sewer 0.0.5

Sewer is a programmatic Lets Encrypt(ACME) client

Sewer

Sewer is a Let’s Encrypt(ACME) client.

It allows you to obtain ssl/tls certificates from Let’s Encrypt.

Sewer currently only supports the DNS mode of validation. The only currently supported DNS provider is cloudflare but I will add more as time progresses.

Sewer can be used very easliy programmatically as a library from code.

Sewer also comes with a command-line(cli) interface(app) that you can use from your favourite terminal

Installation:

pip install sewer

Sewer is in active development and it’s API may change in backward incompatible ways.

Usage:

import sewer

# 1. to create a new certificate:
client = sewer.Client(domain_name='example.com',
                      CLOUDFLARE_DNS_ZONE_ID='random',
                      CLOUDFLARE_EMAIL='example@example.com',
                      CLOUDFLARE_API_KEY='nsa-grade-api-key')
certificate = client.cert()
certificate_key = client.certificate_key
account_key = client.account_key

print "your certicate is:", certificate
print "your certificate's key is:", certificate_key
print "\n\n"
print "you can write them to a file then add that file to your favourite webserver."

with open('certificate.crt', 'w') as certificate_file:
    certificate_file.write(certificate)

with open('certificate.key', 'w') as certificate_key_file:
    certificate_key_file.write(certificate_key)

print "your account key is:", account_key
print "IMPORTANT: keep your account key in a very safe and secure place."

with open('account_key.key', 'w') as account_key_file:
    account_key_file.write(account_key)



# 2. to renew a certificate:
import sewer

with open('account_key.key', 'r') as account_key_file:
    account_key = account_key_file.read()

client = sewer.Client(domain_name='example.com',
                      CLOUDFLARE_DNS_ZONE_ID='random',
                      CLOUDFLARE_EMAIL='example@example.com',
                      CLOUDFLARE_API_KEY='nsa-grade-api-key',
                      account_key=account_key)
certificate = client.renew()
certificate_key = client.certificate_key

with open('certificate.crt', 'w') as certificate_file:
    certificate_file.write(certificate)

with open('certificate.key', 'w') as certificate_key_file:
    certificate_key_file.write(certificate_key)

CLI:

Sewer also ships with a commandline interface(called sewer or sewer-cli) that you can use to get/renew certificates.

Your dns providers credentials need to be supplied as environment variables.

To get certificate, run:

CLOUDFLARE_EMAIL=example@example.com CLOUDFLARE_DNS_ZONE_ID=some-zone CLOUDFLARE_API_KEY=api-key sewer --dns cloudflare --domains example.com --action run

To renew a certificate, run:

CLOUDFLARE_EMAIL=example@example.com CLOUDFLARE_DNS_ZONE_ID=some-zone CLOUDFLARE_API_KEY=api-key sewer --account_key /path/to/your/account.key --dns cloudflare --domains example.com --action renew

The cerrtificate, certificate key and account key will be saved in the directory that you run sewer from.

The commandline interface(app) is called sewer or alternatively you could use, sewer-cli.

TODO:

• make it DNS provider agnostic

• support more DNS providers

• add robust tests

• be able to handle SAN(subject alternative names)

• add ci

FAQ:

• Why another ACME client? I wanted an ACME client that I could use to programmatically(as a library) acquire/get certificates. However I could not find anything satisfactory for use in Python code.

• Why is it called Sewer? Because, for the longest time now, getting certificates has felt like wading through sewers. That was before Let’s Encrypt showed up. Also, I really like the Kenyan hip hop artiste going by the name of Kitu Sewer.

Development setup:

• fork this repo.

• cd sewer

• sudo apt-get install pandoc

• open an issue on this repo. In your issue, outline what it is you want to add and why.

• install pre-requiste software: apt-get install pandoc && pip install twine wheel pypandoc coverage yapf flake8

• make the changes you want on your fork.

• your changes should have backward compatibility in mind unless it is impossible to do so.

• add your name and contact(optional) to

• add tests

• run tests to make sure they are passing

• format your code using yapf: yapf --in-place --style "google" -r .

• run flake8 on the code and fix any issues: flake8 .

• open a pull request on this repo.

NB: I make no commitment of accepting your pull requests.