moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-14 18:35:27 +01:00
Code Releases Activity

Make it a configuration option which ACME authority is used

Browse Source
This commit is contained in:
David Klaftenegger 2016-04-04 19:11:46 +02:00 committed by Markus Hauschild
parent a8205c47cb
commit 2dbae6673a
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -34,6 +34,7 @@ Thirdly, you should decide which challenge mode you want to use with acertmgr
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port. This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port.
Finally, you need to setup the configuration files, as shown in the next section. Finally, you need to setup the configuration files, as shown in the next section.
While testing, you can use the acme-staging authority instead, so you avoid issuing too many certificates.
Configuration Configuration
------------- -------------
@ -50,6 +51,8 @@ mode: webdir
#mode: standalone #mode: standalone
#port: 13135 #port: 13135
webdir: /var/www/acme-challenge/ webdir: /var/www/acme-challenge/
authority: "https://acme-v01.api.letsencrypt.org"
#authority: "https://acme-staging.api.letsencrypt.org"
defaults: defaults:
cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem

2
acertmgr.py
View File

@ -96,7 +96,7 @@ def cert_get(domains, settings):
key = key_fd.read() key = key_fd.read()
key_fd.close() key_fd.close()
cr = acertmgr_ssl.cert_request(domains.split(), key) cr = acertmgr_ssl.cert_request(domains.split(), key)
crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir) crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir, settings['authority'])
with open(crt_file, "w") as crt_fd: with open(crt_file, "w") as crt_fd:
crt_fd.write(crt) crt_fd.write(crt)

5
acertmgr_ssl.py
View File

@ -22,9 +22,6 @@ try:
except ImportError: except ImportError:
from urllib2 import urlopen # Python 2 from urllib2 import urlopen # Python 2
DEFAULT_CA = "https://acme-staging.api.letsencrypt.org"
#DEFAULT_CA = "https://acme-v01.api.letsencrypt.org"
# @brief retrieve notBefore and notAfter dates of a certificate file # @brief retrieve notBefore and notAfter dates of a certificate file
# @param cert_file the path to the certificate # @param cert_file the path to the certificate
# @return the tuple of dates: (notBefore, notAfter) # @return the tuple of dates: (notBefore, notAfter)
@ -68,7 +65,7 @@ def base64_enc(b):
# @param CA which signing CA to use # @param CA which signing CA to use
# @return the certificate in PEM format # @return the certificate in PEM format
# @note algorithm and parts of the code are from acme-tiny # @note algorithm and parts of the code are from acme-tiny
def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA=DEFAULT_CA): def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA):
print("Reading account key...") print("Reading account key...")
with open(account_key_file) as f: with open(account_key_file) as f:
account_key_data = f.read() account_key_data = f.read()