diff options
author | Daniel Roesler <diafygi@gmail.com> | 2015-10-24 04:17:18 -0700 |
---|---|---|
committer | Daniel Roesler <diafygi@gmail.com> | 2015-10-24 04:17:18 -0700 |
commit | 97e9735764f9142703d25b37dc2db1a5d95cb8eb (patch) | |
tree | a8d4e2df055669beb4b9abdf3bc044d7235d26e6 /sign_csr.py | |
parent | faa9a1605e91c2ea0eb394d92e728f1a076dff73 (diff) |
updated REAME with beta status, new demo usage, and real cert!
Diffstat (limited to 'sign_csr.py')
-rw-r--r-- | sign_csr.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/sign_csr.py b/sign_csr.py index 44de722..85622a1 100644 --- a/sign_csr.py +++ b/sign_csr.py @@ -12,7 +12,8 @@ def sign_csr(pubkey, csr, email=None): :rtype: string """ - CA = "https://acme-staging.api.letsencrypt.org" + #CA = "https://acme-staging.api.letsencrypt.org" + CA = "https://acme-v01.api.letsencrypt.org" TERMS = "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" nonce_req = urllib2.Request("{}/directory".format(CA)) nonce_req.get_method = lambda : 'HEAD' @@ -337,7 +338,28 @@ sudo python -c "import BaseHTTPServer; \\ sys.stderr.write("\n") raise - # Step 13: Get the certificate signed + # Step 13: Wait for CA to mark test as valid + sys.stderr.write("Waiting for {} challenge to pass...\n".format(i['domain'])) + while True: + try: + resp = urllib2.urlopen(responses[n]['uri']) + challenge_status = json.loads(resp.read()) + except urllib2.HTTPError as e: + sys.stderr.write("Error: test_data:\n") + sys.stderr.write(test_data) + sys.stderr.write("\n") + sys.stderr.write(e.read()) + sys.stderr.write("\n") + raise + if challenge_status['status'] == "pending": + time.sleep(2) + elif challenge_status['status'] == "valid": + sys.stderr.write("Passed {} challenge!\n".format(i['domain'])) + break + else: + raise KeyError("'{}' challenge did not pass: {}".format(challenge_status)) + + # Step 14: Get the certificate signed sys.stderr.write("Requesting signature...\n") csr_file_sig.seek(0) csr_sig64 = _b64(csr_file_sig.read()) @@ -358,7 +380,7 @@ sudo python -c "import BaseHTTPServer; \\ sys.stderr.write("\n") raise - # Step 14: Convert the signed cert from DER to PEM + # Step 15: Convert the signed cert from DER to PEM sys.stderr.write("Certificate signed!\n") sys.stderr.write("You can stop running the python command on your server (Ctrl+C works).\n") signed_der64 = base64.b64encode(signed_der) |