mirror of
https://github.com/certbot/certbot.git
synced 2026-05-28 04:34:11 -04:00
349643c9b8
* Use josepy instead of acme.jose. (#5203)
* Parse variables without whitespace separator correctly in CentOS family of distributions (#5318)
* Pin josepy in letsencrypt-auto (#5321)
* pin josepy in le-auto
* Put pinned versions in sorted order
* Pin dependencies in oldest tests (#5316)
* Add tools/merge_requirements.py
* Revert "Fix oldest tests by pinning Google DNS deps (#5000)"
This reverts commit f68fba2be2.
* Add tools/oldest_constraints.txt
* Remove oldest constraints from tox.ini
* Rename dev constraints file
* Update tools/pip_install.sh
* Update install_and_test.sh
* Fix pip_install.sh
* Don't cat when you can cp
* Add ng-httpsclient to dev constraints for oldest tests
* Bump tested setuptools version
* Update dev_constraints comment
* Better document oldest dependencies
* test against oldest versions we say we require
* Update dev constraints
* Properly handle empty lines
* Update constraints gen in pip_install
* Remove duplicated zope.component
* Reduce pyasn1-modules dependency
* Remove blank line
* pin back google-api-python-client
* pin back uritemplate
* pin josepy for oldest tests
* Undo changes to install_and_test.sh
* Update install_and_test.sh description
* use split instead of partition
* More pip dependency resolution workarounds (#5339)
* remove pyopenssl and six deps
* remove outdated tox.ini dep requirement
* Fix auto_tests on systems with new bootstrappers (#5348)
* Fix pytest on macOS in Travis (#5360)
* Add tools/pytest.sh
* pass TRAVIS through in tox.ini
* Use tools/pytest.sh to run pytest
* Add quiet to pytest.ini
* ignore pytest cache
* print as a string (#5359)
* Use apache2ctl modules for Gentoo systems. (#5349)
* Do not call Apache binary for module reset in cleanup()
* Use apache2ctl modules for Gentoo
* Broader git ignore for pytest cache files (#5361)
Make gitignore take pytest cache directories in to account, even if
they reside in subdirectories.
If pytest is run for a certain module, ie. `pytest certbot-apache` the
cache directory is created under `certbot-apache` directory.
* Fix letsencrypt-auto name and long forms of -n (#5375)
* Deprecate Python2.6 by using Python3 on CentOS/RHEL 6 (#5329)
* If there's no python or there's only python2.6 on red hat systems, install python3
* Always check for python2.6
* address style, documentation, nits
* factor out all initialization code
* fix up python version return value when no python installed
* add no python error and exit
* document DeterminePythonVersion parameters
* build letsencrypt-auto
* close brace
* build leauto
* fix syntax errors
* set USE_PYTHON_3 for all cases
* rip out NOCRASH
* replace NOCRASH, update LE_PYTHON set logic
* use built-in venv for py3
* switch to LE_PYTHON not affecting bootstrap selection and not overwriting LE_PYTHON
* python3ify fetch.py
* get fetch.py working with python2 and 3
* don't verify server certificates in fetch.py HttpsGetter
* Use SSLContext and an environment variable so that our tests continue to never verify server certificates.
* typo
* build
* remove commented out code
* address review comments
* add documentation for YES_FLAG and QUIET_FLAG
* Add tests to centos6 Dockerfile to make sure we install python3 if and only if appropriate to do so.
* Allow non-interactive revocation without deleting certificates (#5386)
* Add --delete-after-revoke flags
* Use delete_after_revoke value
* Add delete_after_revoke unit tests
* Add integration tests for delete-after-revoke.
* Have letsencrypt-auto do a real upgrade in leauto-upgrades option 2 (#5390)
* Make leauto_upgrades do a real upgrade
* Cleanup vars and output
* Sleep until the server is ready
* add simple_http_server.py
* Use a randomly assigned port
* s/realpath/readlink
* wait for server before getting port
* s/localhost/all interfaces
* update Apache ciphersuites (#5383)
* Fix macOS builds for Python2.7 in Travis (#5378)
* Add OSX Python2 tests
* Make sure python2 is originating from homebrew on macOS
* Upgrade the already installed python2 instead of trying to reinstall
49 lines
1.6 KiB
Python
49 lines
1.6 KiB
Python
"""
|
|
Given an ACME account key as input, deactivate the account.
|
|
|
|
This can be useful if you created an account with a non-Certbot client and now
|
|
want to deactivate it.
|
|
|
|
Private key should be in PKCS#8 PEM form.
|
|
|
|
To provide the URL for the ACME server you want to use, set it in the $DIRECTORY
|
|
environment variable, e.g.:
|
|
|
|
DIRECTORY=https://acme-staging.api.letsencrypt.org/directory python \
|
|
deactivate.py private_key.pem
|
|
"""
|
|
import os
|
|
import sys
|
|
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
from cryptography.hazmat.primitives import serialization
|
|
import josepy as jose
|
|
|
|
from acme import client as acme_client
|
|
from acme import errors as acme_errors
|
|
from acme import messages
|
|
|
|
DIRECTORY = os.getenv('DIRECTORY', 'http://localhost:4000/directory')
|
|
|
|
if len(sys.argv) != 2:
|
|
print("Usage: python deactivate.py private_key.pem")
|
|
sys.exit(1)
|
|
|
|
data = open(sys.argv[1], "r").read()
|
|
key = jose.JWKRSA(key=serialization.load_pem_private_key(
|
|
data, None, default_backend()))
|
|
|
|
net = acme_client.ClientNetwork(key, verify_ssl=False,
|
|
user_agent="acme account deactivator")
|
|
|
|
client = acme_client.Client(DIRECTORY, key=key, net=net)
|
|
try:
|
|
# We expect this to fail and give us a Conflict response with a Location
|
|
# header pointing at the account's URL.
|
|
client.register()
|
|
except acme_errors.ConflictError as e:
|
|
location = e.location
|
|
if location is None:
|
|
raise "Key was not previously registered (but now is)."
|
|
client.deactivate_registration(messages.RegistrationResource(uri=location))
|