervisor:

systemctl restart supervisord

supervisorctl - is a client, which shows status of processes - it has commands like:

  • start
  • stop
  • restart
  • reread # reads configuration files and shows changes
  • reload # loads the new configuration to use for future commands

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for smartarcs from gravatar.com smartarcs

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.9

0.1.8

This version

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keychestamp-0.1.7.tar.gz (27.8 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page