Skip to main content

Sewer is a programmatic Lets Encrypt(ACME) client

Project description

## Sewer

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/ccf655afb3974e9698025cbb65949aa2)](https://www.codacy.com/app/komuW/sewer?utm_source=github.com&utm_medium=referral&utm_content=komuW/sewer&utm_campaign=Badge_Grade)
[![CircleCI](https://circleci.com/gh/komuW/sewer/tree/master.svg?style=svg)](https://circleci.com/gh/komuW/sewer/tree/master)


Sewer is a Let's Encrypt(ACME) client.
It allows you to obtain ssl/tls certificates from Let's Encrypt.
Sewer currently only supports the DNS mode of validation. The only currently supported DNS provider is cloudflare but I will add more as time progresses.
Sewer can be used very easliy programmatically as a library from code.
Sewer also comes with a command-line(cli) interface(app) that you can use from your favourite terminal


## Installation:

```shell
pip install sewer
```
Sewer is in active development and it's API may change in backward incompatible ways.


## Usage:

```python
import sewer

dns_class = sewer.CloudFlareDns(CLOUDFLARE_DNS_ZONE_ID='random',
CLOUDFLARE_EMAIL='example@example.com',
CLOUDFLARE_API_KEY='nsa-grade-api-key')

# 1. to create a new certificate:
client = sewer.Client(domain_name='example.com',
dns_class=dns_class)
certificate = client.cert()
certificate_key = client.certificate_key
account_key = client.account_key

print "your certicate is:", certificate
print "your certificate's key is:", certificate_key
print "\n\n"
print "you can write them to a file then add that file to your favourite webserver."

with open('certificate.crt', 'w') as certificate_file:
certificate_file.write(certificate)

with open('certificate.key', 'w') as certificate_key_file:
certificate_key_file.write(certificate_key)

print "your account key is:", account_key
print "IMPORTANT: keep your account key in a very safe and secure place."

with open('account_key.key', 'w') as account_key_file:
account_key_file.write(account_key)



# 2. to renew a certificate:
import sewer

dns_class = sewer.CloudFlareDns(CLOUDFLARE_DNS_ZONE_ID='random',
CLOUDFLARE_EMAIL='example@example.com',
CLOUDFLARE_API_KEY='nsa-grade-api-key')

with open('account_key.key', 'r') as account_key_file:
account_key = account_key_file.read()

client = sewer.Client(domain_name='example.com',
dns_class=dns_class,
account_key=account_key)
certificate = client.renew()
certificate_key = client.certificate_key

with open('certificate.crt', 'w') as certificate_file:
certificate_file.write(certificate)

with open('certificate.key', 'w') as certificate_key_file:
certificate_key_file.write(certificate_key)
```


## CLI:
Sewer also ships with a commandline interface(called `sewer` or `sewer-cli`) that you can use to get/renew certificates.
Your dns providers credentials need to be supplied as environment variables.

To get certificate, run:
```shell
CLOUDFLARE_EMAIL=example@example.com \
CLOUDFLARE_DNS_ZONE_ID=some-zone \
CLOUDFLARE_API_KEY=api-key \
sewer \
--dns cloudflare \
--domains example.com \
--action run
```

To renew a certificate, run:
```shell
CLOUDFLARE_EMAIL=example@example.com \
CLOUDFLARE_DNS_ZONE_ID=some-zone \
CLOUDFLARE_API_KEY=api-key \
sewer \
--account_key /path/to/your/account.key \
--dns cloudflare \
--domains example.com \
--action renew
```

To see help:
```shell
sewer --help

usage: sewer [-h] [--account_key ACCOUNT_KEY] --dns {cloudflare} --domains
DOMAINS --action {run,renew}

Sewer is a Let's Encrypt(ACME) client.

optional arguments:
-h, --help show this help message and exit
--account_key ACCOUNT_KEY
The path to your letsencrypt/acme account key.
--dns {cloudflare} The name of the dns provider that you want to use.
--domains DOMAINS The domain/subdomain name for which you want to
get/renew certificate for.
--bundle_name BUNDLE_NAME
The name to use for certificate certificate key and
account key. Default is value of domains.
--action {run,renew} The action that you want to perform. Either run (get a
new certificate) or renew (renew a certificate).
```

The cerrtificate, certificate key and account key will be saved in the directory that you run sewer from.

The commandline interface(app) is called `sewer` or alternatively you could use, `sewer-cli`.

## TODO:
- support more DNS providers
- add robust tests
- be able to handle SAN(subject alternative names)
- add ci



## FAQ:
- Why another ACME client?
I wanted an ACME client that I could use to programmatically(as a library) acquire/get certificates. However I could not
find anything satisfactory for use in Python code.
- Why is it called Sewer?
Because, for the longest time now, getting certificates has felt like wading through sewers. That was before Let's Encrypt showed up.
Also, I really like the Kenyan hip hop artiste going by the name of Kitu Sewer.


## Development setup:
- fork this repo.
- cd sewer
- sudo apt-get install pandoc
- open an issue on this repo. In your issue, outline what it is you want to add and why.
- install pre-requiste software:
```shell
apt-get install pandoc && pip install twine wheel pypandoc coverage yapf flake8
```
- make the changes you want on your fork.
- your changes should have backward compatibility in mind unless it is impossible to do so.
- add your name and contact(optional) to
- add tests
- run tests to make sure they are passing
- format your code using [yapf](https://github.com/google/yapf):
```shell
yapf --in-place --style "google" -r .
```
- run [flake8](https://pypi.python.org/pypi/flake8) on the code and fix any issues:
```shell
flake8 .
```
- open a pull request on this repo.

NB: I make no commitment of accepting your pull requests.




```shell
CLOUDFLARE_EMAIL=example@example.com \
CLOUDFLARE_DNS_ZONE_ID=random \
CLOUDFLARE_API_KEY=nsa-grade-api-key \
sewer \
--dns cloudflare \
--domains subdomain.example.com \
--action run

2017-07-14 18:09.55 chosen_dns_provider message=Using cloudflare as dns provider.
2017-07-14 18:09.55 create_certificate_key client_name=ACMEclient
2017-07-14 18:09.55 create_csr client_name=ACMEclient
2017-07-14 18:09.55 get_certificate_chain client_name=ACMEclient
2017-07-14 18:09.56 create_account_key client_name=ACMEclient
2017-07-14 18:09.56 just_get_me_a_certificate ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.56 acme_register ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.56 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.56 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.58 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.59 get_challenge ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.59 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:09.59 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.02 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.04 get_keyauthorization ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.04 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.08 notify_acme_challenge_set ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.08 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.08 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.10 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.11 check_challenge ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.19 get_certicate ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.19 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.19 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.21 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient domain_name=subdomain.example.com
2017-07-14 18:10.22 the_end message=Certificate Succesfully issued. The certificate, certificate key and account key have been saved in the current directory
```


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sewer, version 0.1.3
Filename, size File type Python version Upload date Hashes
Filename, size sewer-0.1.3-py2-none-any.whl (13.4 kB) File type Wheel Python version py2 Upload date Hashes View
Filename, size sewer-0.1.3.tar.gz (9.6 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page