deprecated CA url in favor of using the direct certificate authority directory url

acme_tiny.py

@@ -5,14 +5,14 @@ try:
 except ImportError:
     from urllib2 import urlopen # Python 2
 
-#DEFAULT_CA = "https://acme-staging-v02.api.letsencrypt.org"
-DEFAULT_CA = "https://acme-v02.api.letsencrypt.org"
+DEFAULT_CA = "https://acme-v02.api.letsencrypt.org" # DEPRECATED! USE DEFAULT_DIRECTORY_URL INSTEAD
+DEFAULT_DIRECTORY_URL = "https://acme-v02.api.letsencrypt.org/directory"
 
 LOGGER = logging.getLogger(__name__)
 LOGGER.addHandler(logging.StreamHandler())
 LOGGER.setLevel(logging.INFO)
 
-def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check=False):
+def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check=False, directory_url=DEFAULT_DIRECTORY_URL):
     directory, acct_headers, alg, jwk = None, None, None, None # global variables
 
     # helper functions - base64 encode for jose spec
@@ -100,7 +100,8 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
 
     # get the ACME directory of urls
     log.info("Getting directory...")
-    directory, _, _ = _do_request(CA + "/directory", err_msg="Error getting directory")
+    directory_url = CA + "/directory" if CA != DEFAULT_CA else directory_url # backwards compatibility with deprecated CA kwarg
+    directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
     log.info("Directory found!")
 
     # create account and set the global key identifier
@@ -182,12 +183,13 @@ def main(argv):
     parser.add_argument("--csr", required=True, help="path to your certificate signing request")
     parser.add_argument("--acme-dir", required=True, help="path to the .well-known/acme-challenge/ directory")
     parser.add_argument("--quiet", action="store_const", const=logging.ERROR, help="suppress output except for errors")
-    parser.add_argument("--ca", default=DEFAULT_CA, help="certificate authority, default is Let's Encrypt")
     parser.add_argument("--disable-check", default=False, action="store_true", help="disable checking if the challenge file is hosted correctly before telling the CA")
+    parser.add_argument("--directory-url", default=DEFAULT_DIRECTORY_URL, help="certificate authority directory url, default is Let's Encrypt")
+    parser.add_argument("--ca", default=DEFAULT_CA, help="DEPRECATED! USE --directory-url INSTEAD!")
 
     args = parser.parse_args(argv)
     LOGGER.setLevel(args.quiet or LOGGER.level)
-    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check)
+    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url)
     sys.stdout.write(signed_crt)
 
 if __name__ == "__main__": # pragma: no cover

tests/test_module.py

@@ -14,7 +14,7 @@ class TestModule(unittest.TestCase):
     "Tests for acme_tiny.get_crt()"
 
     def setUp(self):
-        self.CA = "https://acme-staging-v02.api.letsencrypt.org"
+        self.DIR_URL = "https://acme-staging-v02.api.letsencrypt.org/directory"
         self.tempdir = tempfile.mkdtemp()
         self.fuse_proc = Popen(["python", "tests/monkey.py", self.tempdir])
 
@@ -31,7 +31,7 @@ class TestModule(unittest.TestCase):
             "--account-key", KEYS['account_key'].name,
             "--csr", KEYS['domain_csr'].name,
             "--acme-dir", self.tempdir,
-            "--ca", self.CA,
+            "--directory-url", self.DIR_URL,
         ])
         sys.stdout.seek(0)
         crt = sys.stdout.read().encode("utf8")
@@ -48,7 +48,7 @@ class TestModule(unittest.TestCase):
             "--account-key", KEYS['account_key'].name,
             "--csr", KEYS['san_csr'].name,
             "--acme-dir", self.tempdir,
-            "--ca", self.CA,
+            "--directory-url", self.DIR_URL,
         ])
         sys.stdout.seek(0)
         crt = sys.stdout.read().encode("utf8")
@@ -64,7 +64,7 @@ class TestModule(unittest.TestCase):
             "--account-key", KEYS['account_key'].name,
             "--csr", KEYS['domain_csr'].name,
             "--acme-dir", self.tempdir,
-            "--ca", self.CA,
+            "--directory-url", self.DIR_URL,
         ], stdout=PIPE, stderr=PIPE).communicate()
         out, err = Popen(["openssl", "x509", "-text", "-noout"], stdin=PIPE,
             stdout=PIPE, stderr=PIPE).communicate(crt)
@@ -77,7 +77,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", "/foo/bar",
                 "--csr", KEYS['domain_csr'].name,
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e
@@ -91,7 +91,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", KEYS['account_key'].name,
                 "--csr", "/foo/bar",
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e
@@ -105,7 +105,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", KEYS['weak_key'].name,
                 "--csr", KEYS['domain_csr'].name,
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e
@@ -119,7 +119,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", KEYS['account_key'].name,
                 "--csr", KEYS['invalid_csr'].name,
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e
@@ -133,7 +133,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", KEYS['account_key'].name,
                 "--csr", KEYS['nonexistent_csr'].name,
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e
@@ -147,7 +147,7 @@ class TestModule(unittest.TestCase):
                 "--account-key", KEYS['account_key'].name,
                 "--csr", KEYS['account_csr'].name,
                 "--acme-dir", self.tempdir,
-                "--ca", self.CA,
+                "--directory-url", self.DIR_URL,
             ])
         except Exception as e:
             result = e