How to use the certbot.interfaces.IAuthenticator function in certbot
To help you get started, we’ve selected a few certbot examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
EFForg / starttls-everywhere / certbot / certbot-nginx / certbot_nginx / configurator.py View on Github 
from certbot import interfaces
from certbot import le_util
from certbot import reverter
from certbot.plugins import common
from certbot_nginx import constants
from certbot_nginx import tls_sni_01
from certbot_nginx import obj
from certbot_nginx import parser
logger = logging.getLogger(__name__)
@zope.interface.implementer(interfaces.IAuthenticator, interfaces.IInstaller)
@zope.interface.provider(interfaces.IPluginFactory)
class NginxConfigurator(common.Plugin):
# pylint: disable=too-many-instance-attributes,too-many-public-methods
"""Nginx configurator.
.. todo:: Add proper support for comments in the config. Currently,
config files modified by the configurator will lose all their comments.
:ivar config: Configuration.
:type config: :class:`~certbot.interfaces.IConfig`
:ivar parser: Handles low level parsing
:type parser: :class:`~certbot_nginx.parser`
:ivar str save_notes: Human-readable config change notes
# Note: FILEPATHS and changes to files are transactional. They are copied
# over before the updates are made to the existing files. NEW_FILES is
# transactional due to the use of register_file_creation()
# TODO: Verify permissions on configuration root... it is easier than
# checking permissions on each of the relative directories and less error
# prone.
# TODO: Write a server protocol finder. Listen or
# Protocol . This can verify partial setups are correct
# TODO: Add directives to sites-enabled... not sites-available.
# sites-available doesn't allow immediate find_dir search even with save()
# and load()
@zope.interface.implementer(interfaces.IAuthenticator, interfaces.IInstaller)
@zope.interface.provider(interfaces.IPluginFactory)
class ApacheConfigurator(common.Installer):
"""Apache configurator.
:ivar config: Configuration.
:type config: :class:`~certbot.interfaces.IConfig`
:ivar parser: Handles low level parsing
:type parser: :class:`~certbot_apache._internal.parser`
:ivar tup version: version of Apache
:ivar list vhosts: All vhosts found in the configuration
(:class:`list` of :class:`~certbot_apache._internal.obj.VirtualHost`)
:ivar dict assoc: Mapping between domains and vhosts
def pick_authenticator(
config, default, plugins, question="How would you "
"like to authenticate with the ACME CA?"):
"""Pick authentication plugin."""
return pick_plugin(
config, default, plugins, question, (interfaces.IAuthenticator,))import logging
from lexicon.providers import luadns
import zope.interface
from certbot import errors
from certbot import interfaces
from certbot.plugins import dns_common
from certbot.plugins import dns_common_lexicon
logger = logging.getLogger(__name__)
ACCOUNT_URL = 'https://api.luadns.com/settings'
@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.provider(interfaces.IPluginFactory)
class Authenticator(dns_common.DNSAuthenticator):
"""DNS Authenticator for LuaDNS
This Authenticator uses the LuaDNS API to fulfill a dns-01 challenge.
"""
description = 'Obtain certificates using a DNS TXT record (if you are using LuaDNS for DNS).'
ttl = 60
def __init__(self, *args, **kwargs):
super(Authenticator, self).__init__(*args, **kwargs)
self.credentials = None
@classmethod
def add_parser_arguments(cls, add): # pylint: disable=arguments-differ"subcommand will attempt to renew undeleted revoked "
"certificates.")
helpful.add("rollback",
"--checkpoints", type=int, metavar="N",
default=flag_default("rollback_checkpoints"),
help="Revert configuration N number of checkpoints.")
helpful.add("plugins",
"--init", action="store_true", default=flag_default("init"),
help="Initialize plugins.")
helpful.add("plugins",
"--prepare", action="store_true", default=flag_default("prepare"),
help="Initialize and prepare plugins.")
helpful.add("plugins",
"--authenticators", action="append_const", dest="ifaces",
default=flag_default("ifaces"),
const=interfaces.IAuthenticator, help="Limit to authenticator plugins only.")
helpful.add("plugins",
"--installers", action="append_const", dest="ifaces",
default=flag_default("ifaces"),
const=interfaces.IInstaller, help="Limit to installer plugins only.")"""Manual authenticator plugin"""
import zope.component
import zope.interface
from acme import challenges
from acme.magic_typing import Dict # pylint: disable=unused-import, no-name-in-module
from certbot import achallenges # pylint: disable=unused-import
from certbot import errors
from certbot import interfaces
from certbot import reverter
from certbot._internal import hooks
from certbot.compat import os
from certbot.plugins import common
@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.provider(interfaces.IPluginFactory)
class Authenticator(common.Plugin):
"""Manual authenticator
This plugin allows the user to perform the domain validation
challenge(s) themselves. This either be done manually by the user or
through shell scripts provided to Certbot.
"""
description = 'Manual configuration or run your own shell scripts'
hidden = True
long_description = (
'Authenticate through manual configuration or custom shell scripts. '
'When using shell scripts, an authenticator script must be provided. '
'The environment variables available to this script depend on the 'return obj.to_json()
except AttributeError:
return self.default_classic(obj)
def default_classic(self, o):
if isinstance(o, set):
return list(o)
elif isinstance(o, datetime.datetime):
return (o - datetime.datetime(1970, 1, 1)).total_seconds()
elif isinstance(o, bytes):
return o.decode('UTF-8')
else:
return super(AutoJSONEncoder, self).default(o)
@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.implementer(interfaces.IInstaller)
@zope.interface.provider(interfaces.IPluginFactory)
@zope.interface.implementer(interfaces.IReporter)
class AuthenticatorOut(common.Plugin):
"""Manual Authenticator.
This plugin requires user's manual intervention in setting up a HTTP
server for solving http-01 challenges and thus does not need to be
run as a privileged process. Alternatively shows instructions on how
to use Python's built-in HTTP server.
Script is also based on https://github.com/marcan/certbot-external
"""
hidden = Truedef load(self, account_id: str) -> certbot.account.Account:
account_row = self._db.load_account(self._staging, account_id)
if account_row is None:
raise certbot.errors.AccountNotFound("Could not find account id " + account_id)
return certbot.account.Account(
acme.messages.RegistrationResource.json_loads(account_row[1]),
jose.JWK.json_loads(account_row[2]))
def save(self, account: certbot.account.Account, client) -> None:
self._db.save_account(self._staging,
account.id,
account.regr.json_dumps(),
account.key.json_dumps())
@implementer(certbot.interfaces.IAuthenticator)
class SimpleAuthenticator:
def __init__(self, catlog_resolver: CatlogResolver):
self._catlog_resolver = catlog_resolver
def get_chall_pref(self, domain):
return [acme.challenges.DNS01]
def perform(self, achalls):
responses = []
for achall in achalls:
# if type(achall) is not acme.challenges.DNS01:
# raise Exception("All challanges must be DNS01")
result = achall.response_and_validation()
responses.append(result[0])
verification = result[1]import configparser
else:
import ConfigParser as configparser
from acme import challenges
from certbot import errors
from certbot import interfaces
from certbot.plugins import common
from inwx import domrobot, getOTP, prettyprint
logger = logging.getLogger(__name__)
@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.provider(interfaces.IPluginFactory)
class InwxDnsAuth(common.Plugin):
"""INWX DNS Authenticator"""
description = "Authentication via INWX's XML-RPC API"
@classmethod
def add_parser_arguments(cls, add):
add("cfgfile", default="/etc/letsencrypt/inwx.cfg",
help="INWX API Configuration")
def __init__(self, *args, **kwargs):
"""Initialize an INWX Authenticator"""
super(InwxDnsAuth, self).__init__(*args, **kwargs)
self.nsIds = {}
Popular certbot functions
- certbot.compat.os
- certbot.compat.os.path
- certbot.compat.os.path.basename
- certbot.compat.os.path.exists
- certbot.compat.os.path.join
- certbot.constants
- certbot.errors
- certbot.errors.CertStorageError
- certbot.errors.ConfigurationError
- certbot.errors.Error
- certbot.errors.MisconfigurationError
- certbot.errors.PluginError
- certbot.errors.ReverterError
- certbot.interfaces
- certbot.interfaces.IAuthenticator
- certbot.interfaces.IPluginFactory
- certbot.plugins.common
- certbot.util
- certbot.util.make_or_verify_dir
- certbot.util.run_script