mirror of
https://github.com/moepman/acertmgr.git
synced 2025-01-07 18:25:25 +01:00
Make it a configuration option which ACME authority is used
This commit is contained in:
parent
72ec05cd8e
commit
321462eb44
@ -34,6 +34,7 @@ Thirdly, you should decide which challenge mode you want to use with acertmgr
|
|||||||
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port.
|
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port.
|
||||||
|
|
||||||
Finally, you need to setup the configuration files, as shown in the next section.
|
Finally, you need to setup the configuration files, as shown in the next section.
|
||||||
|
While testing, you can use the acme-staging authority instead, so you avoid issuing too many certificates.
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
-------------
|
-------------
|
||||||
@ -50,6 +51,8 @@ mode: webdir
|
|||||||
#mode: standalone
|
#mode: standalone
|
||||||
#port: 13135
|
#port: 13135
|
||||||
webdir: /var/www/acme-challenge/
|
webdir: /var/www/acme-challenge/
|
||||||
|
authority: "https://acme-v01.api.letsencrypt.org"
|
||||||
|
#authority: "https://acme-staging.api.letsencrypt.org"
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem
|
cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem
|
||||||
|
@ -96,7 +96,7 @@ def cert_get(domains, settings):
|
|||||||
key = key_fd.read()
|
key = key_fd.read()
|
||||||
key_fd.close()
|
key_fd.close()
|
||||||
cr = acertmgr_ssl.cert_request(domains.split(), key)
|
cr = acertmgr_ssl.cert_request(domains.split(), key)
|
||||||
crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir)
|
crt = acertmgr_ssl.get_crt_from_csr(acc_file, cr, domains.split(), challenge_dir, settings['authority'])
|
||||||
with open(crt_file, "w") as crt_fd:
|
with open(crt_file, "w") as crt_fd:
|
||||||
crt_fd.write(crt)
|
crt_fd.write(crt)
|
||||||
|
|
||||||
|
@ -22,9 +22,6 @@ try:
|
|||||||
except ImportError:
|
except ImportError:
|
||||||
from urllib2 import urlopen # Python 2
|
from urllib2 import urlopen # Python 2
|
||||||
|
|
||||||
DEFAULT_CA = "https://acme-staging.api.letsencrypt.org"
|
|
||||||
#DEFAULT_CA = "https://acme-v01.api.letsencrypt.org"
|
|
||||||
|
|
||||||
# @brief retrieve notBefore and notAfter dates of a certificate file
|
# @brief retrieve notBefore and notAfter dates of a certificate file
|
||||||
# @param cert_file the path to the certificate
|
# @param cert_file the path to the certificate
|
||||||
# @return the tuple of dates: (notBefore, notAfter)
|
# @return the tuple of dates: (notBefore, notAfter)
|
||||||
@ -68,7 +65,7 @@ def base64_enc(b):
|
|||||||
# @param CA which signing CA to use
|
# @param CA which signing CA to use
|
||||||
# @return the certificate in PEM format
|
# @return the certificate in PEM format
|
||||||
# @note algorithm and parts of the code are from acme-tiny
|
# @note algorithm and parts of the code are from acme-tiny
|
||||||
def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA=DEFAULT_CA):
|
def get_crt_from_csr(account_key_file, csr, domains, acme_dir, CA):
|
||||||
print("Reading account key...")
|
print("Reading account key...")
|
||||||
with open(account_key_file) as f:
|
with open(account_key_file) as f:
|
||||||
account_key_data = f.read()
|
account_key_data = f.read()
|
||||||
|
Loading…
Reference in New Issue
Block a user