txacme
txacme copied to clipboard
twisted
Twisted client for the ACME (Automatic Certificate Management Environment) protocol
When the service starts and fails to register the client, instead of just logging an error I would like to have something called so that I can either stop the...
Right now AcmeIssuingService._check_certs tries to renew any certificate found in the PEM objects for a server name. I think is safe to assume that the targeted certificate is only the...
The basic idea: 1. Run one instance of this container per host, with the necessary credentials to complete DNS challenges. 1. Have a listener that connects to the container system...
Having this documented only in my head is suboptimal. The process is basically just "run towncrier, tag, build artifacts, upload to pypi" but there's some subtleties here.
The endpoints rely on the `tls-sni-01` challenge to operate, [which is dead](https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316). We should ~deprecate them ASAP to avoid confusing people~ switch them to use `tls-alpn` (#136), and figure out...
Tracking the remainder of #150 since it's no longer broken with 19.2.0
To faster and support a secure adoption of the library it would be important to have txacme packaged for Debian/Ubuntu. A good target could be probably to reach the Ubuntu...
It'd be incredibly convenient if txacme would, when renewing a certificate whose name starts with www, request that the cert contain a subjectAlternativeName without the `www`.
Hypothesis: `treq` has a timeout for getting the request, but neither treq nor Agent have a timeout for reading the body. If the network falls over here, txacme might be...
Currently all ACME registrations are anonymous. Let's Encrypt doesn't have a problem with this, but some other future ACME CA might not allow this, and providing an email address with...