Internal Python Client

If I wanted to build an internal client using Python, could I pip install certbot, then import certbot.acme in my Python code and perform domain validations, etc all in-process rather than running certbot (in manual mode with an auth-hook script) in a piped process?

Potentially, but you might have to reimplement a number of things. You could also look at building off of one of the other clients, including one of the other Python clients.

It's possible that one of them will be more conveniently extensible for your purposes.

It feels like it should be easier to integrate with a library to create a client. Surely I am missing something fundamental?

I’ll examine 1st and 3rd party clients in more depth to gauge the complexity of doing so, but let me reiterate: why isn’t this easier, or more defined? Perhaps it’s still too early in the game and the goal posts are moving/APIs aren’t stable yet?

The python library/client used by mail-in-a-box makes use of the acme library from certbot. It also offers a slightly more high-level abstraction over certbot/acme. Perhaps that’s closer to what you’re looking for?

Thanks @pfg for pointing me at that project. It looks like it uses an older acme module (targets letsencrypt rather than certbot) - does this matter to any great degree?

Going with a certbot based solution is more likely to kept updated, I’d assume.

I think that’s just a stale link on the README and pypi page (both redirect to the certbot repo). requirements.txt points to acme>=0.2.0, which would resolve to acme-0.9.3 (part of/based on certbot 0.9.3).

Ohhh, I see now - I was just confused.

I am accustomed to seeing python modules (that are uploaded to PyPi) as their own GH repository, not embedded in the directory/hierarchy of single repo, as acme is in the certbot repo. ie:


Things are much clearer now. My apologies for the line of questioning!

For anyone following this thread, I wrote a little wrapper around certbot: Python wrapper around certbot(-auto) 0.10.0

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.