Client

ACME client API.

class acme.client.ClientV2(directory: Directory, net: ClientNetwork)[source]

ACME client for a v2 API.

Variables:
new_account(new_account: NewRegistration) RegistrationResource[source]

Register.

Parameters:

new_account (.NewRegistration) –

Raises:

.ConflictError – in case the account already exists

Returns:

Registration Resource.

Return type:

RegistrationResource

query_registration(regr: RegistrationResource) RegistrationResource[source]

Query server about registration.

Parameters:

regr (messages.RegistrationResource) – Existing Registration Resource.

update_registration(regr: RegistrationResource, update: Registration | None = None) RegistrationResource[source]

Update registration.

Parameters:
Returns:

Updated Registration Resource.

Return type:

RegistrationResource

new_order(csr_pem: bytes) OrderResource[source]

Request a new Order object from the server.

Parameters:

csr_pem (bytes) – A CSR in PEM format.

Returns:

The newly created order.

Return type:

OrderResource

poll(authzr: AuthorizationResource) Tuple[AuthorizationResource, Response][source]

Poll Authorization Resource for status.

Parameters:

authzr (AuthorizationResource) – Authorization Resource

Returns:

Updated Authorization Resource and HTTP response.

Return type:

(AuthorizationResource, requests.Response)

poll_and_finalize(orderr: OrderResource, deadline: datetime | None = None) OrderResource[source]

Poll authorizations and finalize the order.

If no deadline is provided, this method will timeout after 90 seconds.

Parameters:
Returns:

finalized order

Return type:

messages.OrderResource

poll_authorizations(orderr: OrderResource, deadline: datetime) OrderResource[source]

Poll Order Resource for status.

begin_finalization(orderr: OrderResource) OrderResource[source]

Start the process of finalizing an order.

Parameters:
Returns:

updated order

Return type:

messages.OrderResource

poll_finalization(orderr: OrderResource, deadline: datetime, fetch_alternative_chains: bool = False) OrderResource[source]

Poll an order that has been finalized for its status. If it becomes valid, obtain the certificate.

Returns:

finalized order (with certificate)

Return type:

messages.OrderResource

finalize_order(orderr: OrderResource, deadline: datetime, fetch_alternative_chains: bool = False) OrderResource[source]

Finalize an order and obtain a certificate.

Parameters:
Returns:

finalized order

Return type:

messages.OrderResource

revoke(cert: ComparableX509, rsn: int) None[source]

Revoke certificate.

Parameters:
  • cert (.ComparableX509) – OpenSSL.crypto.X509 wrapped in ComparableX509

  • rsn (int) – Reason code for certificate revocation.

Raises:

.ClientError – If revocation is unsuccessful.

external_account_required() bool[source]

Checks if ACME server requires External Account Binding authentication.

classmethod get_directory(url: str, net: ClientNetwork) Directory[source]

Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server. :param str url: the URL where the ACME directory is available :param ClientNetwork net: the ClientNetwork to use to make the request

Returns:

the ACME directory object

Return type:

messages.Directory

deactivate_registration(regr: RegistrationResource) RegistrationResource[source]

Deactivate registration.

Parameters:

regr (messages.RegistrationResource) – The Registration Resource to be deactivated.

Returns:

The Registration resource that was deactivated.

Return type:

RegistrationResource

deactivate_authorization(authzr: AuthorizationResource) AuthorizationResource[source]

Deactivate authorization.

Parameters:

authzr (messages.AuthorizationResource) – The Authorization resource to be deactivated.

Returns:

The Authorization resource that was deactivated.

Return type:

AuthorizationResource

answer_challenge(challb: ChallengeBody, response: ChallengeResponse) ChallengeResource[source]

Answer challenge.

Parameters:
Returns:

Challenge Resource with updated body.

Return type:

ChallengeResource

Raises:

.UnexpectedUpdate

classmethod retry_after(response: Response, default: int) datetime[source]

Compute next poll time based on response Retry-After header.

Handles integers and various datestring formats per https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37

Parameters:
  • response (requests.Response) – Response from poll.

  • default (int) – Default value (in seconds), used when Retry-After header is not present or invalid.

Returns:

Time point when next poll should be performed.

Return type:

datetime.datetime

class acme.client.ClientNetwork(key: JWK, account: RegistrationResource | None = None, alg: JWASignature = RS256, verify_ssl: bool = True, user_agent: str = 'acme-python', timeout: int = 45)[source]

Wrapper around requests that signs POSTs for authentication.

Also adds user agent, and handles Content-Type.

REPLAY_NONCE_HEADER = 'Replay-Nonce'

Initialize.

Parameters:
  • key (josepy.JWK) – Account private key

  • account (messages.RegistrationResource) – Account object. Required if you are planning to use .post() for anything other than creating a new account; may be set later after registering.

  • alg (josepy.JWASignature) – Algorithm to use in signing JWS.

  • verify_ssl (bool) – Whether to verify certificates on SSL connections.

  • user_agent (str) – String to send as User-Agent header.

  • timeout (int) – Timeout for requests.

head(*args: Any, **kwargs: Any) Response[source]

Send HEAD request without checking the response.

Note, that _check_response is not called, as it is expected that status code other than successfully 2xx will be returned, or messages2.Error will be raised by the server.

get(url: str, content_type: str = 'application/json', **kwargs: Any) Response[source]

Send GET request and check response.

post(*args: Any, **kwargs: Any) Response[source]

POST object wrapped in JWS and check response.

If the server responded with a badNonce error, the request will be retried once.