ACME v2 certificate service for Swarmauri CSR creation, certificate issuance, PEM chain retrieval, and X.509 inspection.
Project description
Swarmauri ACME Certificate Service
swarmauri_certs_acme provides AcmeCertService, a Swarmauri certificate service for ACME v2 certificate issuance. It uses the Python acme client and cryptography primitives to build PKCS#10 certificate signing requests, submit ACME orders, finalize issued certificates, return PEM or DER chains, and inspect X.509 certificate metadata.
Why Swarmauri ACME Certificate Service?
Use this package when Swarmauri workloads need automated certificate issuance through an ACME certificate authority such as Let's Encrypt. It keeps ACME directory discovery, account-key handling, CSR creation, order finalization, certificate parsing, and capability reporting behind the common Swarmauri certificate-service interface.
FAQ
Q: What standards does this package target?
A: AcmeCertService targets ACME v2 from RFC 8555, PKCS#10 CSRs from RFC 2986, and X.509 certificate parsing semantics from RFC 5280.
Q: Does this package solve ACME challenges?
A: No. DNS-01 or HTTP-01 challenge automation must be handled by the caller or surrounding infrastructure. This service focuses on CSR construction, ACME order submission/finalization, and certificate retrieval.
Q: What key algorithms does it advertise?
A: supports() reports RSA-2048, RSA-3072, EC-P256, and EC-P384 key support with RS256, ES256, and ES384 signature algorithms.
Q: When should I use another certificate package?
A: Use local or self-signed certificate packages for offline development and internal test chains. Use cloud, enterprise CA, or verification-specific packages when certificate issuance or validation is owned by another provider.
Features
AcmeCertServiceclass registered under theswarmauri.certsentry point.- ACME v2 directory discovery and
ClientV2order finalization. - PEM account-key loading from Swarmauri
KeyRefobjects. - PKCS#10 CSR creation with common-name and DNS subject alternative name support.
- PEM full-chain retrieval by default, with DER chain output available.
- X.509 certificate parsing and basic validity-window inspection.
- Capability metadata for supported key algorithms, signature algorithms, profiles, and features.
- Python 3.10, 3.11, 3.12, 3.13, and 3.14 support.
Prerequisites
- ACME account private key material available as PEM bytes.
- A CSR or host private key material for CSR creation.
- Network access to the target ACME directory.
- External automation for ACME challenge presentation and validation.
- Awareness of CA staging and production rate limits before running automated issuance.
Installation
Install with uv:
uv add swarmauri_certs_acme
Install with pip:
pip install swarmauri_certs_acme
Usage
Create an ACME service with a PEM account key:
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(
account_key=account_key,
contact_emails=["admin@example.com"],
)
print(service.supports()["features"])
Build a CSR for a host key:
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
host_key = KeyRef(material=Path("server-key.pem").read_bytes())
service = AcmeCertService(account_key=account_key)
csr = await service.create_csr(
key=host_key,
subject={"CN": "example.com"},
san={"dns": ["example.com", "www.example.com"]},
)
Path("server.csr").write_bytes(csr)
asyncio.run(main())
Submit a CSR and persist the returned certificate chain:
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(account_key=account_key)
certificate_chain = await service.sign_cert(
csr=Path("server.csr").read_bytes(),
ca_key=account_key,
)
Path("server-fullchain.pem").write_bytes(certificate_chain)
asyncio.run(main())
Inspect an issued certificate:
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(account_key=account_key)
pem_chain = Path("server-fullchain.pem").read_bytes()
verification = await service.verify_cert(pem_chain)
parsed = await service.parse_cert(pem_chain)
print(verification["valid"])
print(parsed["subject"])
asyncio.run(main())
Related Packages
Certificate service packages:
- swarmauri_certs_local_ca
- swarmauri_certs_self_signed
- swarmauri_certs_x509
- swarmauri_certs_azure
- swarmauri_certs_cfssl
- swarmauri_certservice_stepca
Foundational packages:
- swarmauri_core defines the certificate-service interfaces and
KeyReftypes. - swarmauri_base provides
CertServiceBase. - swarmauri_standard provides standard Swarmauri components used alongside certificate workflows.
- swarmauri provides namespace imports and plugin discovery.
Best Practices
- Use ACME staging endpoints during development and load tests.
- Store account and host private keys in a secure KMS or vault-backed
KeyRefworkflow. - Automate challenge presentation outside this package before finalizing orders.
- Cache issued certificate chains and renew before
not_afterto avoid service interruptions.
License
Apache-2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_acme-0.11.0.dev1.tar.gz.
File metadata
- Download URL: swarmauri_certs_acme-0.11.0.dev1.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
709fa1637676d1044c17162c5e7b6984c20ab4735aed5dc383e945cfd315d854
|
|
| MD5 |
f8b595f957224eac7ff4885827dc7861
|
|
| BLAKE2b-256 |
5cc7fb56c288c3090ce14426c67bbc24a1d4cae95cb2ab5ecdccba1efcbb9cff
|
File details
Details for the file swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl
- Upload date:
- Size: 10.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c33cacd0e93e98441e827b793ca5872df79b43af2647eb4c26b28b2fe8175fe
|
|
| MD5 |
51e496c012562ac90e064f16b42ec41b
|
|
| BLAKE2b-256 |
e5be7fb5a17f605c092b506fdcc3fc2486cef55872e465b0327ded68f2f12c1c
|