Client

ACME client API.

class acme.client.ClientV2(directory: Directory, net: ClientNetwork)[source]

ACME client for a v2 API.

Variables
new_account(new_account: NewRegistration) RegistrationResource[source]

Register.

Parameters

new_account (.NewRegistration) –

Raises

.ConflictError – in case the account already exists

Returns

Registration Resource.

Return type

RegistrationResource

query_registration(regr: RegistrationResource) RegistrationResource[source]

Query server about registration.

Parameters

regr (messages.RegistrationResource) – Existing Registration Resource.

update_registration(regr: RegistrationResource, update: Optional[Registration] = None) RegistrationResource[source]

Update registration.

Parameters
Returns

Updated Registration Resource.

Return type

RegistrationResource

new_order(csr_pem: bytes) OrderResource[source]

Request a new Order object from the server.

Parameters

csr_pem (bytes) – A CSR in PEM format.

Returns

The newly created order.

Return type

OrderResource

poll(authzr: AuthorizationResource) Tuple[AuthorizationResource, Response][source]

Poll Authorization Resource for status.

Parameters

authzr (AuthorizationResource) – Authorization Resource

Returns

Updated Authorization Resource and HTTP response.

Return type

(AuthorizationResource, requests.Response)

poll_and_finalize(orderr: OrderResource, deadline: Optional[datetime] = None) OrderResource[source]

Poll authorizations and finalize the order.

If no deadline is provided, this method will timeout after 90 seconds.

Parameters
Returns

finalized order

Return type

messages.OrderResource

poll_authorizations(orderr: OrderResource, deadline: datetime) OrderResource[source]

Poll Order Resource for status.

finalize_order(orderr: OrderResource, deadline: datetime, fetch_alternative_chains: bool = False) OrderResource[source]

Finalize an order and obtain a certificate.

Parameters
Returns

finalized order

Return type

messages.OrderResource

revoke(cert: ComparableX509, rsn: int) None[source]

Revoke certificate.

Parameters
  • cert (.ComparableX509) – OpenSSL.crypto.X509 wrapped in ComparableX509

  • rsn (int) – Reason code for certificate revocation.

Raises

.ClientError – If revocation is unsuccessful.

external_account_required() bool[source]

Checks if ACME server requires External Account Binding authentication.

classmethod get_directory(url: str, net: ClientNetwork) Directory[source]

Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server. :param str url: the URL where the ACME directory is available :param ClientNetwork net: the ClientNetwork to use to make the request

Returns

the ACME directory object

Return type

messages.Directory

deactivate_registration(regr: RegistrationResource) RegistrationResource[source]

Deactivate registration.

Parameters

regr (messages.RegistrationResource) – The Registration Resource to be deactivated.

Returns

The Registration resource that was deactivated.

Return type

RegistrationResource

deactivate_authorization(authzr: AuthorizationResource) AuthorizationResource[source]

Deactivate authorization.

Parameters

authzr (messages.AuthorizationResource) – The Authorization resource to be deactivated.

Returns

The Authorization resource that was deactivated.

Return type

AuthorizationResource

answer_challenge(challb: ChallengeBody, response: ChallengeResponse) ChallengeResource[source]

Answer challenge.

Parameters
Returns

Challenge Resource with updated body.

Return type

ChallengeResource

Raises

.UnexpectedUpdate

classmethod retry_after(response: Response, default: int) datetime[source]

Compute next poll time based on response Retry-After header.

Handles integers and various datestring formats per https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37

Parameters
  • response (requests.Response) – Response from poll.

  • default (int) – Default value (in seconds), used when Retry-After header is not present or invalid.

Returns

Time point when next poll should be performed.

Return type

datetime.datetime

class acme.client.ClientNetwork(key: JWK, account: Optional[RegistrationResource] = None, alg: JWASignature = RS256, verify_ssl: bool = True, user_agent: str = 'acme-python', timeout: int = 45)[source]

Wrapper around requests that signs POSTs for authentication.

Also adds user agent, and handles Content-Type.

REPLAY_NONCE_HEADER = 'Replay-Nonce'

Initialize.

Parameters
  • key (josepy.JWK) – Account private key

  • account (messages.RegistrationResource) – Account object. Required if you are planning to use .post() for anything other than creating a new account; may be set later after registering.

  • alg (josepy.JWASignature) – Algorithm to use in signing JWS.

  • verify_ssl (bool) – Whether to verify certificates on SSL connections.

  • user_agent (str) – String to send as User-Agent header.

  • timeout (int) – Timeout for requests.

head(*args: Any, **kwargs: Any) Response[source]

Send HEAD request without checking the response.

Note, that _check_response is not called, as it is expected that status code other than successfully 2xx will be returned, or messages2.Error will be raised by the server.

get(url: str, content_type: str = 'application/json', **kwargs: Any) Response[source]

Send GET request and check response.

post(*args: Any, **kwargs: Any) Response[source]

POST object wrapped in JWS and check response.

If the server responded with a badNonce error, the request will be retried once.