.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "ACME-PYTHON" "1" "Apr 06, 2024" "0" "acme-python" .SH NAME acme-python \- acme-python Documentation .sp Contents: .SH API DOCUMENTATION .SS Challenges .sp ACME Identifier Validation Challenges. .INDENT 0.0 .TP .B class acme.challenges.Challenge(**kwargs: \fI\%Any\fP) ACME challenge. .INDENT 7.0 .TP .B TYPES: \fI\%Dict\fP[\fI\%str\fP, \fI\%Type\fP[\fI\%Challenge\fP]] = {\(aqdns\(aq: , \(aqdns\-01\(aq: , \(aqhttp\-01\(aq: , \(aqtls\-alpn\-01\(aq: } Types registered for JSON deserialization .UNINDENT .INDENT 7.0 .TP .B classmethod from_json(jobj: \fI\%Mapping\fP[\fI\%str\fP, \fI\%Any\fP]) -> GenericChallenge | \fI\%UnrecognizedChallenge\fP Deserialize ACME object from valid JSON object. .INDENT 7.0 .TP .B Raises \fI\%josepy.errors.UnrecognizedTypeError\fP \-\- if type of the ACME object has not been registered. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.ChallengeResponse(**kwargs: \fI\%Any\fP) ACME challenge response. .INDENT 7.0 .TP .B TYPES: \fI\%Dict\fP[\fI\%str\fP, \fI\%Type\fP[\fI\%ChallengeResponse\fP]] = {\(aqdns\(aq: , \(aqdns\-01\(aq: , \(aqhttp\-01\(aq: , \(aqtls\-alpn\-01\(aq: } Types registered for JSON deserialization .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Get JSON serializable object. .INDENT 7.0 .TP .B Returns Serializable JSON object representing ACME typed object. \fBvalidate()\fP will almost certainly not work, due to reasons explained in \fBjosepy.interfaces.IJSONSerializable\fP\&. .TP .B Return type \fI\%dict\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.UnrecognizedChallenge(jobj: \fI\%Mapping\fP[\fI\%str\fP, \fI\%Any\fP]) Unrecognized challenge. .sp ACME specification defines a generic framework for challenges and defines some standard challenges that are implemented in this module. However, other implementations (including peers) might define additional challenge types, which should be ignored if unrecognized. .INDENT 7.0 .TP .B Variables \fBjobj\fP \-\- Original JSON decoded object. .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Get JSON serializable object. .INDENT 7.0 .TP .B Returns Serializable JSON object representing ACME typed object. \fBvalidate()\fP will almost certainly not work, due to reasons explained in \fBjosepy.interfaces.IJSONSerializable\fP\&. .TP .B Return type \fI\%dict\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod from_json(jobj: \fI\%Mapping\fP[\fI\%str\fP, \fI\%Any\fP]) -> \fI\%UnrecognizedChallenge\fP Deserialize ACME object from valid JSON object. .INDENT 7.0 .TP .B Raises \fI\%josepy.errors.UnrecognizedTypeError\fP \-\- if type of the ACME object has not been registered. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.KeyAuthorizationChallengeResponse(**kwargs: \fI\%Any\fP) Response to Challenges based on Key Authorization. .INDENT 7.0 .TP .B Parameters \fBkey_authorization\fP (\fI\%str\fP) \-\- .UNINDENT .INDENT 7.0 .TP .B verify(chall: \fI\%KeyAuthorizationChallenge\fP, account_public_key: \fI\%JWK\fP) -> \fI\%bool\fP Verify the key authorization. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchall\fP (\fIKeyAuthorization\fP) \-\- Challenge that corresponds to this response. .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- .UNINDENT .TP .B Returns \fBTrue\fP iff verification of the key authorization was successful. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Get JSON serializable object. .INDENT 7.0 .TP .B Returns Serializable JSON object representing ACME typed object. \fBvalidate()\fP will almost certainly not work, due to reasons explained in \fBjosepy.interfaces.IJSONSerializable\fP\&. .TP .B Return type \fI\%dict\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.KeyAuthorizationChallenge(**kwargs: \fI\%Any\fP) Challenge based on Key Authorization. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBresponse_cls\fP \-\- Subclass of \fI\%KeyAuthorizationChallengeResponse\fP that will be used to generate \fBresponse\fP\&. .IP \(bu 2 \fBtyp\fP (\fI\%str\fP) \-\- type of the challenge .UNINDENT .UNINDENT .INDENT 7.0 .TP .B typ: \fI\%str\fP = NotImplemented Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B key_authorization(account_key: \fI\%JWK\fP) -> \fI\%str\fP Generate Key Authorization. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Rtype str .UNINDENT .UNINDENT .INDENT 7.0 .TP .B response(account_key: \fI\%JWK\fP) -> \fI\%KeyAuthorizationChallengeResponse\fP Generate response to the challenge. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Returns Response (initialized \fBresponse_cls\fP) to the challenge. .TP .B Return type \fI\%KeyAuthorizationChallengeResponse\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B abstract validation(account_key: \fI\%JWK\fP, **kwargs: \fI\%Any\fP) -> \fI\%Any\fP Generate validation for the challenge. .sp Subclasses must implement this method, but they are likely to return completely different data structures, depending on what\(aqs necessary to complete the challenge. Interpretation of that return value must be known to the caller. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Returns Challenge\-specific validation. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B response_and_validation(account_key: \fI\%JWK\fP, *args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) -> \fI\%Tuple\fP[\fI\%KeyAuthorizationChallengeResponse\fP, \fI\%Any\fP] Generate response and validation. .sp Convenience function that return results of \fI\%response\fP and \fI\%validation\fP\&. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Return type \fI\%tuple\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.DNS01Response(**kwargs: \fI\%Any\fP) ACME dns\-01 challenge response. .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqdns\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B simple_verify(chall: \fI\%DNS01\fP, domain: \fI\%str\fP, account_public_key: \fI\%JWK\fP) -> \fI\%bool\fP Simple verify. .sp This method no longer checks DNS records and is a simple wrapper around \fI\%KeyAuthorizationChallengeResponse.verify\fP\&. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchall\fP (\fI\%challenges.DNS01\fP) \-\- Corresponding challenge. .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain name being verified. .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- Public key for the key pair being authorized. .UNINDENT .TP .B Returns \fBTrue\fP iff verification of the key authorization was successful. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.DNS01(**kwargs: \fI\%Any\fP) ACME dns\-01 challenge. .INDENT 7.0 .TP .B response_cls alias of \fI\%DNS01Response\fP .UNINDENT .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqdns\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B LABEL = \(aq_acme\-challenge\(aq Label clients prepend to the domain name being validated. .UNINDENT .INDENT 7.0 .TP .B validation(account_key: \fI\%JWK\fP, **unused_kwargs: \fI\%Any\fP) -> \fI\%str\fP Generate validation. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B validation_domain_name(name: \fI\%str\fP) -> \fI\%str\fP Domain name for TXT validation record. .INDENT 7.0 .TP .B Parameters \fBname\fP (\fI\%str\fP) \-\- Domain name being validated. .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.HTTP01Response(**kwargs: \fI\%Any\fP) ACME http\-01 challenge response. .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqhttp\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B PORT = 80 Verification port as defined by the protocol. .sp You can override it (e.g. for testing) by passing \fBport\fP to \fI\%simple_verify\fP\&. .UNINDENT .INDENT 7.0 .TP .B WHITESPACE_CUTSET = \(aq\en\er\et \(aq Whitespace characters which should be ignored at the end of the body. .UNINDENT .INDENT 7.0 .TP .B simple_verify(chall: \fI\%HTTP01\fP, domain: \fI\%str\fP, account_public_key: \fI\%JWK\fP, port: \fI\%int\fP | \fI\%None\fP = None, timeout: \fI\%int\fP = 30) -> \fI\%bool\fP Simple verify. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchall\fP (\fIchallenges.SimpleHTTP\fP) \-\- Corresponding challenge. .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain name being verified. .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- Public key for the key pair being authorized. .IP \(bu 2 \fBport\fP (\fI\%int\fP) \-\- Port used in the validation. .IP \(bu 2 \fBtimeout\fP (\fI\%int\fP) \-\- Timeout in seconds. .UNINDENT .TP .B Returns \fBTrue\fP iff validation with the files currently served by the HTTP server is successful. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.HTTP01(**kwargs: \fI\%Any\fP) ACME http\-01 challenge. .INDENT 7.0 .TP .B response_cls alias of \fI\%HTTP01Response\fP .UNINDENT .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqhttp\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B URI_ROOT_PATH = \(aq.well\-known/acme\-challenge\(aq URI root path for the server provisioned resource. .UNINDENT .INDENT 7.0 .TP .B property path: \fI\%str\fP Path (starting with \(aq/\(aq) for provisioned resource. .INDENT 7.0 .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B uri(domain: \fI\%str\fP) -> \fI\%str\fP Create an URI to the provisioned resource. .sp Forms an URI to the HTTPS server provisioned resource (containing \fBtoken\fP). .INDENT 7.0 .TP .B Parameters \fBdomain\fP (\fI\%str\fP) \-\- Domain name being verified. .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B validation(account_key: \fI\%JWK\fP, **unused_kwargs: \fI\%Any\fP) -> \fI\%str\fP Generate validation. .INDENT 7.0 .TP .B Parameters \fBaccount_key\fP (\fIJWK\fP) \-\- .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.TLSALPN01Response(**kwargs: \fI\%Any\fP) ACME tls\-alpn\-01 challenge response. .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqtls\-alpn\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B PORT = 443 Verification port as defined by the protocol. .sp You can override it (e.g. for testing) by passing \fBport\fP to \fI\%simple_verify\fP\&. .UNINDENT .INDENT 7.0 .TP .B property h: \fI\%bytes\fP Hash value stored in challenge certificate .UNINDENT .INDENT 7.0 .TP .B gen_cert(domain: \fI\%str\fP, key: PKey | \fI\%None\fP = None, bits: \fI\%int\fP = 2048) -> \fI\%Tuple\fP[X509, PKey] Generate tls\-alpn\-01 certificate. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain verified by the challenge. .IP \(bu 2 \fBkey\fP (\fIOpenSSL.crypto.PKey\fP) \-\- Optional private key used in certificate generation. If not provided (\fBNone\fP), then fresh key will be generated. .IP \(bu 2 \fBbits\fP (\fI\%int\fP) \-\- Number of bits for newly generated key. .UNINDENT .TP .B Return type \fI\%tuple\fP of \fBOpenSSL.crypto.X509\fP and \fBOpenSSL.crypto.PKey\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B probe_cert(domain: \fI\%str\fP, host: \fI\%str\fP | \fI\%None\fP = None, port: \fI\%int\fP | \fI\%None\fP = None) -> X509 Probe tls\-alpn\-01 challenge certificate. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- domain being validated, required. .IP \(bu 2 \fBhost\fP (\fI\%str\fP) \-\- IP address used to probe the certificate. .IP \(bu 2 \fBport\fP (\fI\%int\fP) \-\- Port used to probe the certificate. .UNINDENT .UNINDENT .UNINDENT .INDENT 7.0 .TP .B verify_cert(domain: \fI\%str\fP, cert: X509) -> \fI\%bool\fP Verify tls\-alpn\-01 challenge certificate. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain name being validated. .IP \(bu 2 \fBcert\fP (\fIOpensSSL.crypto.X509\fP) \-\- Challenge certificate. .UNINDENT .TP .B Returns Whether the certificate was successfully verified. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B simple_verify(chall: \fI\%TLSALPN01\fP, domain: \fI\%str\fP, account_public_key: \fI\%JWK\fP, cert: X509 | \fI\%None\fP = None, host: \fI\%str\fP | \fI\%None\fP = None, port: \fI\%int\fP | \fI\%None\fP = None) -> \fI\%bool\fP Simple verify. .sp Verify \fBvalidation\fP using \fBaccount_public_key\fP, optionally probe tls\-alpn\-01 certificate and check using \fI\%verify_cert\fP\&. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchall\fP (\fI\&.challenges.TLSALPN01\fP) \-\- Corresponding challenge. .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain name being validated. .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- .IP \(bu 2 \fBcert\fP (\fIOpenSSL.crypto.X509\fP) \-\- Optional certificate. If not provided (\fBNone\fP) certificate will be retrieved using \fI\%probe_cert\fP\&. .IP \(bu 2 \fBhost\fP (\fIstring\fP) \-\- IP address used to probe the certificate. .IP \(bu 2 \fBport\fP (\fI\%int\fP) \-\- Port used to probe the certificate. .UNINDENT .TP .B Returns \fBTrue\fP if and only if client\(aqs control of the domain has been verified. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.TLSALPN01(**kwargs: \fI\%Any\fP) ACME tls\-alpn\-01 challenge. .INDENT 7.0 .TP .B response_cls alias of \fI\%TLSALPN01Response\fP .UNINDENT .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqtls\-alpn\-01\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B validation(account_key: \fI\%JWK\fP, **kwargs: \fI\%Any\fP) -> \fI\%Tuple\fP[X509, PKey] Generate validation. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBaccount_key\fP (\fIJWK\fP) \-\- .IP \(bu 2 \fBdomain\fP (\fI\%str\fP) \-\- Domain verified by the challenge. .IP \(bu 2 \fBcert_key\fP (\fIOpenSSL.crypto.PKey\fP) \-\- Optional private key used in certificate generation. If not provided (\fBNone\fP), then fresh key will be generated. .UNINDENT .TP .B Return type \fI\%tuple\fP of \fBOpenSSL.crypto.X509\fP and \fBOpenSSL.crypto.PKey\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B static is_supported() -> \fI\%bool\fP Check if TLS\-ALPN\-01 challenge is supported on this machine. This implies that a recent version of OpenSSL is installed (>= 1.0.2), or a recent cryptography version shipped with the OpenSSL library is installed. .INDENT 7.0 .TP .B Returns \fBTrue\fP if TLS\-ALPN\-01 is supported on this machine, \fBFalse\fP otherwise. .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.DNS(**kwargs: \fI\%Any\fP) ACME \(dqdns\(dq challenge. .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqdns\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B LABEL = \(aq_acme\-challenge\(aq Label clients prepend to the domain name being validated. .UNINDENT .INDENT 7.0 .TP .B gen_validation(account_key: \fI\%JWK\fP, alg: \fI\%JWASignature\fP = RS256, **kwargs: \fI\%Any\fP) -> \fI\%JWS\fP Generate validation. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBaccount_key\fP (\fI\&.JWK\fP) \-\- Private account key. .IP \(bu 2 \fBalg\fP (\fI\&.JWA\fP) \-\- .UNINDENT .TP .B Returns This challenge wrapped in \fBJWS\fP .TP .B Return type \&.JWS .UNINDENT .UNINDENT .INDENT 7.0 .TP .B check_validation(validation: \fI\%JWS\fP, account_public_key: \fI\%JWK\fP) -> \fI\%bool\fP Check validation. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBvalidation\fP (\fIJWS\fP) \-\- .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- .UNINDENT .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B gen_response(account_key: \fI\%JWK\fP, **kwargs: \fI\%Any\fP) -> \fI\%DNSResponse\fP Generate response. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBaccount_key\fP (\fI\&.JWK\fP) \-\- Private account key. .IP \(bu 2 \fBalg\fP (\fI\&.JWA\fP) \-\- .UNINDENT .TP .B Return type \fI\%DNSResponse\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B validation_domain_name(name: \fI\%str\fP) -> \fI\%str\fP Domain name for TXT validation record. .INDENT 7.0 .TP .B Parameters \fBname\fP (\fI\%str\fP) \-\- Domain name being validated. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.challenges.DNSResponse(**kwargs: \fI\%Any\fP) ACME \(dqdns\(dq challenge response. .INDENT 7.0 .TP .B Parameters \fBvalidation\fP (\fIJWS\fP) \-\- .UNINDENT .INDENT 7.0 .TP .B typ: \fI\%str\fP = \(aqdns\(aq Type of the object. Subclasses must override. .UNINDENT .INDENT 7.0 .TP .B check_validation(chall: \fI\%DNS\fP, account_public_key: \fI\%JWK\fP) -> \fI\%bool\fP Check validation. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchall\fP (\fI\%challenges.DNS\fP) \-\- .IP \(bu 2 \fBaccount_public_key\fP (\fIJWK\fP) \-\- .UNINDENT .TP .B Return type \fI\%bool\fP .UNINDENT .UNINDENT .UNINDENT .SS Client .sp ACME client API. .INDENT 0.0 .TP .B class acme.client.ClientV2(directory: \fI\%Directory\fP, net: \fI\%ClientNetwork\fP) ACME client for a v2 API. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBdirectory\fP (\fI\%messages.Directory\fP) \-\- .IP \(bu 2 \fBnet\fP (\fI\&.ClientNetwork\fP) \-\- Client network. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B new_account(new_account: \fI\%NewRegistration\fP) -> \fI\%RegistrationResource\fP Register. .INDENT 7.0 .TP .B Parameters \fBnew_account\fP (\fI\&.NewRegistration\fP) \-\- .TP .B Raises \fB\&.ConflictError\fP \-\- in case the account already exists .TP .B Returns Registration Resource. .TP .B Return type \fI\%RegistrationResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B query_registration(regr: \fI\%RegistrationResource\fP) -> \fI\%RegistrationResource\fP Query server about registration. .INDENT 7.0 .TP .B Parameters \fBregr\fP (\fI\%messages.RegistrationResource\fP) \-\- Existing Registration Resource. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B update_registration(regr: \fI\%RegistrationResource\fP, update: \fI\%Registration\fP | \fI\%None\fP = None) -> \fI\%RegistrationResource\fP Update registration. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBregr\fP (\fI\%messages.RegistrationResource\fP) \-\- Registration Resource. .IP \(bu 2 \fBupdate\fP (\fI\%messages.Registration\fP) \-\- Updated body of the resource. If not provided, body will be taken from \fBregr\fP\&. .UNINDENT .TP .B Returns Updated Registration Resource. .TP .B Return type \fI\%RegistrationResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B new_order(csr_pem: \fI\%bytes\fP) -> \fI\%OrderResource\fP Request a new Order object from the server. .INDENT 7.0 .TP .B Parameters \fBcsr_pem\fP (\fI\%bytes\fP) \-\- A CSR in PEM format. .TP .B Returns The newly created order. .TP .B Return type \fI\%OrderResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B poll(authzr: \fI\%AuthorizationResource\fP) -> \fI\%Tuple\fP[\fI\%AuthorizationResource\fP, Response] Poll Authorization Resource for status. .INDENT 7.0 .TP .B Parameters \fBauthzr\fP (\fI\%AuthorizationResource\fP) \-\- Authorization Resource .TP .B Returns Updated Authorization Resource and HTTP response. .TP .B Return type (\fI\%AuthorizationResource\fP, \fBrequests.Response\fP) .UNINDENT .UNINDENT .INDENT 7.0 .TP .B poll_and_finalize(orderr: \fI\%OrderResource\fP, deadline: \fI\%datetime\fP | \fI\%None\fP = None) -> \fI\%OrderResource\fP Poll authorizations and finalize the order. .sp If no deadline is provided, this method will timeout after 90 seconds. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBorderr\fP (\fI\%messages.OrderResource\fP) \-\- order to finalize .IP \(bu 2 \fBdeadline\fP (\fI\%datetime.datetime\fP) \-\- when to stop polling and timeout .UNINDENT .TP .B Returns finalized order .TP .B Return type \fI\%messages.OrderResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B poll_authorizations(orderr: \fI\%OrderResource\fP, deadline: \fI\%datetime\fP) -> \fI\%OrderResource\fP Poll Order Resource for status. .UNINDENT .INDENT 7.0 .TP .B begin_finalization(orderr: \fI\%OrderResource\fP) -> \fI\%OrderResource\fP Start the process of finalizing an order. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBorderr\fP (\fI\%messages.OrderResource\fP) \-\- order to finalize .IP \(bu 2 \fBdeadline\fP (\fI\%datetime.datetime\fP) \-\- when to stop polling and timeout .UNINDENT .TP .B Returns updated order .TP .B Return type \fI\%messages.OrderResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B poll_finalization(orderr: \fI\%OrderResource\fP, deadline: \fI\%datetime\fP, fetch_alternative_chains: \fI\%bool\fP = False) -> \fI\%OrderResource\fP Poll an order that has been finalized for its status. If it becomes valid, obtain the certificate. .INDENT 7.0 .TP .B Returns finalized order (with certificate) .TP .B Return type \fI\%messages.OrderResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B finalize_order(orderr: \fI\%OrderResource\fP, deadline: \fI\%datetime\fP, fetch_alternative_chains: \fI\%bool\fP = False) -> \fI\%OrderResource\fP Finalize an order and obtain a certificate. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBorderr\fP (\fI\%messages.OrderResource\fP) \-\- order to finalize .IP \(bu 2 \fBdeadline\fP (\fI\%datetime.datetime\fP) \-\- when to stop polling and timeout .IP \(bu 2 \fBfetch_alternative_chains\fP (\fI\%bool\fP) \-\- whether to also fetch alternative certificate chains .UNINDENT .TP .B Returns finalized order .TP .B Return type \fI\%messages.OrderResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B revoke(cert: \fI\%ComparableX509\fP, rsn: \fI\%int\fP) -> \fI\%None\fP Revoke certificate. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBcert\fP (\fI\&.ComparableX509\fP) \-\- \fBOpenSSL.crypto.X509\fP wrapped in \fBComparableX509\fP .IP \(bu 2 \fBrsn\fP (\fI\%int\fP) \-\- Reason code for certificate revocation. .UNINDENT .TP .B Raises \fB\&.ClientError\fP \-\- If revocation is unsuccessful. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B external_account_required() -> \fI\%bool\fP Checks if ACME server requires External Account Binding authentication. .UNINDENT .INDENT 7.0 .TP .B classmethod get_directory(url: \fI\%str\fP, net: \fI\%ClientNetwork\fP) -> \fI\%Directory\fP Retrieves the ACME directory (RFC 8555 section 7.1.1) from the ACME server. :param str url: the URL where the ACME directory is available :param ClientNetwork net: the ClientNetwork to use to make the request .INDENT 7.0 .TP .B Returns the ACME directory object .TP .B Return type \fI\%messages.Directory\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B deactivate_registration(regr: \fI\%RegistrationResource\fP) -> \fI\%RegistrationResource\fP Deactivate registration. .INDENT 7.0 .TP .B Parameters \fBregr\fP (\fI\%messages.RegistrationResource\fP) \-\- The Registration Resource to be deactivated. .TP .B Returns The Registration resource that was deactivated. .TP .B Return type \fI\%RegistrationResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B deactivate_authorization(authzr: \fI\%AuthorizationResource\fP) -> \fI\%AuthorizationResource\fP Deactivate authorization. .INDENT 7.0 .TP .B Parameters \fBauthzr\fP (\fI\%messages.AuthorizationResource\fP) \-\- The Authorization resource to be deactivated. .TP .B Returns The Authorization resource that was deactivated. .TP .B Return type \fI\%AuthorizationResource\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B answer_challenge(challb: \fI\%ChallengeBody\fP, response: \fI\%ChallengeResponse\fP) -> \fI\%ChallengeResource\fP Answer challenge. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBchallb\fP (\fI\%ChallengeBody\fP) \-\- Challenge Resource body. .IP \(bu 2 \fBresponse\fP (\fI\%challenges.ChallengeResponse\fP) \-\- Corresponding Challenge response .UNINDENT .TP .B Returns Challenge Resource with updated body. .TP .B Return type \fI\%ChallengeResource\fP .TP .B Raises \fB\&.UnexpectedUpdate\fP \-\- .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod retry_after(response: Response, default: \fI\%int\fP) -> \fI\%datetime\fP Compute next \fI\%poll\fP time based on response \fBRetry\-After\fP header. .sp Handles integers and various datestring formats per \fI\%https://www.w3.org/Protocols/rfc2616/rfc2616\-sec14.html#sec14.37\fP .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBresponse\fP (\fIrequests.Response\fP) \-\- Response from \fI\%poll\fP\&. .IP \(bu 2 \fBdefault\fP (\fI\%int\fP) \-\- Default value (in seconds), used when \fBRetry\-After\fP header is not present or invalid. .UNINDENT .TP .B Returns Time point when next \fI\%poll\fP should be performed. .TP .B Return type \fI\%datetime.datetime\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.client.ClientNetwork(key: \fI\%JWK\fP, account: \fI\%RegistrationResource\fP | \fI\%None\fP = None, alg: \fI\%JWASignature\fP = RS256, verify_ssl: \fI\%bool\fP = True, user_agent: \fI\%str\fP = \(aqacme\-python\(aq, timeout: \fI\%int\fP = 45) Wrapper around requests that signs POSTs for authentication. .sp Also adds user agent, and handles Content\-Type. .INDENT 7.0 .TP .B REPLAY_NONCE_HEADER = \(aqReplay\-Nonce\(aq Initialize. .INDENT 7.0 .TP .B Parameters .INDENT 7.0 .IP \(bu 2 \fBkey\fP (\fIjosepy.JWK\fP) \-\- Account private key .IP \(bu 2 \fBaccount\fP (\fI\%messages.RegistrationResource\fP) \-\- Account object. Required if you are planning to use .post() for anything other than creating a new account; may be set later after registering. .IP \(bu 2 \fBalg\fP (\fIjosepy.JWASignature\fP) \-\- Algorithm to use in signing JWS. .IP \(bu 2 \fBverify_ssl\fP (\fI\%bool\fP) \-\- Whether to verify certificates on SSL connections. .IP \(bu 2 \fBuser_agent\fP (\fI\%str\fP) \-\- String to send as User\-Agent header. .IP \(bu 2 \fBtimeout\fP (\fI\%int\fP) \-\- Timeout for requests. .UNINDENT .UNINDENT .UNINDENT .INDENT 7.0 .TP .B head(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) -> Response Send HEAD request without checking the response. .sp Note, that \fB_check_response\fP is not called, as it is expected that status code other than successfully 2xx will be returned, or messages2.Error will be raised by the server. .UNINDENT .INDENT 7.0 .TP .B get(url: \fI\%str\fP, content_type: \fI\%str\fP = \(aqapplication/json\(aq, **kwargs: \fI\%Any\fP) -> Response Send GET request and check response. .UNINDENT .INDENT 7.0 .TP .B post(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) -> Response POST object wrapped in \fBJWS\fP and check response. .sp If the server responded with a badNonce error, the request will be retried once. .UNINDENT .UNINDENT .SS Errors .sp ACME errors. .INDENT 0.0 .TP .B exception acme.errors.Error Generic ACME error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.DependencyError Dependency error .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.SchemaValidationError JSON schema ACME object validation error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.ClientError Network error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.UnexpectedUpdate Unexpected update error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.NonceError Server response nonce error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.BadNonce(nonce: \fI\%str\fP, error: \fI\%Exception\fP, *args: \fI\%Any\fP) Bad nonce error. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.MissingNonce(response: Response, *args: \fI\%Any\fP) Missing nonce error. .sp According to the specification an \(dqACME server MUST include an Replay\-Nonce header field in each successful response to a POST it provides to a client (...)\(dq. .INDENT 7.0 .TP .B Variables \fB~.response\fP (\fIrequests.Response\fP) \-\- HTTP Response .UNINDENT .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.PollError(exhausted: \fI\%Set\fP[\fI\%messages.AuthorizationResource\fP], updated: \fI\%Mapping\fP[\fI\%messages.AuthorizationResource\fP, \fI\%messages.AuthorizationResource\fP]) Generic error when polling for authorization fails. .sp This might be caused by either timeout (\fBexhausted\fP will be non\-empty) or by some authorization being invalid. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBexhausted\fP \-\- Set of \fI\%AuthorizationResource\fP that didn\(aqt finish within max allowed attempts. .IP \(bu 2 \fBupdated\fP \-\- Mapping from original \fI\%AuthorizationResource\fP to the most recently updated one .UNINDENT .UNINDENT .INDENT 7.0 .TP .B property timeout: \fI\%bool\fP Was the error caused by timeout? .UNINDENT .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.ValidationError(failed_authzrs: \fI\%List\fP[\fI\%messages.AuthorizationResource\fP]) Error for authorization failures. Contains a list of authorization resources, each of which is invalid and should have an error field. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.TimeoutError Error for when polling an authorization or an order times out. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.IssuanceError(error: \fI\%messages.Error\fP) Error sent by the server after requesting issuance of a certificate. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.ConflictError(location: \fI\%str\fP) Error for when the server returns a 409 (Conflict) HTTP status. .sp In the version of ACME implemented by Boulder, this is used to find an account if you only have the private key, but don\(aqt know the account URL. .sp Also used in V2 of the ACME client for the same purpose. .UNINDENT .INDENT 0.0 .TP .B exception acme.errors.WildcardUnsupportedError Error for when a wildcard is requested but is unsupported by ACME CA. .UNINDENT .SS Fields .sp ACME JSON fields. .INDENT 0.0 .TP .B class acme.fields.Fixed(json_name: \fI\%str\fP, value: \fI\%Any\fP) Fixed field. .INDENT 7.0 .TP .B decode(value: \fI\%Any\fP) -> \fI\%Any\fP Decode a value, optionally with context JSON object. .UNINDENT .INDENT 7.0 .TP .B encode(value: \fI\%Any\fP) -> \fI\%Any\fP Encode a value, optionally with context JSON object. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.fields.RFC3339Field(json_name: \fI\%str\fP, default: \fI\%Any\fP = None, omitempty: \fI\%bool\fP = False, decoder: \fI\%Callable\fP[[\fI\%Any\fP], \fI\%Any\fP] | \fI\%None\fP = None, encoder: \fI\%Callable\fP[[\fI\%Any\fP], \fI\%Any\fP] | \fI\%None\fP = None) RFC3339 field encoder/decoder. .sp Handles decoding/encoding between RFC3339 strings and aware (not naive) \fI\%datetime.datetime\fP objects (e.g. \fBdatetime.datetime.now(pytz.UTC)\fP). .INDENT 7.0 .TP .B classmethod default_encoder(value: \fI\%datetime\fP) -> \fI\%str\fP Default (passthrough) encoder. .UNINDENT .INDENT 7.0 .TP .B classmethod default_decoder(value: \fI\%str\fP) -> \fI\%datetime\fP Default decoder. .sp Recursively deserialize into immutable types ( \fI\%josepy.util.frozendict\fP instead of \fBdict()\fP, \fBtuple()\fP instead of \fBlist()\fP). .UNINDENT .UNINDENT .INDENT 0.0 .TP .B acme.fields.fixed(json_name: \fI\%str\fP, value: \fI\%Any\fP) -> \fI\%Any\fP Generates a type\-friendly Fixed field. .UNINDENT .INDENT 0.0 .TP .B acme.fields.rfc3339(json_name: \fI\%str\fP, omitempty: \fI\%bool\fP = False) -> \fI\%Any\fP Generates a type\-friendly RFC3339 field. .UNINDENT .SS JOSE .sp The \fBacme.jose\fP module was moved to its own package \(dq\fI\%josepy\fP\(dq. Please refer to its documentation there. .SS Messages .sp ACME protocol messages. .INDENT 0.0 .TP .B acme.messages.is_acme_error(err: \fI\%BaseException\fP) -> \fI\%bool\fP Check if argument is an ACME error. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.IdentifierType(name: \fI\%str\fP) ACME identifier type. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Identifier(**kwargs: \fI\%Any\fP) ACME identifier. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBtyp\fP (\fI\%IdentifierType\fP) \-\- .IP \(bu 2 \fBvalue\fP (\fI\%str\fP) \-\- .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B exception acme.messages.Error(**kwargs: \fI\%Any\fP) ACME error. .sp \fI\%https://datatracker.ietf.org/doc/html/rfc7807\fP .sp Note: Although Error inherits from JSONObjectWithFields, which is immutable, we add mutability for Error to comply with the Python exception API. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBtyp\fP (\fI\%str\fP) \-\- .IP \(bu 2 \fBtitle\fP (\fI\%str\fP) \-\- .IP \(bu 2 \fBdetail\fP (\fI\%str\fP) \-\- .IP \(bu 2 \fBidentifier\fP (\fI\%Identifier\fP) \-\- .IP \(bu 2 \fBsubproblems\fP (\fI\%tuple\fP) \-\- An array of ACME Errors which may be present when the CA returns multiple errors related to the same request, \fI\%tuple\fP of \fI\%Error\fP\&. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod with_code(code: \fI\%str\fP, **kwargs: \fI\%Any\fP) -> \fI\%Error\fP Create an Error instance with an ACME Error code. .INDENT 7.0 .TP .B Str code An ACME error code, like \(aqdnssec\(aq. .TP .B Kwargs kwargs to pass to Error. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B property description: \fI\%str\fP | \fI\%None\fP Hardcoded error description based on its type. .INDENT 7.0 .TP .B Returns Description if standard ACME error or \fBNone\fP\&. .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .INDENT 7.0 .TP .B property code: \fI\%str\fP | \fI\%None\fP ACME error code. .sp Basically self.typ without the ERROR_PREFIX. .INDENT 7.0 .TP .B Returns error code if standard ACME code or \fBNone\fP\&. .TP .B Return type \fI\%str\fP .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Status(name: \fI\%str\fP) ACME \(dqstatus\(dq field. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Directory(jobj: \fI\%Mapping\fP[\fI\%str\fP, \fI\%Any\fP]) Directory. .sp Directory resources must be accessed by the exact field name in RFC8555 (section 9.7.5). .INDENT 7.0 .TP .B class Meta(**kwargs: \fI\%Any\fP) Directory Meta. .INDENT 7.0 .TP .B property terms_of_service: \fI\%str\fP URL for the CA TOS .UNINDENT .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Partially serialize. .sp Following the example, \fBpartial serialization\fP means the following: .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C assert isinstance(Bar().to_partial_json()[0], Foo) assert isinstance(Bar().to_partial_json()[1], Foo) # in particular... assert Bar().to_partial_json() != [\(aqfoo\(aq, \(aqfoo\(aq] .ft P .fi .UNINDENT .UNINDENT .INDENT 7.0 .TP .B Raises \fI\%josepy.errors.SerializationError\fP \-\- in case of any serialization error. .TP .B Returns Partially serializable object. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod from_json(jobj: \fI\%MutableMapping\fP[\fI\%str\fP, \fI\%Any\fP]) -> \fI\%Directory\fP Deserialize a decoded JSON document. .INDENT 7.0 .TP .B Parameters \fBjobj\fP \-\- Python object, composed of only other basic data types, as decoded from JSON document. Not necessarily \fI\%dict\fP (as decoded from \(dqJSON object\(dq document). .TP .B Raises \fI\%josepy.errors.DeserializationError\fP \-\- if decoding was unsuccessful, e.g. in case of unparseable X509 certificate, or wrong padding in JOSE base64 encoded string, etc. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Resource(**kwargs: \fI\%Any\fP) ACME Resource. .INDENT 7.0 .TP .B Variables \fBbody\fP (\fI\%acme.messages.ResourceBody\fP) \-\- Resource body. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.ResourceWithURI(**kwargs: \fI\%Any\fP) ACME Resource with URI. .INDENT 7.0 .TP .B Variables \fBuri\fP (\fI\%str\fP) \-\- Location of the resource. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.ResourceBody(**kwargs: \fI\%Any\fP) ACME Resource Body. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.ExternalAccountBinding ACME External Account Binding .INDENT 7.0 .TP .B classmethod from_data(account_public_key: \fI\%JWK\fP, kid: \fI\%str\fP, hmac_key: \fI\%str\fP, directory: \fI\%Directory\fP) -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Create External Account Binding Resource from contact details, kid and hmac. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Registration(**kwargs: \fI\%Any\fP) Registration Resource Body. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBkey\fP (\fIjose.JWK\fP) \-\- Public key. .IP \(bu 2 \fBcontact\fP (\fI\%tuple\fP) \-\- Contact information following ACME spec, \fI\%tuple\fP of \fI\%str\fP\&. .IP \(bu 2 \fBagreement\fP (\fI\%str\fP) \-\- .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod from_data(phone: \fI\%str\fP | \fI\%None\fP = None, email: \fI\%str\fP | \fI\%None\fP = None, external_account_binding: \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] | \fI\%None\fP = None, **kwargs: \fI\%Any\fP) -> GenericRegistration Create registration resource from contact details. .sp The \fBcontact\fP keyword being passed to a Registration object is meaningful, so this function represents empty iterables in its kwargs by passing on an empty \fI\%tuple\fP\&. .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Modify josepy.JSONDeserializable.to_partial_json() .UNINDENT .INDENT 7.0 .TP .B fields_to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Modify josepy.JSONObjectWithFields.fields_to_partial_json() .UNINDENT .INDENT 7.0 .TP .B property phones: \fI\%Tuple\fP[\fI\%str\fP, \&...] All phones found in the \fBcontact\fP field. .UNINDENT .INDENT 7.0 .TP .B property emails: \fI\%Tuple\fP[\fI\%str\fP, \&...] All emails found in the \fBcontact\fP field. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.NewRegistration(**kwargs: \fI\%Any\fP) New registration. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.UpdateRegistration(**kwargs: \fI\%Any\fP) Update registration. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.RegistrationResource(**kwargs: \fI\%Any\fP) Registration Resource. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBbody\fP (\fI\%acme.messages.Registration\fP) \-\- .IP \(bu 2 \fBnew_authzr_uri\fP (\fI\%str\fP) \-\- Deprecated. Do not use. .IP \(bu 2 \fBterms_of_service\fP (\fI\%str\fP) \-\- URL for the CA TOS. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.ChallengeBody(**kwargs: \fI\%Any\fP) Challenge Resource Body. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBacme.challenges.Challenge\fP \-\- Wrapped challenge. Conveniently, all challenge fields are proxied, i.e. you can call \fBchallb.x\fP to get \fBchallb.chall.x\fP contents. .IP \(bu 2 \fBstatus\fP (\fI\%acme.messages.Status\fP) \-\- .IP \(bu 2 \fBvalidated\fP (\fI\%datetime.datetime\fP) \-\- .IP \(bu 2 \fBerror\fP (\fI\%messages.Error\fP) \-\- .UNINDENT .UNINDENT .INDENT 7.0 .TP .B encode(name: \fI\%str\fP) -> \fI\%Any\fP Encode a single field. .INDENT 7.0 .TP .B Parameters \fBname\fP (\fI\%str\fP) \-\- Name of the field to be encoded. .TP .B Raises .INDENT 7.0 .IP \(bu 2 \fBerrors.SerializationError\fP \-\- if field cannot be serialized .IP \(bu 2 \fI\%errors.Error\fP \-\- if field could not be found .UNINDENT .UNINDENT .UNINDENT .INDENT 7.0 .TP .B to_partial_json() -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Partially serialize. .sp Following the example, \fBpartial serialization\fP means the following: .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C assert isinstance(Bar().to_partial_json()[0], Foo) assert isinstance(Bar().to_partial_json()[1], Foo) # in particular... assert Bar().to_partial_json() != [\(aqfoo\(aq, \(aqfoo\(aq] .ft P .fi .UNINDENT .UNINDENT .INDENT 7.0 .TP .B Raises \fI\%josepy.errors.SerializationError\fP \-\- in case of any serialization error. .TP .B Returns Partially serializable object. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B classmethod fields_from_json(jobj: \fI\%Mapping\fP[\fI\%str\fP, \fI\%Any\fP]) -> \fI\%Dict\fP[\fI\%str\fP, \fI\%Any\fP] Deserialize fields from JSON. .UNINDENT .INDENT 7.0 .TP .B property uri: \fI\%str\fP The URL of this challenge. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.ChallengeResource(**kwargs: \fI\%Any\fP) Challenge Resource. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBbody\fP (\fI\%acme.messages.ChallengeBody\fP) \-\- .IP \(bu 2 \fBauthzr_uri\fP (\fI\%str\fP) \-\- URI found in the \(aqup\(aq \fBLink\fP header. .UNINDENT .UNINDENT .INDENT 7.0 .TP .B property uri: \fI\%str\fP The URL of the challenge body. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Authorization(**kwargs: \fI\%Any\fP) Authorization Resource Body. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBidentifier\fP (\fI\%acme.messages.Identifier\fP) \-\- .IP \(bu 2 \fBchallenges\fP (\fI\%list\fP) \-\- \fI\%list\fP of \fI\%ChallengeBody\fP .IP \(bu 2 \fBstatus\fP (\fI\%acme.messages.Status\fP) \-\- .IP \(bu 2 \fBexpires\fP (\fI\%datetime.datetime\fP) \-\- .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.NewAuthorization(**kwargs: \fI\%Any\fP) New authorization. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.UpdateAuthorization(**kwargs: \fI\%Any\fP) Update authorization. .UNINDENT .INDENT 0.0 .TP .B class acme.messages.AuthorizationResource(**kwargs: \fI\%Any\fP) Authorization Resource. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBbody\fP (\fI\%acme.messages.Authorization\fP) \-\- .IP \(bu 2 \fBnew_cert_uri\fP (\fI\%str\fP) \-\- Deprecated. Do not use. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.CertificateRequest(**kwargs: \fI\%Any\fP) ACME newOrder request. .INDENT 7.0 .TP .B Variables \fBcsr\fP (\fIjose.ComparableX509\fP) \-\- \fBOpenSSL.crypto.X509Req\fP wrapped in \fBComparableX509\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.CertificateResource(**kwargs: \fI\%Any\fP) Certificate Resource. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBbody\fP (\fI\%josepy.util.ComparableX509\fP) \-\- \fBOpenSSL.crypto.X509\fP wrapped in \fBComparableX509\fP .IP \(bu 2 \fBcert_chain_uri\fP (\fI\%str\fP) \-\- URI found in the \(aqup\(aq \fBLink\fP header .IP \(bu 2 \fBauthzrs\fP (\fI\%tuple\fP) \-\- \fI\%tuple\fP of \fI\%AuthorizationResource\fP\&. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Revocation(**kwargs: \fI\%Any\fP) Revocation message. .INDENT 7.0 .TP .B Variables \fBcertificate\fP (\fIjose.ComparableX509\fP) \-\- \fBOpenSSL.crypto.X509\fP wrapped in \fBjose.ComparableX509\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.Order(**kwargs: \fI\%Any\fP) Order Resource Body. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBidentifiers\fP (\fI\%list\fP of \fI\%Identifier\fP) \-\- List of identifiers for the certificate. .IP \(bu 2 \fBstatus\fP (\fI\%acme.messages.Status\fP) \-\- .IP \(bu 2 \fBauthorizations\fP (\fI\%list\fP of \fI\%str\fP) \-\- URLs of authorizations. .IP \(bu 2 \fBcertificate\fP (\fI\%str\fP) \-\- URL to download certificate as a fullchain PEM. .IP \(bu 2 \fBfinalize\fP (\fI\%str\fP) \-\- URL to POST to to request issuance once all authorizations have \(dqvalid\(dq status. .IP \(bu 2 \fBexpires\fP (\fI\%datetime.datetime\fP) \-\- When the order expires. .IP \(bu 2 \fBerror\fP (\fIError\fP) \-\- Any error that occurred during finalization, if applicable. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.OrderResource(**kwargs: \fI\%Any\fP) Order Resource. .INDENT 7.0 .TP .B Variables .INDENT 7.0 .IP \(bu 2 \fBbody\fP (\fI\%acme.messages.Order\fP) \-\- .IP \(bu 2 \fBcsr_pem\fP (\fI\%bytes\fP) \-\- The CSR this Order will be finalized with. .IP \(bu 2 \fBauthorizations\fP (\fI\%list\fP of \fI\%acme.messages.AuthorizationResource\fP) \-\- Fully\-fetched AuthorizationResource objects. .IP \(bu 2 \fBfullchain_pem\fP (\fI\%str\fP) \-\- The fetched contents of the certificate URL produced once the order was finalized, if it\(aqs present. .IP \(bu 2 \fBalternative_fullchains_pem\fP (\fI\%list\fP of \fI\%str\fP) \-\- The fetched contents of alternative certificate chain URLs produced once the order was finalized, if present and requested during finalization. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.messages.NewOrder(**kwargs: \fI\%Any\fP) New order. .UNINDENT .SS Standalone .sp Support for standalone client challenge solvers. .INDENT 0.0 .TP .B class acme.standalone.TLSServer(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) Generic TLS Server. .INDENT 7.0 .TP .B server_bind() -> \fI\%None\fP Called by constructor to bind the socket. .sp May be overridden. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.ACMEServerMixin ACME server common settings mixin. .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.BaseDualNetworkedServers(ServerClass: \fI\%Type\fP[\fI\%TCPServer\fP], server_address: \fI\%Tuple\fP[\fI\%str\fP, \fI\%int\fP], *remaining_args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) Base class for a pair of IPv6 and IPv4 servers that tries to do everything it\(aqs asked for both servers, but where failures in one server don\(aqt affect the other. .sp If two servers are instantiated, they will serve on the same port. .INDENT 7.0 .TP .B serve_forever() -> \fI\%None\fP Wraps socketserver.TCPServer.serve_forever .UNINDENT .INDENT 7.0 .TP .B getsocknames() -> \fI\%List\fP[\fI\%Tuple\fP[\fI\%str\fP, \fI\%int\fP]] Wraps socketserver.TCPServer.socket.getsockname .UNINDENT .INDENT 7.0 .TP .B shutdown_and_server_close() -> \fI\%None\fP Wraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and threading.Thread.join .UNINDENT .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.TLSALPN01Server(server_address: \fI\%Tuple\fP[\fI\%str\fP, \fI\%int\fP], certs: \fI\%List\fP[\fI\%Tuple\fP[PKey, X509]], challenge_certs: \fI\%Mapping\fP[\fI\%bytes\fP, \fI\%Tuple\fP[PKey, X509]], ipv6: \fI\%bool\fP = False) TLSALPN01 Server. .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.HTTPServer(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) Generic HTTP Server. .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.HTTP01Server(server_address: \fI\%Tuple\fP[\fI\%str\fP, \fI\%int\fP], resources: \fI\%Set\fP[\fI\%HTTP01\fP], ipv6: \fI\%bool\fP = False, timeout: \fI\%int\fP = 30) HTTP01 Server. .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.HTTP01DualNetworkedServers(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) HTTP01Server Wrapper. Tries everything for both. Failures for one don\(aqt affect the other. .UNINDENT .INDENT 0.0 .TP .B class acme.standalone.HTTP01RequestHandler(*args: \fI\%Any\fP, **kwargs: \fI\%Any\fP) HTTP01 challenge handler. .sp Adheres to the stdlib\(aqs \fI\%socketserver.BaseRequestHandler\fP interface. .INDENT 7.0 .TP .B Variables \fBsimple_http_resources\fP (\fI\%set\fP) \-\- A set of \fI\%HTTP01Resource\fP objects. TODO: better name? .UNINDENT .INDENT 7.0 .TP .B class HTTP01Resource(chall, response, validation) .INDENT 7.0 .TP .B chall Alias for field number 0 .UNINDENT .INDENT 7.0 .TP .B response Alias for field number 1 .UNINDENT .INDENT 7.0 .TP .B validation Alias for field number 2 .UNINDENT .UNINDENT .INDENT 7.0 .TP .B property timeout: \fI\%int\fP The default timeout this server should apply to requests. :return: timeout to apply :rtype: int .UNINDENT .INDENT 7.0 .TP .B log_message(format: \fI\%str\fP, *args: \fI\%Any\fP) -> \fI\%None\fP Log arbitrary message. .UNINDENT .INDENT 7.0 .TP .B handle() -> \fI\%None\fP Handle request. .UNINDENT .INDENT 7.0 .TP .B handle_index() -> \fI\%None\fP Handle index page. .UNINDENT .INDENT 7.0 .TP .B handle_404() -> \fI\%None\fP Handler 404 Not Found errors. .UNINDENT .INDENT 7.0 .TP .B handle_simple_http_resource() -> \fI\%None\fP Handle HTTP01 provisioned resources. .UNINDENT .INDENT 7.0 .TP .B classmethod partial_init(simple_http_resources: \fI\%Set\fP[\fI\%HTTP01\fP], timeout: \fI\%int\fP) -> partial[\fI\%HTTP01RequestHandler\fP] Partially initialize this handler. .sp This is useful because \fI\%socketserver.BaseServer\fP takes uninitialized handler and initializes it with the current request. .UNINDENT .UNINDENT .sp ACME protocol implementation. .sp This module is an implementation of the \fI\%ACME protocol\fP\&. .INDENT 0.0 .IP \(bu 2 \fI\%Index\fP .IP \(bu 2 \fI\%Module Index\fP .IP \(bu 2 \fI\%Search Page\fP .UNINDENT .SH AUTHOR Let's Encrypt Project .SH COPYRIGHT 2024, Let's Encrypt Project .\" Generated by docutils manpage writer. .