diff options
| author | vg <vgm+dev@devys.org> | 2025-06-23 21:32:24 +0200 |
|---|---|---|
| committer | vg <vgm+dev@devys.org> | 2025-06-23 21:32:24 +0200 |
| commit | c2e9d2acf3159ebd6ff6ed28513945eb62d05265 (patch) | |
| tree | fef01f946399732761be5a7c8d9b4e6db7788066 /acme_dns_tiny.py | |
| parent | c4d914d69b2fe53e56b1fd81549b14a1cf667bef (diff) | |
| download | acme-dns-tiny-c2e9d2acf3159ebd6ff6ed28513945eb62d05265.tar.gz acme-dns-tiny-c2e9d2acf3159ebd6ff6ed28513945eb62d05265.tar.bz2 acme-dns-tiny-c2e9d2acf3159ebd6ff6ed28513945eb62d05265.zip | |
Remove contact field management
Since June 4 2025, letsencrypt don't return contact information anymore
from newAccount api point.
More information at
https://community.letsencrypt.org/t/support-ended-for-expiration-notification-emails/238173
acme_tiny_dns could be used with little modification outside
letsencrypt, but I'm aligned with the rationale given by letsencrypt on
why they removed contact information from their database.
So this commit removes contact management for the following reasons:
- without modifying the code (even if the modifications would be small),
the client does not work as the key 'contact' is not found anymore in
the json structure returned by the newAccount url.
- this client main target is letsencrypt and does not seek to be
complete.
- this simplifies the script by reducing the code and having less
features.
- I think, like explained by letsencrypt in addition to private data
issues, that reminders of an expiring certificate can be monitored by
other means. Monit for example can do it, and there exists also online
services for this if needed. See
https://letsencrypt.org/2025/01/22/ending-expiration-emails/ for more
information.
Diffstat (limited to 'acme_dns_tiny.py')
| -rw-r--r-- | acme_dns_tiny.py | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/acme_dns_tiny.py b/acme_dns_tiny.py index 4903c63..51252e2 100644 --- a/acme_dns_tiny.py +++ b/acme_dns_tiny.py @@ -9,7 +9,7 @@ please read through it. It's about 326 lines, 225 SLOC with no line exceeding 80cols. Usage: - acme_dns_tiny.py [--contact=MAIL]... [--quiet] [--verbose] + acme_dns_tiny.py [--quiet] [--verbose] [--acme-directory=URL] [--ttl=SECONDS] [--separator=STR] (--account-key=PATH) (--csr=PATH) (--script=PATH) @@ -22,7 +22,6 @@ Options: --quiet suppress output except for errors --verbose show all debug information on stderr --acme-directory=URL where to make acme request, default is Let's Encrypt - --contact=MAIL create/update contact info (ex "mailto:x@example.com") --ttl=SECONDS time before (re)try self check --separator=STR list all chains joined by STR if specified --script=PATH script to run to update the DNS server record @@ -40,7 +39,6 @@ Example: | path/to/ \\ | --account-key=./account.key \\ | --csr=./domain.csr \\ -| --contact=contact@domain \\ | --ttl=300 \\ | --script=./update-dns-record > signed.crt @@ -221,14 +219,13 @@ class ACME: return collections.namedtuple('sreq', ['code', 'headers', 'map', 'text'])(req.status_code, req.headers, jmap, req.text) - def register_account(self, *, contacts=None): + def register_account(self): log.info('Register/Login ACME Account.') srv_terms = self.directory.get('meta', {}).get('termsOfService', '') if srv_terms: log.warning('Terms of service auto agreed: %s', srv_terms) account_request = { **dict({'termsOfServiceAgreed': True} if srv_terms else {}), - **dict({'contact': contacts} if contacts else {}), } sreq = self.sreq(self.directory['newAccount'], account_request) self.jws_header['kid'] = kid = sreq.headers['Location'] @@ -238,9 +235,6 @@ class ACME: elif sreq.code == 200: log.debug(' - Account is already registered: "%s"', kid) sreq = self.sreq(self.jws_header['kid'], {}) - if contacts and (set(contacts) != set(sreq.map['contact'])): - self.sreq(self.jws_header["kid"], account_request) - log.info(' - Account updated with latest contact information.') def new_order(self, *, domains=None): log.info('Request a new ACME order.') @@ -315,7 +309,6 @@ def get_crt(args): domains = extract_domains_from_csr(args['--csr']) acme = ACME(account_key_path=args['--account-key']) acme.init_sreqs(args['--acme-directory'] or ACME_DEFAULT_DIRECTORY) - acme.register_account(contacts=args['--contact']) order, order_location = acme.new_order(domains=domains) log.info('Completing each each authorization challenge') |