Remove key/cert pair convertion from PEM to DER

letsencrypt_redis/installer.py

@@ -1,8 +1,6 @@
 """Redis Let's Encrypt installer plugin."""
 import logging
 import redis
-import ssl
-import subprocess
 
 import zope.component
 import zope.interface
@@ -25,6 +23,8 @@ def add_parser_arguments(cls, add):
             help="Redis host to store key/cert pair.")
         add("redis-port", default=6379,
             help="Redis port to store key/cert pair.")
+        add("redis-expire", default=31104000,
+            help="Redis expiration for key/cert pair.")
 
     def prepare(self):  # pylint: disable=missing-docstring,no-self-use
         pass  # pragma: no cover
@@ -37,22 +37,16 @@ def get_all_names(self):  # pylint: disable=missing-docstring,no-self-use
 
     def deploy_cert(self, domain, cert_path, key_path, chain_path, fullchain_path=None):
         # put key/cert to Redis hosts as binary (DER)
-        def private_to_der(key_path):
-            command = "openssl rsa -in %s -outform DER" % key_path
-            p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
-            return p.communicate()[0]
-
-        key = private_to_der(key_path)
-        cert = ssl.PEM_cert_to_DER_cert(open(cert_path).read())
-
         values = {
-            "key": key,
-            "cert": cert
+            "key": open(key_path).read(),
+            "cert": open(cert_path).read()
         }
 
         for host in self.conf("redis-hosts").split(","):
+          redis_key = "ssl:" + domain
           r = redis.Redis(host, self.conf("redis-port"))
-          r.hmset("ssl:" + domain, values)
+          r.hmset(redis_key, values)
+          r.expire(redis_key, self.conf("redis-expire"))
 
     def enhance(self, domain, enhancement, options=None):  # pylint: disable=missing-docstring,no-self-use
         pass  # pragma: no cover

setup.py

@@ -11,7 +11,6 @@
     install_requires = [
         'certbot',
         'redis',
-        'pycrypto',
         'zope.interface',
     ],
     entry_points = {