Account Management¶
ACMEOW provides full account lifecycle management per RFC 8555.
Creating an Account¶
from acmeow import AcmeClient
from pathlib import Path
client = AcmeClient(
server_url="https://acme-v02.api.letsencrypt.org/directory",
email="admin@example.com",
storage_path=Path("./acme_data"),
)
# Create new account or load existing
account = client.create_account()
print(f"Account URI: {account.uri}")
print(f"Status: {account.status}")
External Account Binding (EAB)¶
Some CAs require External Account Binding:
client.set_external_account_binding(
kid="your-key-id",
hmac_key="your-base64url-hmac-key",
)
client.create_account()
Updating Contact Information¶
Update the account’s email address:
client.update_account(email="new-email@example.com")
Account Key Rollover¶
Roll over to a new account key (e.g., for key rotation):
# Generate new key and update server
client.key_rollover()
Warning
After key rollover, the old key can no longer be used.
Deactivating an Account¶
Permanently deactivate an account:
client.deactivate_account()
Danger
Account deactivation is permanent and cannot be undone. The account will no longer be usable for any operations.
Certificate Revocation¶
Revoke a previously issued certificate:
from acmeow import RevocationReason
# Load certificate
cert_pem = Path("certificate.pem").read_text()
# Revoke without reason
client.revoke_certificate(cert_pem)
# Or with a specific reason
client.revoke_certificate(cert_pem, reason=RevocationReason.KEY_COMPROMISE)
Revocation Reasons¶
Reason |
Description |
|---|---|
|
No specific reason |
|
Private key compromised |
|
CA compromised |
|
Subject’s affiliation changed |
|
Certificate superseded |
|
Operations ceased |
|
Temporarily on hold |
|
Privileges withdrawn |