ACMEv2 proxy to manage clients and observe rate limits of Let's Encrypt

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for smartarcs from gravatar.com smartarcs

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

keychestamp - KeyChest ACMEv2 Proxy

A simple proxy that logs activity of ACMEv2 clients (Let's Encrypt being the main ACMEv2 certificate issuer). The purpose is to provide a single source of data to manage use, and detect failures and malfunctioning of ACMEv2 clients.

Summary

Two big issues of using Let's Encrypt are client failures and rate-limits of Let's Encrypt. Undetected failures of local clients can happen as a result of server updates, software bugs, or changes in the issuance ecosystem. The rate-limits can be easily hit by a configuration error in a single Let's Encrypt client, or with the growth of the Let's Encrypt use.

keychestamp is a man-in-the-middle (MITM) proxy that extracts operationally important data from ACMEv2 requests. The data can be:

  • sent via a RESTful API to a monitoring service KeyChest, or
  • log locally into text files as JSON messages.

The two options are independent. The former gives access to real-time notifications and online reports, the latter allows you use the proxy without any external dependencies.

The proxy creates its own "root certificate" that is used to create local HTTPS connections between itself and ACMEv2 clients.

Dependencies

keychestamp contains all necessary processing code but it depends on its environment and a correct integration.

Install

Install the application

pip install keychestamp

or

pip install --upgrade --no-cache-dir keychestamp

It needs read-write access to /var/log/keychestamp folder to store local logs, and optionally read-access to /etc/keychestamp for its configuration.

The folders above can be prefixed with a command line switch env.

Install supervisor for automatic restarts

tbd

[program:keychestamp]
directory=/tmp
command=keychestamp
user=root
autostart=true
autorestart=true
stderr_logfile=/var/log/keychestamp/error.log
stdout_logfile=/var/log/keychestamp/audit.log

You can adjust parameters as required.

Restart the supervisor:

systemctl restart supervisord

supervisorctl - is a client, which shows status of processes - it has commands like:

  • start
  • stop
  • restart
  • reread # reads configuration files and shows changes
  • reload # loads the new configuration to use for future commands

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for smartarcs from gravatar.com smartarcs

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.9

This version

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keychestamp-0.1.8.tar.gz (28.0 kB view details)

Uploaded Source

File details

Details for the file keychestamp-0.1.8.tar.gz.

File metadata

  • Download URL: keychestamp-0.1.8.tar.gz
  • Upload date:
  • Size: 28.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/42.0.2 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for keychestamp-0.1.8.tar.gz
Algorithm Hash digest
SHA256 c945ca164952246a89a4558dd59c00e27d49d9e4de813713e6e635b1fef44132
MD5 0935b4e8f55dcc5b2fc2233f60c6b091
BLAKE2b-256 148819a3d9c12211e98e2eb5a376ccf6de77d8a3df79f3a09c94373deff7e27f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page