A simple acme client written in python
Project description
pyacme
A simple ACME client written in python
Install
pip install pyacme
or clone this repo and use pip install .
Usage
Acquire certificate using http mode
Apply for single domain certificate using simpleast http config, root privilege needed.
sudo pyacme -d example.com -c "mailto:test@mail.com" -C US --mode http
Acquire certificate using dns mode
Apply for single domain certificate using simpleast dns config, which uses aliyun as dns provider, no root required.
pyacme -d example.com -c "mailto:test@mail.com" -C US -k KEY -s SECRET
Invoke with sudo
If package pyacme is installed inside environment like conda, it may need to specify the python path:
# e.g. inside a conda env
sudo $(which python) -m pyacme -d example.com -c "mailto:test@mail.com" -C US --mode http
Acquire SAN certificates
Use multiple -d to supply domains. When multiple domains supplied, the root domain should be the same.
pyacme -d example.com -d a.example.com -c "mailto:test@mail.com" -C US -k KEY -s SECRET
When domains like "a.example.com", "b.example.com" supplied like the following, the root domain "example.com" will also be added to the certificate and fill the Common Name field.
pyacme -d a.example.com -d b.example.com -c "mailto:test@mail.com" -C US -k KEY -s SECRET
Options reference
required arguments:
-d, --domain str
FDQN; international domain should use punycode; use multiple -d to provide more than one domains.
-c, --contact str
input domain holder's email address for CA to send notification, use multiple -c to provide more than one contact email. mailto: prefix must be included.
-C, --country_code
two-digit country code, e.g. CN
optional arguments:
-h, --help
show this help message and exit
--csr_subjects str
key=value string to csr values besisdes C and CN, e.g. "ST=State,L=Locality,O=test Org,emailAddres=test@email.org"
--account_private_key path
absolute path to a pem private key file. RSA key size must be larger than 2048 and multiple of 4
--not_before str
a date time string, acme order will not be availabe before this time; has no effect for now
--not_after str
a date time string, acme order will not be availabe after this time; has no effect for now
-w, --working_directory path
dafault is ~/.pyacme ; cert can be found at working_directroy/cert
-m {http,dns}, --mode {http,dns}
decide how to complete acme challenges, default "dns"; root privilege needed for "http" mode
--dnsprovider {aliyun}
select one dnsprovider, current support following providers ['aliyun'], default provider aliyun
-k, --access_key str
access key or token to dns provider, if mode is "dns", this option is required; if mode is "http", this option is omitted
-s, --secret str
secret or token to dns provider, if mode is "dns", and dnsprovider is "aliyun" this option is required; if mode is "http", this option is omitted
--dns_specifics str
for certain dnsproviders, pass string like "key1=value1,key2=value2 ..."
--CA_entry url
url to a CA /directory, default is https://acme-v02.api.letsencrypt.org/directory
--poll_interval float
seconds between each authorization poll, default 5.0
--poll_retry_count int
total count of authorization poll retry, default 24
--csr_priv_key_type {rsa, es256}
select key type to sign CSR, default "rsa", which is rsa 2048; ECDSA with SECP256R1 is supported
--csr_priv_key_size int
Optional, key size of key that will sign CSR, default 2048
--chall_resp_server_port int
the port used when responding to http-01 challenge; default on port 80, root previlige needed
--no_ssl_verify
disable ssl certificate verification when requesting acme resources, default False
--debug
set this option to output debug message
--version
show program's version number and exit
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyacme-0.0.1rc0.tar.gz.
File metadata
- Download URL: pyacme-0.0.1rc0.tar.gz
- Upload date:
- Size: 34.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.0 setuptools/51.0.0.post20201207 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
123df74d7689359acad10225cc66456d44850904afa0c9615f02d3a4e604be7b
|
|
| MD5 |
e9d3ab5464a7a79699fe4e2040889c18
|
|
| BLAKE2b-256 |
621b50eec05babaf4a2ccdb1e8ddbb7f8813a24f95fc4e1004a822bacbd28007
|
File details
Details for the file pyacme-0.0.1rc0-py3-none-any.whl.
File metadata
- Download URL: pyacme-0.0.1rc0-py3-none-any.whl
- Upload date:
- Size: 31.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.0 setuptools/51.0.0.post20201207 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9deafc9fb0a60cc99b79cd2f9337f19e1299264d77bca72582b5cd33841114a4
|
|
| MD5 |
ed17063f6c977222a9cf78210ef198dc
|
|
| BLAKE2b-256 |
05f48535ccc6f475b1f0ee5dfdd3fda54f387001ca8773b15ebdb51511a60f4c
|