txacme
txacme copied to clipboard
twisted
Twisted client for the ACME (Automatic Certificate Management Environment) protocol
Resolves #32. Right now there's no testing for this, I'm pushing this up atm to get feedback on whether this looks about right to most people. /cc @glyph --- This...
It seems to be common practice to store certificates or the directories that contain them with restrictive file permissions (e.g. `0600`). The official `certbot` client seems to do this (or...
This is one of the common DNS providers we should support. See also #45.
This is going to be a tough one since `acme` doesn't implement dns-01 yet (see certbot/certbot#2061) and there's no Route 53 implementation for Twisted anywhere. Open questions: 1. Should we...
This is perhaps a "nice to have" but the infrastructure is there for it so I thought I'd mention it. In HAProxy 1.7, it's possible to specify multiple certificates for...
`AutoTLSEndpoint` is public, but the endpoint parser operates at a higher level with functionality that is not exported publicly except via the string parser.
txacme should supply something to allow implementers of `ICertificateStore` to test their implementations. I think the existing tests for DirectoryStore probably cover all of the invariants we need, so adapting...
Inspired by https://www.crc.id.au/using-centralised-management-with-lets-encrypt/. The basic idea is to delegate or CNAME `_acme-challenge` from all of your domains to the LE issuing service, similar to the http-01-with-redirects scenario, but for dns-01.
Authorizations may last for much longer than certificates, we should check to see if a new authorization is in fact needed before authorizing.
We should have these to go along with the other integration tests.