Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aapeliv/pico-acme
Tiny python package to get Let's Encrypt certificates
https://github.com/aapeliv/pico-acme
Last synced: 26 days ago
JSON representation
Tiny python package to get Let's Encrypt certificates
- Host: GitHub
- URL: https://github.com/aapeliv/pico-acme
- Owner: aapeliv
- License: apache-2.0
- Created: 2023-06-17T03:49:36.000Z (over 1 year ago)
- Default Branch: develop
- Last Pushed: 2024-03-31T16:41:54.000Z (7 months ago)
- Last Synced: 2024-10-07T05:43:54.479Z (about 1 month ago)
- Language: Python
- Homepage:
- Size: 14.6 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: license.md
Awesome Lists containing this project
README
# pico acme
The tiniest python package to get ACMEv2 certs from [Let's Encrypt](https://letsencrypt.org/).
Supports only single domains and DNS challenge. Currently implements AWS Route 53 but you can trivially implement your own provider.
Licensed under Apache 2.0 as this reuses some code from certbot.
## quick start
Install from PyPI:
```sh
pip install pico-acme
```
(Note that you need to install `boto3` separately to use `route53`.)
### `new.py`:
```py
ROUTE53_HOSTED_ZONE_ID = "..."
ACCOUNT_EMAIL = "[email protected]"
DOMAIN = "example.com"
# create account, get cert, and save details
import pico_acme
from pico_acme import route53
# register an acme account
acme_client = pico_acme.register_account(ACCOUNT_EMAIL, agree_tos=True)
# create a private key and certificate signing request
key_pem = pico_acme.make_key()
csr_pem = pico_acme.make_csr(key_pem, [DOMAIN])
# get functions for upserting and cleaning up DNS records in AWS Route 53
upsert, clean = route53.route53_upsert_cleanup(ROUTE53_HOSTED_ZONE_ID)
# perform DNS-01 challenge to get the full chain as PEM
fullchain_pem = pico_acme.perform_dns01(acme_client, DOMAIN, csr_pem, upsert, clean)
# save account for later
with open("pico_acme_account.json", "w") as f:
f.write(pico_acme.serialize_account(acme_client))
# save private key for later
with open("key.pem", "wb") as f:
f.write(key_pem)
# save the cert for later
with open("fullchain.pem", "w") as f:
f.write(fullchain_pem)
```
### `renew.py`:
```py
ROUTE53_HOSTED_ZONE_ID = "..."
DOMAIN = "example.com"
# later, load account, private key, and renew cert
import pico_acme
from pico_acme import route53
# load account
with open("pico_acme_account.json") as f:
acme_client = pico_acme.deserialize_account(f.read())
# load private key
with open("key.pem", "rb") as f:
key_pem = f.read()
# make a new certificate signing request
csr_pem = pico_acme.make_csr(key_pem, [DOMAIN])
# get functions for upserting and cleaning up DNS records in AWS Route 53
upsert, clean = route53.route53_upsert_cleanup(ROUTE53_HOSTED_ZONE_ID)
# perform DNS-01 challenge to get the full chain as PEM
fullchain_pem = pico_acme.perform_dns01(acme_client, DOMAIN, csr_pem, upsert, clean)
# save the cert for later
with open("fullchain.pem", "w") as f:
f.write(fullchain_pem)
```
### checking if you need to renew
```py
import pico_acme
with open("fullchain.pem") as f:
fullchain_pem = f.read()
if pico_acme.should_renew(fullchain_pem):
print("due for renewal")
```
## architecture & features
The `perform_dns01` takes two callables, `upsert(record, value)` which should set the value `value` (the verification string) in record `record` (e.g. `_acme-challenge.example.com`), and `clean(record, value)` which should clean these up. See the `route53.py` implementation for details.
## acknowledgements
This is based very heavily on [certbot](https://github.com/certbot/certbot), with portions copied directly.