Skip to content

ACME Responder

lacme.acme_server

ASGI application implementing ACME protocol endpoints.

Provides :class:ACMEResponder, an ASGI app that implements enough of RFC 8555 for :meth:~lacme.client.Client.issue to work against it. Certificate signing is delegated to :class:~lacme.ca.CertificateAuthority. Mount in your web framework (Starlette, FastAPI, etc.) at a path prefix.

ACMEResponder

ASGI application implementing ACME protocol endpoints.

Delegates certificate signing to a :class:~lacme.ca.CertificateAuthority. Mount in your web framework at a path prefix.

.. warning::

This responder does **not** validate JWS signatures or nonces.
It is intended for trusted internal networks where the transport
layer (mTLS, private network) provides authentication.  Do not
expose to untrusted clients without additional auth middleware.

Usage::

ca = CertificateAuthority(store=store)
ca.init()
responder = ACMEResponder(ca=ca, auto_approve=True)
# Mount at /acme in your ASGI app
# Clients use: directory_url="https://host/acme/directory"
__call__ async 
__call__(scope: Scope, receive: Receive, send: Send) -> None

ASGI entry point.

ChallengeValidator

Bases: Protocol

Protocol for external challenge validation.

validate async 
validate(identifier: str, identifier_type: str, token: str, key_authorization: str) -> bool

Return True if the challenge is satisfied.