Client¶
ACME client API.
- class acme.client.ClientV2(directory: Directory, net: ClientNetwork)[source]¶
ACME client for a v2 API.
- Variables
directory (messages.Directory) –
net (.ClientNetwork) – Client network.
- new_account(new_account: NewRegistration) RegistrationResource [source]¶
Register.
- Parameters
new_account (.NewRegistration) –
- Raises
.ConflictError – in case the account already exists
- Returns
Registration Resource.
- Return type
- query_registration(regr: RegistrationResource) RegistrationResource [source]¶
Query server about registration.
- Parameters
regr (messages.RegistrationResource) – Existing Registration Resource.
- update_registration(regr: RegistrationResource, update: Optional[Registration] = None) RegistrationResource [source]¶
Update registration.
- Parameters
regr (messages.RegistrationResource) – Registration Resource.
update (messages.Registration) – Updated body of the resource. If not provided, body will be taken from
regr
.
- Returns
Updated Registration Resource.
- Return type
- new_order(csr_pem: bytes) OrderResource [source]¶
Request a new Order object from the server.
- Parameters
csr_pem (bytes) – A CSR in PEM format.
- Returns
The newly created order.
- Return type
- poll(authzr: AuthorizationResource) Tuple[AuthorizationResource, Response] [source]¶
Poll Authorization Resource for status.
- Parameters
authzr (
AuthorizationResource
) – Authorization Resource- Returns
Updated Authorization Resource and HTTP response.
- Return type
(
AuthorizationResource
,requests.Response
)
- poll_and_finalize(orderr: OrderResource, deadline: Optional[datetime] = None) OrderResource [source]¶
Poll authorizations and finalize the order.
If no deadline is provided, this method will timeout after 90 seconds.
- Parameters
orderr (messages.OrderResource) – order to finalize
deadline (datetime.datetime) – when to stop polling and timeout
- Returns
finalized order
- Return type
- poll_authorizations(orderr: OrderResource, deadline: datetime) OrderResource [source]¶
Poll Order Resource for status.
- finalize_order(orderr: OrderResource, deadline: datetime, fetch_alternative_chains: bool = False) OrderResource [source]¶
Finalize an order and obtain a certificate.
- Parameters
orderr (messages.OrderResource) – order to finalize
deadline (datetime.datetime) – when to stop polling and timeout
fetch_alternative_chains (bool) – whether to also fetch alternative certificate chains
- Returns
finalized order
- Return type
- revoke(cert: ComparableX509, rsn: int) None [source]¶
Revoke certificate.
- Parameters
cert (.ComparableX509) –
OpenSSL.crypto.X509
wrapped inComparableX509
rsn (int) – Reason code for certificate revocation.
- Raises
.ClientError – If revocation is unsuccessful.
- external_account_required() bool [source]¶
Checks if ACME server requires External Account Binding authentication.
- classmethod get_directory(url: str, net: ClientNetwork) Directory [source]¶
Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server. :param str url: the URL where the ACME directory is available :param ClientNetwork net: the ClientNetwork to use to make the request
- Returns
the ACME directory object
- Return type
- deactivate_registration(regr: RegistrationResource) RegistrationResource [source]¶
Deactivate registration.
- Parameters
regr (messages.RegistrationResource) – The Registration Resource to be deactivated.
- Returns
The Registration resource that was deactivated.
- Return type
- deactivate_authorization(authzr: AuthorizationResource) AuthorizationResource [source]¶
Deactivate authorization.
- Parameters
authzr (messages.AuthorizationResource) – The Authorization resource to be deactivated.
- Returns
The Authorization resource that was deactivated.
- Return type
- answer_challenge(challb: ChallengeBody, response: ChallengeResponse) ChallengeResource [source]¶
Answer challenge.
- Parameters
challb (
ChallengeBody
) – Challenge Resource body.response (
challenges.ChallengeResponse
) – Corresponding Challenge response
- Returns
Challenge Resource with updated body.
- Return type
- Raises
.UnexpectedUpdate –
- classmethod retry_after(response: Response, default: int) datetime [source]¶
Compute next
poll
time based on responseRetry-After
header.Handles integers and various datestring formats per https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37
- class acme.client.ClientNetwork(key: JWK, account: Optional[RegistrationResource] = None, alg: JWASignature = RS256, verify_ssl: bool = True, user_agent: str = 'acme-python', timeout: int = 45)[source]¶
Wrapper around requests that signs POSTs for authentication.
Also adds user agent, and handles Content-Type.
- REPLAY_NONCE_HEADER = 'Replay-Nonce'¶
Initialize.
- Parameters
key (josepy.JWK) – Account private key
account (messages.RegistrationResource) – Account object. Required if you are planning to use .post() for anything other than creating a new account; may be set later after registering.
alg (josepy.JWASignature) – Algorithm to use in signing JWS.
verify_ssl (bool) – Whether to verify certificates on SSL connections.
user_agent (str) – String to send as User-Agent header.
timeout (int) – Timeout for requests.
- head(*args: Any, **kwargs: Any) Response [source]¶
Send HEAD request without checking the response.
Note, that
_check_response
is not called, as it is expected that status code other than successfully 2xx will be returned, or messages2.Error will be raised by the server.