Metadata-Version: 2.4
Name: certapi
Version: 1.1.12
Summary: Python Package for managing keys, request SSL certificates from ACME.
Home-page: https://github.com/mesudip/certapi
Author: Sudip Bhattarai
Author-email: sudipbhattarai100@gmail.com
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.6
Description-Content-Type: text/markdown
Requires-Dist: cryptography>=39.0.0
Requires-Dist: requests
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

CertApi
=============================

Certapi talks with DNS provider and ACME to issue SSL certificates and save it to a keystore.

CertApi is a base library for building other tools, or to integrate Certificate creation feature in your app. CertAPI also provides HTTP api server and can be deployed using Docker

[![Build Status](https://github.com/mesudip/certapi/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/mesudip/certapi/actions/workflows/tests.yml)
[![codecov](https://codecov.io/github/mesudip/certapi/graph/badge.svg?token=NYTNCH29IT)](https://codecov.io/github/mesudip/certapi)
[![PyPI version](https://img.shields.io/pypi/v/certapi.svg)](https://pypi.org/project/certapi/)

## Why another library?

I designed this library so that it can be imported and plugged in to other python projects. Goal is not to provide CLIs or quick working demo, but to be versatile for any use case.

- Pluggable keystores for keys and certificates
- Pluggable Challenge solvers for DNS and Http challenge solving
- High-level manager with renewal checks and multi-solver support
- Same interface for working locally, or requesting certificate from certapi server.

See the developer guide in [Developer.md](Developer.md) for library usage and workflows.


## Installation

You can install CertApi using pip

```bash
pip install certapi
```

## CLI

CertApi also ships with a CLI for quick verification and certificate issuance.

```bash
## Certapi's dependencies are already included in the python installation. This doesn't affect the system.
sudo python3 -m pip install certapi --break-system-packages
```

### 1. With HTTP Challenge

HTTP challenge requires you to have seup the DNS correctly. The ACME server will verify your domain by making an HTTP request.

```bash
# Verify environment and HTTP routing
sudo certapi verify example.com www.example.com

# Obtain a certificate (requires root for HTTP-01)
sudo certapi obtain example.com www.example.com
```

### 2. With DNS Provider Key

Using DNS-01 challenge with Cloudflare doesn't require the DNS to be setup. Set your Cloudflare API key as an environment variable.

```bash
# Set Cloudflare API key or token
export CLOUDFLARE_API_KEY=...   # or CLOUDFLARE_API_TOKEN

# Verify DNS configuration
sudo certapi verify example.com

# Obtain a certificate using DNS-01
sudo certapi obtain example.com www.example.com
```
