moepman
/
acertmgr
mirror of https://github.com/moepman/acertmgr.git
1
0
Fork 0
Code Releases Activity

Make it a configuration option which ACME authority is used

This commit is contained in:
David Klaftenegger 2016-04-04 19:11:46 +02:00 committed by Markus Hauschild
parent a8205c47cb
commit 2dbae6673a
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -34,6 +34,7 @@ Thirdly, you should decide which challenge mode you want to use with acertmgr
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port.
Finally, you need to setup the configuration files, as shown in the next section.
While testing, you can use the acme-staging authority instead, so you avoid issuing too many certificates.
Configuration
-------------
@ -50,6 +51,8 @@ mode: webdir
#mode: standalone
#port: 13135
webdir: /var/www/acme-challenge/
authority: "https://acme-v01.api.letsencrypt.org"
#authority: "https://acme-staging.api.letsencrypt.org"
defaults:
cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem

2
acertmgr.py
View File

@ -96,7 +96,7 @@ def cert_get(domains, settings):
key = key_fd.read()
key_fd.close()
cr = acertmgr_ssl.cert_request(domains.split(), key)
crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir)
crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir, settings['authority'])
with open(crt_file, "w") as crt_fd:
crt_fd.write(crt)

5
acertmgr_ssl.py
View File

@ -22,9 +22,6 @@ try:
except ImportError:
from urllib2 import urlopen # Python 2
DEFAULT_CA = "https://acme-staging.api.letsencrypt.org"
#DEFAULT_CA = "https://acme-v01.api.letsencrypt.org"
# @brief retrieve notBefore and notAfter dates of a certificate file
# @param cert_file the path to the certificate
# @return the tuple of dates: (notBefore, notAfter)
@ -68,7 +65,7 @@ def base64_enc(b):
# @param CA which signing CA to use
# @return the certificate in PEM format
# @note algorithm and parts of the code are from acme-tiny
def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA=DEFAULT_CA):
def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA):
print("Reading account key...")
with open(account_key_file) as f:
account_key_data = f.read()