certbot.ocsp package

Tools for checking certificate revocation.

class certbot.ocsp.RevocationChecker(enforce_openssl_binary_usage=False)[source]

Bases: object

This class figures out OCSP checking on this system, and performs it.

ocsp_revoked(cert)[source]

Get revoked status for a particular cert version.

Parameters:cert (interfaces.RenewableCert) – Certificate object
Returns:True if revoked; False if valid or the check failed or cert is expired.
Return type:bool
ocsp_revoked_by_paths(cert_path, chain_path, timeout=10)[source]

Performs the OCSP revocation check

Parameters:
  • cert_path (str) – Certificate filepath
  • chain_path (str) – Certificate chain
  • timeout (int) – Timeout (in seconds) for the OCSP query
Returns:

True if revoked; False if valid or the check failed or cert is expired.

Return type:

bool