Skip to main content

Yet another simple Let's Encrypt/ACME client

Project description

This is yet another ACME/Let’s Encrypt client. It’s inspired by acme-tiny, but does things differently.


  • The client is written in Python 3. It’s incompatible with Python 2.x at the moment.

  • There are no dependencies on any third-party Python modules. The code should run fine on a bare Python setup, without anything from PyPI.

  • You need openssl command-line executable available for use in PATH. It’s used for keys and certificate request parsing.

Features and limitations

  • Does not know anything about servers or software. Its only purpose is to obtain a signed certificate.

  • Currently, the only supported challenge type is http-01 (webroot).

  • Does not require any fancy privileges.

    It needs to access the certificate request, have write access to /.well-known/acme-challenge/ and can output the obtained certificate to a file or on stdout.

  • It works with either local account key file, or can use a special remote service that can sign requests.

    That was the primary reason why I wrote my own client: I didn’t want to keep an account’s private key on the untrusted machine.

  • Currently, it only supports EC-256 account keys. It’s easy to add other curve sizes and RSA support, but I’m lazy.

  • It’s meant to be either usable as a standalone command-line utility, or as a simple Python library.

Remote account key protocol

This client supports a special mode of operation where it doesn’t have a local account private key, but asks a remote service to sign whatever payload it needs.

A remote service is located at a single URL, served over HTTPS. To authenticate the client, CLI currently supports only HTTP Basic Authentication.

To sign, we send POST request to a given URL, appending nonce query parameter, and sending the payload as the POST body. We expect the server to answer with 200 OK an return a JWS as a response.

That’s the whole protocol description.


Copyright (c) 2016, Aleksey Zhukov

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See LICENSE file for more information.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

le-client-0.2.tar.gz (9.9 kB view hashes)

Uploaded source

Built Distribution

le_client-0.2-py3.4.egg (26.4 kB view hashes)

Uploaded 3 4

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page