txacme
txacme copied to clipboard
twisted
Twisted client for the ACME (Automatic Certificate Management Environment) protocol
For example, for the `dns-01` challenge, it is likely that different hostnames may live in different zones or even different providers, requiring different responders to handle. There should probably be...
Currently, we use txsni, which allows for a `DEFAULT.pem`, but txacme will try to issue a certificate for `DEFAULT` when it tries to renew this, which will fail. We should...
This may or may not be something that txacme has to do anything about directly; it may be a documentation issue.
I think we don't actually need to implement #31 or #32 pre-1.0.0, but we should at least have the API shape for this finished. Currently things may be a bit...
The logic of making sure you clean up the challenge after you poll is left up to the caller, which sucks. There should probably just be a helper that combines...
Currently, if you intended a service to be available for some name, but you forgot to put a cert for it into the store, the client will just get an...
This hasn't been tested at all, there's probably some glitches here.
Twisted actually does have a sphinx inventory for the API docs, located at http://twistedmatrix.com/documents/current/api/objects.inv
There should be documentation about implementing the `ICertificateStore` interface. In particular, there is a nuance of this interface whereby you can handle keys in a "write-only" fashion; reading a certificate...
This would require enhancing the `ICertificateStore` interface (`IOpaqueCertificateStore`, maybe?); instead of txacme generating the private key and then signing the CSR with it, txacme would need to hand the CSR...