Skip to main content

ACME v2 certificate service for Swarmauri CSR creation, certificate issuance, PEM chain retrieval, and X.509 inspection.

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_acme Discord

Swarmauri ACME Certificate Service

swarmauri_certs_acme provides AcmeCertService, a Swarmauri certificate service for ACME v2 certificate issuance. It uses the Python acme client and cryptography primitives to build PKCS#10 certificate signing requests, submit ACME orders, finalize issued certificates, return PEM or DER chains, and inspect X.509 certificate metadata.

Why Swarmauri ACME Certificate Service?

Use this package when Swarmauri workloads need automated certificate issuance through an ACME certificate authority such as Let's Encrypt. It keeps ACME directory discovery, account-key handling, CSR creation, order finalization, certificate parsing, and capability reporting behind the common Swarmauri certificate-service interface.

FAQ

Q: What standards does this package target?

A: AcmeCertService targets ACME v2 from RFC 8555, PKCS#10 CSRs from RFC 2986, and X.509 certificate parsing semantics from RFC 5280.

Q: Does this package solve ACME challenges?

A: No. DNS-01 or HTTP-01 challenge automation must be handled by the caller or surrounding infrastructure. This service focuses on CSR construction, ACME order submission/finalization, and certificate retrieval.

Q: What key algorithms does it advertise?

A: supports() reports RSA-2048, RSA-3072, EC-P256, and EC-P384 key support with RS256, ES256, and ES384 signature algorithms.

Q: When should I use another certificate package?

A: Use local or self-signed certificate packages for offline development and internal test chains. Use cloud, enterprise CA, or verification-specific packages when certificate issuance or validation is owned by another provider.

Features

  • AcmeCertService class registered under the swarmauri.certs entry point.
  • ACME v2 directory discovery and ClientV2 order finalization.
  • PEM account-key loading from Swarmauri KeyRef objects.
  • PKCS#10 CSR creation with common-name and DNS subject alternative name support.
  • PEM full-chain retrieval by default, with DER chain output available.
  • X.509 certificate parsing and basic validity-window inspection.
  • Capability metadata for supported key algorithms, signature algorithms, profiles, and features.
  • Python 3.10, 3.11, 3.12, 3.13, and 3.14 support.

Prerequisites

  • ACME account private key material available as PEM bytes.
  • A CSR or host private key material for CSR creation.
  • Network access to the target ACME directory.
  • External automation for ACME challenge presentation and validation.
  • Awareness of CA staging and production rate limits before running automated issuance.

Installation

Install with uv:

uv add swarmauri_certs_acme

Install with pip:

pip install swarmauri_certs_acme

Usage

Create an ACME service with a PEM account key:

from pathlib import Path

from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef

account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(
    account_key=account_key,
    contact_emails=["admin@example.com"],
)

print(service.supports()["features"])

Build a CSR for a host key:

import asyncio
from pathlib import Path

from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    account_key = KeyRef(material=Path("account-key.pem").read_bytes())
    host_key = KeyRef(material=Path("server-key.pem").read_bytes())
    service = AcmeCertService(account_key=account_key)

    csr = await service.create_csr(
        key=host_key,
        subject={"CN": "example.com"},
        san={"dns": ["example.com", "www.example.com"]},
    )
    Path("server.csr").write_bytes(csr)


asyncio.run(main())

Submit a CSR and persist the returned certificate chain:

import asyncio
from pathlib import Path

from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    account_key = KeyRef(material=Path("account-key.pem").read_bytes())
    service = AcmeCertService(account_key=account_key)

    certificate_chain = await service.sign_cert(
        csr=Path("server.csr").read_bytes(),
        ca_key=account_key,
    )
    Path("server-fullchain.pem").write_bytes(certificate_chain)


asyncio.run(main())

Inspect an issued certificate:

import asyncio
from pathlib import Path

from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    account_key = KeyRef(material=Path("account-key.pem").read_bytes())
    service = AcmeCertService(account_key=account_key)
    pem_chain = Path("server-fullchain.pem").read_bytes()

    verification = await service.verify_cert(pem_chain)
    parsed = await service.parse_cert(pem_chain)

    print(verification["valid"])
    print(parsed["subject"])


asyncio.run(main())

Related Packages

Certificate service packages:

Foundational packages:

Best Practices

  • Use ACME staging endpoints during development and load tests.
  • Store account and host private keys in a secure KMS or vault-backed KeyRef workflow.
  • Automate challenge presentation outside this package before finalizing orders.
  • Cache issued certificate chains and renew before not_after to avoid service interruptions.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_acme-0.11.0.dev1.tar.gz (9.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl (10.7 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_acme-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_certs_acme-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_acme-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 709fa1637676d1044c17162c5e7b6984c20ab4735aed5dc383e945cfd315d854
MD5 f8b595f957224eac7ff4885827dc7861
BLAKE2b-256 5cc7fb56c288c3090ce14426c67bbc24a1d4cae95cb2ab5ecdccba1efcbb9cff

See more details on using hashes here.

File details

Details for the file swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_acme-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 7c33cacd0e93e98441e827b793ca5872df79b43af2647eb4c26b28b2fe8175fe
MD5 51e496c012562ac90e064f16b42ec41b
BLAKE2b-256 e5be7fb5a17f605c092b506fdcc3fc2486cef55872e465b0327ded68f2f12c1c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page