acme2py

本项目实现了 acme.sh 的dns申请证书流程，采用acme.sh的默认配置， CA为 zerossl 和 let‘sencrypt ，账户私钥使用 ecc-prime256v1 生成，域名私钥可选 rsa-2048 或 ecc-prime256v1 生成。

This program implements the default certificate application process of acme.sh, using dns-txt, The CA are zerossl and let‘sencrypt, and the account private key is generated by ecc-prime256v1 and domain private key can generated by rsa-prime256v1 or ecc-prime256v1.

功能 / Function

• CA / 证书机构
• ✅ zerossl
• ✅ let‘s encrypt
• ALG / 加密方式
• ✅ ECC P-256
• ✅ RSA 2048
• OPTION / 操作
• ✅ issue
• ✅ renew
• ❌ revoke
• OTHER / 其他
• ✅ idn / 国际化域名
• ✅ wildcard / 泛域名
• ❌ ip / ip证书
• ✅ multi domain / 多域名
• ❌ cron / 定时任务

运行要求 / Requirements

• python 3.8+
• release版增加了无需python的可执行文件 / The pre release version has added executable files that do not require Python

使用 / Usage

👁 安装库 / libs needed

pip install --upgrade cryptography==42.0.0 # !!! cryptography>=42.0.0
pip install requests

▶️ 运行 / run

python [ca] [options] --email=youdemail --domain=domain1.com --domian=*.domain1.com --domain=domain2 ... [--rsa=2048]
# ca: acme-zerossl.py acme-letsenc.py
# 操作/options: issue continue renew
# --rsa=2048  生成rsa域名私钥，不写则生成ecc / Generate RSA domain private key, if not written, generate ECC

📤 申请证书 / issue

python acme-zerossl.py issue --email=example@email.com --domain=example.com --domian=*.example.com 

📝 添加dns记录后 / after you add the DNS records

python acme-zerossl.py continue --email=example@email.com --domain=example.com --domian=*.example.com 

🆕 更新证书 / renew

python acme-zerossl.py renew --email=example@email.com --domain=example.com --domian=*.example.com 
# 实际上重新申请证书 Actually this will issue a new cert

❌ 吊销证书 未实现 / revoke certs NOT implemented

文件说明 / File description

├── .gitignore                              
├── ca                                   // ca配置文件，包含 account.json account.key ca.conf
│   ├── acme-v02.api.letsencrypt.org                 
│   └── acme.zerossl.com                           
├── domain              // -> /root/.acme.sh/domain/ or /root/.acme.sh/domain_ecc/     
│   ├── domain.key      // -> /root/.acme.sh/domain_ecc/domain.key      = ssl.key
│   ├── domain.cer      // -> /root/.acme.sh/domain_ecc/fullchain.cer   = ssl.pem           
│   ├── domian.conf     // -> /root/.acme.sh/domain_ecc/domain.conf              
│   └── domain.csr.conf // -> /root/.acme.sh/domain_ecc/domain.csr.conf
├── README.md                   
└── acme-zerossl.py

所有文件根路径默认在项目目录下。 与 acme.sh 的配置文件基本相同。
注意：域名目录不同 ./domain/ 对应 acme.sh 的 ./domain_ecc/ 目录 ; ./domain_rsa/ 目录对应 acme.sh 的 ./domain/ 目录

The root path of all files is in the project directory. Using the same configuration file with acme.sh.
Attention: Different domain directories ./domain/ directory corresponds to acme.sh /domain_ecc/ directory; ./domain_rsa/ directory corresponds to acme.sh ./domain/ directory

⚠ 注意 / Notice

• 更新证书时一直沿用同一个私钥文件，存在安全风险，请注意！/ Continuously using the same private key file when updating certificates poses a security risk. Please be aware of this!
  

• 本程序不支持ip证书 / This program does not support IP cert
  

• 本程序未遵循acme.sh的设计 / This program does not follow the design of acme.sh
  

• 本程序未经过严格测试与优化 / This program has not been strictly tested and optimized
  

• 禁止滥用 / Abuse is prohibited
  

• 禁止用于一切损害公共利益的行为 / Any other acts that harm the public interest are prohibited
  

• 部分代码由AI生成 / Part of the code is generated by AI