summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsiddharth <s@ricketyspace.net>2021-04-18 19:42:20 -0400
committersiddharth <s@ricketyspace.net>2021-04-18 19:42:20 -0400
commit47f66710b381f6926f105795b24e976fdab9f35d (patch)
tree5da8a5f87af739ae61d3b19a921638f5b0c78e45
parent2e74a163664fadc0a1b8e3267055389c611d5539 (diff)
acmens.py: add --stage switch
* acmens.py (CA_PRD, CA_STG): New constants. (sign_csr): Add argument `ca_url`. (revoke_crt): Add argument `ca_url`. (main): Add handling for --stage switch.
-rw-r--r--acmens.py27
1 files changed, 17 insertions, 10 deletions
diff --git a/acmens.py b/acmens.py
index c9b51ae..943770f 100644
--- a/acmens.py
+++ b/acmens.py
@@ -14,11 +14,14 @@ from urllib.error import HTTPError
__version__ = "0.1.4"
+CA_PRD = "https://acme-v02.api.letsencrypt.org"
+CA_STG = "https://acme-staging-v02.api.letsencrypt.org"
-def sign_csr(account_key, csr, email=None, challenge_type="http"):
+def sign_csr(ca_url, account_key, csr, email=None, challenge_type="http"):
"""Use the ACME protocol to get an ssl certificate signed by a
certificate authority.
+ :param string ca_url: Let's Encrypt endpoint.
:param string account_key: Path to the user account key.
:param string csr: Path to the certificate signing request.
:param string email: An optional user account contact email
@@ -30,9 +33,7 @@ def sign_csr(account_key, csr, email=None, challenge_type="http"):
:rtype: string
"""
- # CA = "https://acme-staging-v02.api.letsencrypt.org"
- CA = "https://acme-v02.api.letsencrypt.org"
- DIRECTORY = json.loads(urlopen(CA + "/directory").read().decode("utf8"))
+ DIRECTORY = json.loads(urlopen(ca_url + "/directory").read().decode("utf8"))
def _b64(b):
"Shortcut function to go from bytes to jwt base64 string"
@@ -333,16 +334,15 @@ Notes:
return signed_pem
-def revoke_crt(account_key, crt):
+def revoke_crt(ca_url, account_key, crt):
"""Use the ACME protocol to revoke an ssl certificate signed by a
certificate authority.
+ :param string ca_url: Let's Encrypt endpoint.
:param string account_key: Path to your Let's Encrypt account private key.
:param string crt: Path to the signed certificate.
"""
- # CA = "https://acme-staging-v02.api.letsencrypt.org"
- CA = "https://acme-v02.api.letsencrypt.org"
- DIRECTORY = json.loads(urlopen(CA + "/directory").read().decode("utf8"))
+ DIRECTORY = json.loads(urlopen(ca_url + "/directory").read().decode("utf8"))
def _b64(b):
"Shortcut function to go from bytes to jwt base64 string"
@@ -516,6 +516,9 @@ $ acmens --revoke --account-key user.key --crt domain.crt
"--revoke", action="store_true", help="Revoke a signed certificate"
)
parser.add_argument(
+ "--stage", action="store_true", help="Use Let's Encrypt's staging endpoint"
+ )
+ parser.add_argument(
"-k",
"--account-key",
required=True,
@@ -544,11 +547,15 @@ $ acmens --revoke --account-key user.key --crt domain.crt
sys.stderr.write("Error: Path to signed cert required\n")
sys.exit(1)
+ ca_url = CA_PRD
+ if args.stage:
+ ca_url = CA_STG
+
if args.revoke:
- revoke_crt(args.account_key, args.crt)
+ revoke_crt(ca_url, args.account_key, args.crt)
else:
signed_crt = sign_csr(
- args.account_key, args.csr, email=args.email, challenge_type=args.challenge
+ ca_url, args.account_key, args.csr, email=args.email, challenge_type=args.challenge
)
sys.stdout.write(signed_crt)