ACME certificate service for Swarmauri
Project description
Swarmauri ACME Certificate Service
Community plugin providing an ACME (RFC 8555) certificate service built on top of Swarmauri's certificate interfaces.
Features
- Implements
AcmeCertService, a drop-inCertServiceBasecompatible class for Swarmauri workflows. - Supports ACME directory discovery, order creation, finalization, and full chain retrieval.
- Handles RSA and EC key material while exposing capability metadata through
supports(). - Convenience helpers for certificate verification and parsing using
cryptographyprimitives.
Prerequisites
- Python 3.10 or newer.
- Existing ACME account key material (PEM encoded) accessible to your Swarmauri runtime.
- Network access to your chosen ACME directory (defaults to Let's Encrypt production).
- DNS or HTTP challenge automation handled externally; this service focuses on CSR submission and certificate retrieval.
Installation
# pip
pip install swarmauri_certs_acme
# poetry
poetry add swarmauri_certs_acme
# uv (pyproject-based projects)
uv add swarmauri_certs_acme
Quickstart
The snippet below submits a CSR to Let's Encrypt using AcmeCertService and persists the resulting PEM chain.
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(
account_key=account_key,
contact_emails=["admin@example.com"],
)
csr_bytes = Path("server.csr").read_bytes()
certificate_chain = await service.sign_cert(
csr=csr_bytes,
ca_key=account_key, # required by the CertService interface
)
Path("server-fullchain.pem").write_bytes(certificate_chain)
print("Certificate chain written to server-fullchain.pem")
if __name__ == "__main__":
asyncio.run(main())
CSR Generation Example
AcmeCertService can construct a CSR when provided with private key material and subject metadata:
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def build_csr() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
host_key = KeyRef(material=Path("server-key.pem").read_bytes())
service = AcmeCertService(account_key=account_key)
csr_bytes = await service.create_csr(
key=host_key,
subject={"CN": "example.com"},
san={"dns": ["example.com", "www.example.com"]},
)
Path("server.csr").write_bytes(csr_bytes)
if __name__ == "__main__":
asyncio.run(build_csr())
Verification and Parsing
Use the built-in helpers to inspect returned certificates before deployment:
import asyncio
from pathlib import Path
from swarmauri_certs_acme import AcmeCertService
from swarmauri_core.crypto.types import KeyRef
async def inspect() -> None:
account_key = KeyRef(material=Path("account-key.pem").read_bytes())
service = AcmeCertService(account_key=account_key)
pem_chain = Path("server-fullchain.pem").read_bytes()
info = await service.verify_cert(pem_chain)
print("Issuer:", info["issuer"])
print("Valid until:", info["not_after"])
metadata = await service.parse_cert(pem_chain)
print(metadata)
if __name__ == "__main__":
asyncio.run(inspect())
Best Practices
- Rotate account keys periodically and store them in a secure vault (
KeyRefworks with external KMS integrations). - When using Let's Encrypt production, respect rate limits and consider staging endpoints during development.
- Automate DNS/HTTP challenges upstream; this service assumes the order is ready for finalization once the CSR is submitted.
- Cache successful certificate chains and perform proactive renewals before
not_afterto avoid downtime.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_acme-0.3.0.dev22.tar.gz.
File metadata
- Download URL: swarmauri_certs_acme-0.3.0.dev22.tar.gz
- Upload date:
- Size: 8.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.27 {"installer":{"name":"uv","version":"0.9.27","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b5a19c1ee09483290a986616117e6ecc5e1a842a82f169968b09d3de3659ca07
|
|
| MD5 |
305dabdc9c1ad87bb221c0a06592fe7e
|
|
| BLAKE2b-256 |
5e40161cdf0b81ae3a6978c9fc1268138c265d9a7d74501170e0789b0b6a353e
|
File details
Details for the file swarmauri_certs_acme-0.3.0.dev22-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_acme-0.3.0.dev22-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.27 {"installer":{"name":"uv","version":"0.9.27","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab8afc3540561a717fb463f851d4c5e3084472dfb58c7ad921bc6ae52fe92bb0
|
|
| MD5 |
8d78a47ecca52ea3e182003561dccabd
|
|
| BLAKE2b-256 |
0f6c057bc13087f72375540b35e7afc5118908fd11d90770c5807feb91e7f1c7
|
