You may use Acme_v2 class https://github.com/candango/automatoes/blob/develop/automatoes/acme.py - AFAIK there is no separate library that can be called "API".
the steps will present the raw "Api"
For instance, this is an user creation: https://github.com/candango/automatoes/blob/develop/tests/features/steps/acme_v2_steps.py#L43-L62
In your case you'll be doing manuale authorize and manuale issue
create a new order aka
manuale authorize
verify the challenges created by the order
manuale authorize will stop before that loop to give you the opportunity to make your magic(dns setup or http file creation)
the test will always go trough because we're using the mock server, peeble
inside the loop we poke the api to proceed with the check
we don't validate things in our side....
If you screw a validation, it is necessary to create a new order
here is manuale working for real: https://github.com/candango/automatoes/blob/develop/automatoes/authorize.py#L140-L152
so I collect the ones to be resolved, after that, we verify
this is blocking also
there is a timeout and retry going on, so we block here: https://github.com/candango/automatoes/blob/develop/automatoes/acme.py#L463
Now you can generate you csr, I do it on the test: https://github.com/candango/automatoes/blob/develop/tests/features/steps/acme_v2_steps.py#L120
Se the
manuale issuewould be:
use this
csr = create_csr(generate_rsa_key(4096), domains) or your thing
I don't have bugs related to finalize and issuance .... that I remember
bugs would happen before
this is fast on Let's encrypt
You will block if first attempt is not valid: https://github.com/candango/automatoes/blob/develop/automatoes/acme.py#L490
So this is the for real on
manuale issue
Here either I create csr or use the one provided: https://github.com/candango/automatoes/blob/develop/automatoes/issue.py#L117-L140
Here we finalize and check the certificate_uri: https://github.com/candango/automatoes/blob/develop/automatoes/issue.py#L144-L177
Here we unpack and put it place the certifcate: https://github.com/candango/automatoes/blob/develop/automatoes/issue.py#L186-L225
Do you think that can help @jsaedtler ?
@szepeviktor , long time no see....
The acmev2 will became a client protocol with several transports implementations, blocking requests by default
my apis are Peasants(clients) and Bastion(Servers) right now
the Bastion requires the nonce, as Letsencrypt, and I have a knock procedure for agents
our AutomatoesPeasant just need the nonce in the client from a directory
no knocks
just throwing out there....