tessl/pypi-certbot
ACME client that automates the process of obtaining, installing, and renewing SSL/TLS certificates from Let's Encrypt certificate authority.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-certbot@5.0.00
# Certbot
1
2
Certbot is an ACME (Automatic Certificate Management Environment) client that automates the process of obtaining, installing, and renewing SSL/TLS certificates from Let's Encrypt and other ACME-compliant certificate authorities. It provides a command-line interface for securely requesting and deploying certificates on web servers, supporting various web server configurations including Apache and Nginx through plugins.
3
4
## Package Information
5
6
- **Package Name**: certbot
7
- **Language**: Python
8
- **Installation**: `pip install certbot`
9
- **Python Version**: >=3.10
10
11
## Core Imports
12
13
```python
14
import certbot
15
```
16
17
For main entry point:
18
19
```python
20
from certbot.main import main
21
```
22
23
For plugin development:
24
25
```python
26
from certbot import interfaces
27
from certbot.plugins.common import Plugin, Installer
28
```
29
30
For error handling:
31
32
```python
33
from certbot import errors
34
```
35
36
For utilities and types:
37
38
```python
39
from certbot import util
40
from certbot import crypto_util
41
from certbot.display import ops
42
```
43
44
## Basic Usage
45
46
### Command-line Usage
47
48
Certbot is primarily used as a command-line tool:
49
50
```python
51
from certbot.main import main
52
53
# Run certbot with command-line arguments
54
result = main(['certonly', '--standalone', '-d', 'example.com'])
55
56
# Run with default sys.argv arguments
57
result = main()
58
```
59
60
### Plugin Development
61
62
```python
63
from certbot import interfaces
64
from certbot.plugins.common import Plugin
65
from certbot import configuration
66
67
class MyAuthenticator(Plugin, interfaces.Authenticator):
68
"""Custom authenticator plugin."""
69
70
description = "Custom authentication plugin"
71
name = "my-auth"
72
73
def __init__(self, config: configuration.NamespaceConfig, name: str):
74
super().__init__(config, name)
75
76
def prepare(self):
77
"""Prepare the plugin for use."""
78
pass
79
80
def perform(self, achalls):
81
"""Perform the authentication challenges."""
82
responses = []
83
for achall in achalls:
84
# Implement challenge response logic
85
response = achall.response_and_validation(self.account_key)
86
responses.append(response)
87
return responses
88
89
def cleanup(self, achalls):
90
"""Clean up after authentication."""
91
pass
92
```
93
94
## Architecture
95
96
Certbot follows a plugin-based architecture that enables extensibility:
97
98
- **Main Entry Point**: `certbot.main.main()` provides the primary CLI interface
99
- **Plugin System**: Authenticator and Installer plugins handle different challenge types and web server configurations
100
- **Configuration Management**: `NamespaceConfig` handles command-line arguments and configuration files
101
- **Error Handling**: Comprehensive exception hierarchy for different failure modes
102
- **Utility Functions**: Cryptographic operations, file handling, and user interaction utilities
103
104
The plugin system allows extending Certbot with custom authentication methods (DNS providers, custom challenge types) and installation methods (additional web servers, custom deployment logic).
105
106
## Capabilities
107
108
### Main Entry Point & Configuration
109
110
Core functionality for running Certbot and managing configuration, including the main CLI entry point, configuration handling, and argument processing.
111
112
```python { .api }
113
def main(cli_args: Optional[list[str]] = None) -> Optional[Union[str, int]]:
114
"""
115
Run Certbot with optional command line arguments.
116
117
Args:
118
cli_args: Command line arguments, defaults to sys.argv[1:]
119
120
Returns:
121
Exit status code or None
122
"""
123
124
class NamespaceConfig:
125
"""Configuration wrapper around argparse.Namespace."""
126
def __init__(self, namespace: argparse.Namespace): ...
127
def set_argument_sources(self, argument_sources: dict[str, ArgumentSource]): ...
128
```
129
130
[Main Entry Point & Configuration](./main-config.md)
131
132
### Plugin Development
133
134
Plugin interfaces and base classes for developing custom authenticator and installer plugins to extend Certbot's functionality with new challenge types and web server support.
135
136
```python { .api }
137
class Plugin(metaclass=ABCMeta):
138
"""Base plugin interface."""
139
description: str
140
name: str
141
def __init__(self, config: Optional[NamespaceConfig], name: str): ...
142
def prepare(self): ...
143
def more_info(self) -> str: ...
144
145
class Authenticator(Plugin):
146
"""Interface for challenge authenticator plugins."""
147
def get_chall_pref(self, domain: str) -> Iterable[type[Challenge]]: ...
148
def perform(self, achalls: list[AnnotatedChallenge]) -> list[ChallengeResponse]: ...
149
def cleanup(self, achalls: list[AnnotatedChallenge]): ...
150
151
class Installer(Plugin):
152
"""Interface for certificate installer plugins."""
153
def deploy_cert(self, domain: str, cert_path: str, key_path: str, chain_path: str, fullchain_path: str): ...
154
def enhance(self, domain: str, enhancement: str, options: Optional[Union[list[str], str]]): ...
155
```
156
157
[Plugin Development](./plugin-development.md)
158
159
### Cryptographic Utilities
160
161
Certificate and key generation, management, and validation functions for handling SSL/TLS certificates, private keys, and certificate signing requests.
162
163
```python { .api }
164
def generate_key(key_size: int, key_dir: Optional[str], key_type: str = "rsa",
165
elliptic_curve: str = "secp256r1", keyname: str = "key-certbot.pem",
166
strict_permissions: bool = True) -> util.Key: ...
167
168
def generate_csr(privkey: util.Key, names: Union[list[str], set[str]],
169
path: Optional[str], must_staple: bool = False,
170
strict_permissions: bool = True) -> util.CSR: ...
171
172
def notAfter(cert_path: str) -> datetime: ...
173
def notBefore(cert_path: str) -> datetime: ...
174
```
175
176
[Cryptographic Utilities](./crypto-utilities.md)
177
178
### Error Handling & Exceptions
179
180
Comprehensive exception hierarchy for handling different types of errors that can occur during certificate operations, plugin usage, and configuration management.
181
182
```python { .api }
183
class Error(Exception):
184
"""Generic Certbot client error."""
185
186
class AuthorizationError(Error):
187
"""Authorization error."""
188
189
class PluginError(Error):
190
"""Certbot Plugin error."""
191
192
class AccountStorageError(Error):
193
"""Generic account storage error."""
194
```
195
196
[Error Handling & Exceptions](./error-handling.md)
197
198
### Display & User Interface
199
200
User interaction utilities for prompting, displaying information, and managing user interface elements in command-line and interactive environments.
201
202
```python { .api }
203
def get_email(invalid: bool = False, **kwargs) -> str:
204
"""Prompt for valid email address."""
205
206
def choose_account(accounts: list[Account]) -> Optional[Account]:
207
"""Choose an account from available accounts."""
208
209
def choose_values(values: list[str], question: Optional[str] = None) -> list[str]:
210
"""Display screen to let user pick one or multiple values."""
211
```
212
213
[Display & User Interface](./display-ui.md)
214
215
### Utility Functions
216
217
General utility functions for file operations, system information, validation, and process management used throughout Certbot operations.
218
219
```python { .api }
220
def make_or_verify_dir(directory: str, mode: int, strict: bool = True) -> None: ...
221
def safe_open(path: str, mode: str = 'w', chmod: int = 0o644) -> IO: ...
222
def unique_file(path: str, chmod: int = 0o644, mode: str = 'w') -> tuple[IO, str]: ...
223
def get_os_info() -> tuple[str, str]: ...
224
def run_script(params: list[str]) -> tuple[str, str]: ...
225
def safe_email(email: str) -> bool: ...
226
def enforce_le_validity(domain: str) -> str: ...
227
```
228
229
[Utility Functions](./utility-functions.md)
230
231
## Types
232
233
```python { .api }
234
class Key(NamedTuple):
235
"""Container for an optional file path and contents for a PEM-formatted private key."""
236
file: Optional[str]
237
pem: bytes
238
239
class CSR(NamedTuple):
240
"""Container for an optional file path and contents for a PEM or DER-formatted CSR."""
241
file: Optional[str]
242
data: bytes
243
form: str
244
245
class ArgumentSource(enum.Enum):
246
"""Enum for describing where a configuration argument was set."""
247
COMMAND_LINE = enum.auto()
248
CONFIG_FILE = enum.auto()
249
DEFAULT = enum.auto()
250
ENV_VAR = enum.auto()
251
RUNTIME = enum.auto()
252
253
class AnnotatedChallenge:
254
"""Client annotated challenge wrapper."""
255
challb: Any # ChallengeBody from acme library
256
```