Skip to content

An simple self-contained ACME client targeting Let's Encrypt written in PHP

License

Notifications You must be signed in to change notification settings

UCIS/lets_encrypt.php

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

lets_encrypt.php

This script provides a simple, self-contained ACME v2 client implementation in PHP, primarily written for use with the Let's Encrypt Certificate Authority.

The only requirement is a somewhat recent PHP version (5.3.3 has been confirmed to work) with HTTP stream support and the OpenSSL extension enabled. And maybe some other really standard "extensions".

The script is written to be used on the command line, but can easily be modified for use in other environments (but do you really want your publicly accessible scripts to handle your SSL keys!?).

Usage

The script supports the following options:

Option Argument Description
-r web root path Specifies the web root directory in which the .well-known/acme-challenge/* file structure will be created
-d domain name Specifies a fully qualified domain names for which to request a certificate (use multiple times for multiple domains)
-a account key file Specifies the filename of the private account key to use, or where to store a newly generated account key if the file does not exist (optional, a temporary key is used if unspecified)
-e e-mail address Specifies the e-mail address to register as contact for the account key (optional)
-c certificate bundle file Specifies where to store the generated certificate bundle in PEM format (key + cert + intermediate), the server key from this file is reused if it exists (optional)
-p Print the resulting certificate bundle to the standard output (default if -c is not specified)
-s Use the Let's Encrypt staging server (for testing)

Example usage:

./lets_encrypt.php -r /var/www -d www.example.com -d example.com -c /etc/apache2/ssl/example.com.pem

Credits, contact & fun facts

  • Written by Ivo Smits, UCIS Internet <[email protected]> and released under the Simplified BSD License
  • Based on my own C# ACME client, which in turn is based on the pretty nice Bash script from Calomel.
  • I had to generate a CSR from scratch because C#/.Net doesn't support CSR generation at all and PHP's OpenSSL extension does not support alternative subject names. You wouldn't believe how many different RFCs are involved...

About

An simple self-contained ACME client targeting Let's Encrypt written in PHP

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages