1  """Example script showing how to use acme client API."""
 2  import logging
 3  import os
 4  import pkg_resources
 5  
 6  from cryptography.hazmat.backends import default_backend
 7  from cryptography.hazmat.primitives.asymmetric import rsa
 8  import OpenSSL
 9  
10  from acme import client
11  from acme import messages
12  from acme import jose
13  
14  
15  logging.basicConfig(level=logging.DEBUG)
16  
17  
18  NEW_REG_URL = 'https://www.letsencrypt-demo.org/acme/new-reg'
19  BITS = 2048  # minimum for Boulder
20  DOMAIN = 'example1.com'  # example.com is ignored by Boulder
21  
22  # generate_private_key requires cryptography>=0.5
23  key = jose.JWKRSA(key=rsa.generate_private_key(
24      public_exponent=65537,
25      key_size=2048,
26      backend=default_backend()))
27  acme = client.Client(NEW_REG_URL, key)
28  
29  regr = acme.register()
30  logging.info('Auto-accepting TOS: %s', regr.terms_of_service)
31  acme.update_registration(regr.update(
32      body=regr.body.update(agreement=regr.terms_of_service)))
33  logging.debug(regr)
34  
35  authzr = acme.request_challenges(
36      identifier=messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=DOMAIN),
37      new_authzr_uri=regr.new_authzr_uri)
38  logging.debug(authzr)
39  
40  authzr, authzr_response = acme.poll(authzr)
41  
42  csr = OpenSSL.crypto.load_certificate_request(
43      OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
44          'acme', os.path.join('testdata', 'csr.der')))
45  try:
46      acme.request_issuance(csr, (authzr,))
47  except messages.Error as error:
48      print ("This script is doomed to fail as no authorization "
49             "challenges are ever solved. Error from server: {0}".format(error))