========
certsign
========
A tiny ACME_ Python 2 & 3 client library with minimal dependencies. ACME is a
protocol for domain certificate verification and signing initiated by `Let's Encrypt`_.
This package is meant to be used as a library and also comes with command line scripts.
Installation
============
You can choose to either install it in your user's home directory or in the system directories.
This package depends on having the OpenSSL executable in the PATH.
Using pip
---------
To install it from PyPI_ using pip_ call::
pip install certsign
You can also install it from a code checkout using::
pip install .
Install to user home directory
------------------------------
With pip you can use the ``--user`` option to install it to your user's home directory::
pip install --user certsign
If you install to the user directory on Linux ``$HOME/.local/bin`` should be in your
``$PATH``-variable. On Linux you can add the following to ``.profile`` or ``.bashrc``
in your home directory, if ``$HOME/.local/bin`` is not already in you PATH.
.. code:: bash
# set PATH so it includes user's private .local/bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
The location for the scripts and the method to add it to the PATH is different for MacOS/OSX
and Windows.
Usage
=====
As a library
------------
Signing a Certificate Signing Request (CSR)
...........................................
This is the primary usage of this library:
.. code:: python
from certsign import client
account_key = 'acme_directory_account.key'
csr_file = 'your_domain.csr'
challenges_path = '/path/served/by/your/http/server'
account_email = 'you@example.com'
signed_cert = client.sign_csr(
account_key, csr_file, challenges_path, account_email=account_email
)
Creating a private key and a CSR
................................
.. code:: python
from certsign import crypto
privkey_path = '/tmp/privkey.pem'
csr_path = '/tmp/example.com.csr'
privkey = crypto.create_private_key(bits=2048)
with open(privkey_path, 'bw') as f:
f.write(privkey)
csr = crypto.create_csr(
privkey_path,
['example.com', 'www.example.com'],
openssl_conf='/etc/ssl/openssl.cnf'
)
with open(csr_path, 'bw') as f:
f.write(csr)
Command line
------------
certsign
........
For signing a Certificate Signing Request (CSR)::
certsign --account-key /path/to/account/key --csr /path/to/domain.csr \
--challenge-dir /path/served/by/your/http/server \
--account-email you@example.com
certsign-tool
.............
Create a private key::
certsign-tool privkey --bits=4096 --out=/path/to/privkey.pem
Create a CSR::
certsign-tool csr --privkey=/path/to/privkey.pem \
--out=/path/to/example.com.csr example.com www.example.com
View the CSR you just created::
certsign-tool view /path/to/example.com.csr
certsign-server
...............
A simple server to respond to ACME challenges::
certsign-server --challenge-dir /path/served/by/your/http/server \
--addr localhost \
--port 8000 \
--pidfile /tmp/certsign.pid &
To kill the server when finished:
.. code:: bash
if [ -f /tmp/certsign.pid ]; then
pkill -F /tmp/certsign.pid
fi
Development
===========
It is recommended that you create a Python 3 virtual environment using pyvenv_, and a Python 2
virtual environment using virtualenv_.
Go to the root of this project (where setup.py is located) and run the following commands:
- For Python 3: ``pyvenv venv-certsign-py3`` and
``source venv-certsign-py3/bin/activate`` to activate.
- For Python 2: ``virtualenv venv-certsign-py2`` and
``source venv-certsign-py2/bin/activate`` to activate.
Set up a development environment using the following command (with literal square brackets)::
pip install -e .[dev]
To run the test in your current environment::
python setup.py test
To run the tests for several Python versions::
tox
Release Process
===============
The release proccess is based on the official documentation for `distributing packages`_.
Create a `~/.pypirc`_ file to upload to The Python Package Index (PyPI)::
[distutils]
index-servers =
pypi
[pypi]
username: somepypiuser
password: somepassword
Create a bindary and a source release and use twine_ to upload the packages. Also sign the
packages using a gpg_ key::
python setup.py sdist bdist_wheel
twine upload -r pypi dist/*
.. _ACME: https://github.com/ietf-wg-acme/acme/
.. _Let's Encrypt: https://letsencrypt.org/
.. _PyPI: https://pypi.org/
.. _pip: https://pip.pypa.io/
.. _pyvenv: https://docs.python.org/3/library/venv.html
.. _virtualenv: http://docs.python-guide.org/en/latest/dev/virtualenvs/
.. _distributing packages: https://packaging.python.org/tutorials/distributing-packages/
.. _~/.pypirc: https://docs.python.org/3/distutils/packageindex.html#pypirc
.. _twine: https://github.com/pypa/twine
.. _gpg: https://gnupg.org/
Raw data
{
"_id": null,
"home_page": "https://github.com/unioslo/certsign",
"name": "certsign",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "acme letsencrypt",
"author": "Nils Fredrik Gjerull",
"author_email": "n.f.gjerull@usit.uio.no",
"download_url": "https://files.pythonhosted.org/packages/2e/7e/d341b73d5f3a385730bcb63b346553d3b19883d01446242f4b9b23681d55/certsign-0.4.1.tar.gz",
"platform": null,
"description": "========\ncertsign\n========\n\nA tiny ACME_ Python 2 & 3 client library with minimal dependencies. ACME is a\nprotocol for domain certificate verification and signing initiated by `Let's Encrypt`_.\nThis package is meant to be used as a library and also comes with command line scripts.\n\nInstallation\n============\n\nYou can choose to either install it in your user's home directory or in the system directories.\n\nThis package depends on having the OpenSSL executable in the PATH.\n\nUsing pip\n---------\n\nTo install it from PyPI_ using pip_ call::\n\n pip install certsign\n\nYou can also install it from a code checkout using::\n\n pip install .\n\nInstall to user home directory\n------------------------------\nWith pip you can use the ``--user`` option to install it to your user's home directory::\n\n pip install --user certsign\n\nIf you install to the user directory on Linux ``$HOME/.local/bin`` should be in your\n``$PATH``-variable. On Linux you can add the following to ``.profile`` or ``.bashrc``\nin your home directory, if ``$HOME/.local/bin`` is not already in you PATH.\n\n.. code:: bash\n\n # set PATH so it includes user's private .local/bin if it exists\n if [ -d \"$HOME/.local/bin\" ] ; then\n PATH=\"$HOME/.local/bin:$PATH\"\n fi\n\nThe location for the scripts and the method to add it to the PATH is different for MacOS/OSX\nand Windows.\n\nUsage\n=====\n\nAs a library\n------------\n\nSigning a Certificate Signing Request (CSR)\n...........................................\nThis is the primary usage of this library:\n\n.. code:: python\n\n from certsign import client\n account_key = 'acme_directory_account.key'\n csr_file = 'your_domain.csr'\n challenges_path = '/path/served/by/your/http/server'\n account_email = 'you@example.com'\n\n signed_cert = client.sign_csr(\n account_key, csr_file, challenges_path, account_email=account_email\n )\n\nCreating a private key and a CSR\n................................\n\n.. code:: python\n\n from certsign import crypto\n\n privkey_path = '/tmp/privkey.pem'\n csr_path = '/tmp/example.com.csr'\n\n privkey = crypto.create_private_key(bits=2048)\n with open(privkey_path, 'bw') as f:\n f.write(privkey)\n\n csr = crypto.create_csr(\n privkey_path,\n ['example.com', 'www.example.com'],\n openssl_conf='/etc/ssl/openssl.cnf'\n )\n with open(csr_path, 'bw') as f:\n f.write(csr)\n\nCommand line\n------------\n\ncertsign\n........\nFor signing a Certificate Signing Request (CSR)::\n\n certsign --account-key /path/to/account/key --csr /path/to/domain.csr \\\n --challenge-dir /path/served/by/your/http/server \\\n --account-email you@example.com\n\ncertsign-tool\n.............\nCreate a private key::\n\n certsign-tool privkey --bits=4096 --out=/path/to/privkey.pem\n\nCreate a CSR::\n\n certsign-tool csr --privkey=/path/to/privkey.pem \\\n --out=/path/to/example.com.csr example.com www.example.com\n\nView the CSR you just created::\n\n certsign-tool view /path/to/example.com.csr\n\ncertsign-server\n...............\nA simple server to respond to ACME challenges::\n\n certsign-server --challenge-dir /path/served/by/your/http/server \\\n --addr localhost \\\n --port 8000 \\\n --pidfile /tmp/certsign.pid &\n\nTo kill the server when finished:\n\n.. code:: bash\n\n if [ -f /tmp/certsign.pid ]; then\n pkill -F /tmp/certsign.pid\n fi\n\nDevelopment\n===========\n\nIt is recommended that you create a Python 3 virtual environment using pyvenv_, and a Python 2\nvirtual environment using virtualenv_.\n\nGo to the root of this project (where setup.py is located) and run the following commands:\n\n- For Python 3: ``pyvenv venv-certsign-py3`` and\n ``source venv-certsign-py3/bin/activate`` to activate.\n- For Python 2: ``virtualenv venv-certsign-py2`` and\n ``source venv-certsign-py2/bin/activate`` to activate.\n\nSet up a development environment using the following command (with literal square brackets)::\n\n pip install -e .[dev]\n\nTo run the test in your current environment::\n\n python setup.py test\n\nTo run the tests for several Python versions::\n\n tox\n\n\nRelease Process\n===============\n\nThe release proccess is based on the official documentation for `distributing packages`_.\n\nCreate a `~/.pypirc`_ file to upload to The Python Package Index (PyPI)::\n\n [distutils]\n index-servers =\n pypi\n\n [pypi]\n username: somepypiuser\n password: somepassword\n\nCreate a bindary and a source release and use twine_ to upload the packages. Also sign the\npackages using a gpg_ key::\n\n python setup.py sdist bdist_wheel\n twine upload -r pypi dist/*\n\n.. _ACME: https://github.com/ietf-wg-acme/acme/\n.. _Let's Encrypt: https://letsencrypt.org/\n.. _PyPI: https://pypi.org/\n.. _pip: https://pip.pypa.io/\n.. _pyvenv: https://docs.python.org/3/library/venv.html\n.. _virtualenv: http://docs.python-guide.org/en/latest/dev/virtualenvs/\n.. _distributing packages: https://packaging.python.org/tutorials/distributing-packages/\n.. _~/.pypirc: https://docs.python.org/3/distutils/packageindex.html#pypirc\n.. _twine: https://github.com/pypa/twine\n.. _gpg: https://gnupg.org/\n\n\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "A tiny ACME (Let's Encrypt) Python 2 & 3 client library with minimal dependencies",
"version": "0.4.1",
"project_urls": {
"Homepage": "https://github.com/unioslo/certsign"
},
"split_keywords": [
"acme",
"letsencrypt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0a6cc321a544fcb22ebbbb541f5045d46d7d3437fed084dbaae2bea14d7d2fa5",
"md5": "8f7f63c1da73126df46d0b544bf4e268",
"sha256": "42cdfda1fade4a781272007ef3dbfee7e0b697b47965b4f21a6cd877ce77637d"
},
"downloads": -1,
"filename": "certsign-0.4.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "8f7f63c1da73126df46d0b544bf4e268",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 13346,
"upload_time": "2023-09-15T13:42:04",
"upload_time_iso_8601": "2023-09-15T13:42:04.719696Z",
"url": "https://files.pythonhosted.org/packages/0a/6c/c321a544fcb22ebbbb541f5045d46d7d3437fed084dbaae2bea14d7d2fa5/certsign-0.4.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2e7ed341b73d5f3a385730bcb63b346553d3b19883d01446242f4b9b23681d55",
"md5": "91cd1e64708026fdd3f02f92bdbad7d6",
"sha256": "ad60453602b008fd2968d8c3aa25f44f66f713d8efd30b3b32e1da995a0ad1da"
},
"downloads": -1,
"filename": "certsign-0.4.1.tar.gz",
"has_sig": false,
"md5_digest": "91cd1e64708026fdd3f02f92bdbad7d6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14237,
"upload_time": "2023-09-15T13:42:06",
"upload_time_iso_8601": "2023-09-15T13:42:06.866760Z",
"url": "https://files.pythonhosted.org/packages/2e/7e/d341b73d5f3a385730bcb63b346553d3b19883d01446242f4b9b23681d55/certsign-0.4.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-15 13:42:06",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "unioslo",
"github_project": "certsign",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"tox": true,
"lcname": "certsign"
}
JSON
