ACMEOW v1.1.0
π ACMEOW v1.1.0
Production-grade ACME protocol client library for Python.
New Features
- External CSR support β finalize_order() now accepts an optional csr parameter (PEM or DER encoded), allowing users to supply a CSR generated outside of ACMEOW (e.g., from a hardware security module or external tooling). When an external CSR is provided, no private key is generated or stored by the library. get_certificate() returns None for the key PEM in this case.
Installation
pip install acmeow
pip install acmeow[dns-route53] # AWS Route53
pip install acmeow[all] # All optional dependenciesQuick Start (External CSR)
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.x509.oid import NameOID
# Generate key and CSR externally
my_key = ec.generate_private_key(ec.SECP256R1())
csr = (
x509.CertificateSigningRequestBuilder()
.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "example.com")]))
.add_extension(x509.SubjectAlternativeName([x509.DNSName("example.com")]), critical=False)
.sign(my_key, hashes.SHA256())
)
# Pass external CSR β no key is generated or stored by ACMEOW
client.finalize_order(csr=csr.public_bytes(serialization.Encoding.PEM))
cert_pem, _ = client.get_certificate()Requirements
- Python 3.10+
- cryptography >= 41.0.0
- requests >= 2.31.0
- requests[socks] >= 2.31.0
Testing & Quality Metrics
- 412 tests passing (+22 new tests for external CSR)
- Tested on Python 3.10, 3.11, 3.12, 3.13
- Cross-platform support (Linux, macOS, Windows)
License
Apache License 2.0