Standalone Authenticator.

class certbot.plugins.standalone.ServerManager(certs, http_01_resources)[source]

Bases: object

Standalone servers manager.

Manager for ACMEServer and ACMETLSServer instances.

certs and http_01_resources correspond to acme.crypto_util.SSLSocket.certs and acme.crypto_util.SSLSocket.http_01_resources respectively. All created servers share the same certificates and resources, so if you’re running both TLS and non-TLS instances, HTTP01 handlers will serve the same URLs!

run(port, challenge_type, listenaddr='')[source]

Run ACME server on specified port.

This method is idempotent, i.e. all calls with the same pair of (port, challenge_type) will reuse the same server.


DualNetworkedServers instance.

Return type:



Stop ACME server running on the specified port.

Parameters:port (int) –

Return all running instances.

Once the server is stopped using stop, it will not be returned.

Returns:Mapping from port to servers.
Return type:tuple
class certbot.plugins.standalone.SupportedChallengesAction(option_strings, dest, nargs=None, const=None, default=None, type=None, choices=None, required=False, help=None, metavar=None)[source]

Bases: argparse.Action

Action class for parsing standalone_supported_challenges.


Validate the value of supported challenges provided by the user.

References to “dvsni” are automatically converted to “tls-sni-01”.

Parameters:data (str) – comma delimited list of challenge types
Returns:validated and converted list of challenge types
Return type:str
class certbot.plugins.standalone.Authenticator(*args, **kwargs)[source]

Bases: certbot.plugins.common.Plugin

Standalone Authenticator.

This authenticator creates its own ephemeral TCP listener on the necessary port in order to respond to incoming tls-sni-01 and http-01 challenges from the certificate authority. Therefore, it does not rely on any existing server program.


Challenges supported by this plugin.