1.2.7. letsencrypt

This module provides the functionality related to managing SSL certificates with Let’s Encrypt.

1.2.7.1. Data

LETS_ENCRYPT_DEFAULT_DATA_PATH[source]

The default path at which Let’s Encrypt data is stored.

1.2.7.2. Functions

certbot_issue(webroot, hostname, bin_path=None, unified_directory=None)[source]

Issue a certificate using Let’s Encrypt’s certbot utility. This function wraps the certbot binary and configures the parameters as appropriate. By default, the resulting certificate will be placed under LETS_ENCRYPT_DEFAULT_DATA_PATH, however if unified_directory is used then it will be under $unified_directory/etc.

Parameters:
  • webroot (str) – The webroot to use while requesting the certificate.
  • hostname (str) – The hostname of the certificate to request.
  • bin_path (str) – The optional path to the certbot binary. If not specified, then it will be searched for utilizing which().
  • unified_directory (str) – A single directory under which all the Let’s Encrypt data should be stored. This is useful when not running the utility as root.
Returns:

The exit status of the certbot utility.
Return type:

int
get_certbot_bin_path(config=None)[source]

Get the path to Let’s Encrypt’s certbot command line utility. If the path is found, it is verified to be both a file and executable. If the path verification fails, None is returned.

New in version 1.14.0.

Parameters:config (smoke_zephyr.configuration.Configuration) – Configuration to retrieve settings from.
Returns:The path to the certbot binary.
Return type:str
get_sni_hostname_config(hostname, config=None)[source]

Search for and return the SNI configuration for the specified hostname. This method will first check to see if the entry exists in the database before searching the Let’s Encrypt data directory (if data_path is present in the server configuration). If no configuration data is found, or the data file paths appear invalid, None is returned.

Parameters:
  • hostname (str) – The hostname to retrieve the configuration for.
  • config (smoke_zephyr.configuration.Configuration) – Configuration to retrieve settings from.
Returns:

The SNI configuration for the hostname if it was found.
Return type:

SNIHostnameConfiguration
get_sni_hostnames(config=None, check_files=True)[source]

Retrieve all the hostnames for which a valid SNI configuration can be retrieved. These are the hostnames for which SNI can be enabled. If check_files is enabled, the data files will be checked to ensure that they exist and are readable, else the configuration will be omitted.

Parameters:
  • config (smoke_zephyr.configuration.Configuration) – Configuration to retrieve settings from.
  • check_files (bool) – Whether or not to check the referenced data files.
Returns:

A dictionary, keyed by hostnames with values of SNIHostnameConfiguration instances.
Return type:

dict

1.2.7.3. Classes

class SNIHostnameConfiguration(certfile, keyfile, enabled)[source]

The information for a certificate used by the server’s SSL Server Name Indicator (SNI) extension.

certfile[source]

The path to the SSL certificate file on disk to use for the hostname.

keyfile[source]

The path to the SSL key file on disk to use for the hostname.

enabled[source]

Whether or not this configuration is set to be loaded by the server.