Skip to main content

No project description provided

Project description

[![pipeline status](](
[![coverage report](](

# microacme
`microacme` is a library intended to be used with an ACME-speaking API server, such as the one run by the LetsEncrypt service.

# Why another ACME client?
`microacme`'s main advantage is that it is designed to be easily subclassed and extended
to allow for custom implementations of solving the ACME challenges,
without having to worry about implementing the ACME RFC from scratch.

# History
It began life in 2016 as a fork of diafygi's excellent [tiny-acme project](
The goals of that original library were to be small, dependency free, and easily audited. This fork
intends to keep the smallness, but not at the expense of readability or usability as an extendable library.
Also, instead of avoiding dependencies it relies on well-regarded third-party libraries for HTTP requests,
JSON web token signatures, and cryptographic primitives (using `requests`, `jwcrypto`, and `cryptography`, respectively).

At this point, almost the entire codebase has been rewritten from scratch and bears almost no resemblance to its initial inspiration, `tiny-acme`.

# Installation
`pip install microacme`

# Usage
To use `microacme`, you need to implement a few methods on a subclass of `microacme.ACMEClient`.

from microacme import ACMEClient

class MyCustomACMEClient(ACMEClient):
Use this class as an example to build your
ACME client. Override the methods below
to customize the challenge/response behavior
of the ACME client.
def select_challenge(self, domain, challenges):
Each domain has multiple options for solving challenges.

Override this function to pick which challenge you want to
solve for this domain.

def set_challenge(self, domain, challenge):
After a challenge has been selected, it needs to actually exist somewhere.

This is where you fulfill the challenge requirements.
raise NotImplementedError("Need to implement a function to set the challenge.")

def validate_challenge(self, domain, challenge):
Used to give the ACMEClient instance a chance to make sure
that the outside world will see the changes made by set_challenge.

By default, does nothing. Could be used, for example, to sleep(1) while waiting
for an asynchronous upload to take place to a remote webserver. Or to wait while
DNS propagation occurs.

def cleanup_completed_challenge(self, domain, challenge):
This method is called after the challenge has succeeded. It is used
to cleanup any artifacts of solving the challenge.

Once you've implemented these methods, you can instantiate your client with an account_key and a CA url.

import microacme

my_client = MyCustomACMEClient(

# If you've never used this particular account_key before:

# Now you're ready to get a certificate. First, create a key:
key = microacme.generate_crypto_key(key_size=3072)

# Next, generate a Certificate Signing Request (CSR):
csr = microacme.generate_csr(
org_name='Widget Maker, Inc.',

# Finally, ask the ACME server to authorize, validate, and issue the certificate:
cert, issuer_cert = microacme.get_certificate(csr)

# Congratulations, you're encrypted!

# Helper Methods
`microacme` has a handful of utility methods which may come in handy as you are shuffling
keys and certs around between different systems. Most of them are self explanatory, but
some example usage is included below.

import microacme

# Working with keys
crypto_key = microacme.generate_crypto_key(key_size=2048):
pem_bytes = microacme.crypto_key_to_pem(crypto_key, passphrase=None) # Tack on a passphrase to protect the key at rest.
loaded_crypto_key = microacme.pem_to_crypto_key(pem_bytes, passphrase=None) # Use a passphrase if the key is encrypted

# Working with CSRs
csr_object = microacme.generate_csr(
csr_pem_bytes = microacme.csr_to_pem(csr_object)
csr_object = microacme.pem_to_csr(csr_pem_bytes)

# Working with Certificates
cert_pem_bytes = microacme.cert_to_pem(cert_obj)
cert_object = microacme.pem_to_cert(cert_pem_bytes)
cert_object = microacme.der_to_cert(cert_der_bytes)

# Contributing
Please feel free to open issues on our [Gitlab issue tracker](

# License
The original inspiration for `microacme` was licensed as MIT. We retain that license as well for this library.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

microacme-3.2.4.tar.gz (8.0 kB view hashes)

Uploaded Source

Built Distribution

microacme-3.2.4-py3-none-any.whl (11.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page