I am working on a python script that performs the same SSL certificate generation using the ACME protocol as I accomplished with an Ansible playbook (ACME certificates in Ansible using InCommon/Sectigo CA).
The documentation I found (https://acme-python.readthedocs.io/en/stable/index.html) is lacking any real good examples or logical order of calls to do anything. While documentation is thorough, without any examples.. you are left to figure it out on your own!
I have no problems with creating private keys, CSRs, file manipulation, and using the cryptography modules to work with SSL certificates (successfully wrote a script generate certificates using the private CA REST API), but that is where my success ends, and my frustration begins .. using the ACME protocol and this module.
Since I am using a private CA (Sectigo/InCommon); they support the "no challenge" method of using a private key to authenticate, generate and output an SSL certificate with a provided CSR.
I have not been able to make heads or tails of the documentation (still reading) .. and was hoping someone here may have already done this and could give me something I could use or pointers on how to get started.
Anyone out there have any existing code or tips?
OK, so a non-challenge is just a flag (or lack of http, dns, etc..) that most acme clients use to basically not perform any type of challenge, skip right over that part. This is usually the case when you are using External Account Binding (EAB), and do not need to perform a challenge to show you are the owner of a domain, etc.
In the case of Sectigo/InCommon, they have an internal method of registering all the various domains with a specific ACME account, this eliminating the need to verify with a challenge.