forked from certbot/certbot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeactivate.py
49 lines (38 loc) · 1.57 KB
/
deactivate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
"""
Given an ACME account key as input, deactivate the account.
This can be useful if you created an account with a non-Certbot client and now
want to deactivate it.
Private key should be in PKCS#8 PEM form.
To provide the URL for the ACME server you want to use, set it in the $DIRECTORY
environment variable, e.g.:
DIRECTORY=https://acme-staging.api.letsencrypt.org/directory python \
deactivate.py private_key.pem
"""
import os
import sys
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
import josepy as jose
from acme import client as acme_client
from acme import errors as acme_errors
from acme import messages
DIRECTORY = os.getenv('DIRECTORY', 'http://localhost:4000/directory')
if len(sys.argv) != 2:
print("Usage: python deactivate.py private_key.pem")
sys.exit(1)
data = open(sys.argv[1], "r").read()
key = jose.JWKRSA(key=serialization.load_pem_private_key(
data, None, default_backend()))
net = acme_client.ClientNetwork(key, verify_ssl=False,
user_agent="acme account deactivator")
client = acme_client.Client(DIRECTORY, key=key, net=net)
try:
# We expect this to fail and give us a Conflict response with a Location
# header pointing at the account's URL.
client.register()
except acme_errors.ConflictError as e:
location = e.location
if location is None:
raise "Key was not previously registered (but now is)."
client.deactivate_registration(messages.RegistrationResource(uri=location))