-
Notifications
You must be signed in to change notification settings - Fork 12
/
README
164 lines (130 loc) · 5.27 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
ITronic ACME Client
====================
This library implements the ACME 1.0 draft 10 protocol (https://tools.ietf.org/html/draft-ietf-acme-acme-10)
Features
---------------------
* ACMEv2 support
* dns-01 challenge support
* http-01 challenge support
* Wildcard support
* Signed Certificate Timestamp (SCT) registration support
Requirements
---------------------
* PHP 7.1+
* Openssl 1.0+
* Curl
Requirements for dns-01
---------------------
* Dig
* Programm execution allowed
Usage
---------------------
We have some examples in the examples folders with comments.
Most simple way is to execute simple.php, but you have to modify some variables in it so it reflect your local settings.
# php simple.php
Should result in something like this:
2017-09-06 22:30:16 [debug] Start initialisation.
2017-09-06 22:30:16 [debug] Initialisation done.
2017-09-06 22:30:16 [info] Starting account registration
2017-09-06 22:30:16 [info] Account already exists
2017-09-06 22:30:16 [info] Starting certificate generation for domains
2017-09-06 22:30:16 [debug] Check local access for domain: searx.at
2017-09-06 22:30:16 [debug] Try saving local to: /var/www/.well-known/acme-challenge/local_check.txt
2017-09-06 22:30:16 [debug] Check local access for domain: www.searx.at
2017-09-06 22:30:16 [debug] Try saving local to: /var/www/.well-known/acme-challenge/local_check.txt
2017-09-06 22:30:16 [info] Check local successfully completed!
2017-09-06 22:30:16 [info] Requesting challenges for domain searx.at
2017-09-06 22:30:16 [info] Start signing request
2017-09-06 22:30:16 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-authz
2017-09-06 22:30:17 [info] Found challenge for Domain searx.at
2017-09-06 22:30:17 [info] Token is available at http://searx.at/.well-known/acme-challenge/TASdoXhWutv0It_K_CjoZRQdzwh3HtGHYfqL60Wor6Y
2017-09-06 22:30:17 [info] Notify CA that the challenge is ready
2017-09-06 22:30:17 [info] Start signing request
2017-09-06 22:30:17 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/challenge/VMS56QF0MPPdRmBTgvs1UxqTK9yzPWjRdhXYkDvCJV4/56776363
2017-09-06 22:30:18 [info] Verification status: valid
2017-09-06 22:30:18 [info] Requesting challenges for domain www.searx.at
2017-09-06 22:30:18 [info] Start signing request
2017-09-06 22:30:18 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-authz
2017-09-06 22:30:18 [info] Found challenge for Domain www.searx.at
2017-09-06 22:30:18 [info] Token is available at http://www.searx.at/.well-known/acme-challenge/h7I_MhujRTYXek36l8rkCwdfdcChDSKDJXSkeoem1Kg
2017-09-06 22:30:18 [info] Notify CA that the challenge is ready
2017-09-06 22:30:18 [info] Start signing request
2017-09-06 22:30:18 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/challenge/Y5kAEt1j4Trke72xptdhYyodi_SK0RzsBqikWQg-91Y/56805310
2017-09-06 22:30:19 [info] Verification status: valid
2017-09-06 22:30:19 [info] Starting key generation.
2017-09-06 22:30:20 [info] Key generation finished.
2017-09-06 22:30:20 [info] Start signing request
2017-09-06 22:30:20 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-cert
2017-09-06 22:30:21 [info] Certificate generation complete.
2017-09-06 22:30:21 [info] Load chain cert from: https://acme-staging.api.letsencrypt.org/acme/issuer-cert
2017-09-06 22:30:21 [notice] Successfuly created certificate for domain: searx.at
2017-09-06 22:30:21 [notice] Successfuly created certificate for domain: www.searx.at
2017-09-06 22:30:21 [info] Diffie-Hellman Parameters already exists.
2017-09-06 22:30:21 [info] Certificate generation finished.
Array
(
[RSA] => Array
(
[cert] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
[chain] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
[key] => -----BEGIN PRIVATE KEY-----
MII...
-----END PRIVATE KEY-----
[pem] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MII...
-----END PRIVATE KEY-----
-----BEGIN DH PARAMETERS-----
MII...
-----END DH PARAMETERS-----
)
[EC] => Array
(
[cert] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
[chain] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
[key] => -----BEGIN EC PRIVATE KEY-----
MHc...
-----END EC PRIVATE KEY-----
[pem] => -----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MHc...
-----END EC PRIVATE KEY-----
-----BEGIN DH PARAMETERS-----
MII...
-----END DH PARAMETERS-----
)
[dh] => -----BEGIN DH PARAMETERS-----
MII...
-----END DH PARAMETERS-----
)
The simpleSaveToDir.php examples saves the certificates to File.
Extend
---------------------
If you like to use your own deployment function for challenges you can
extend the class itrAcmeChallengeManagerClass or one of it's children.
You find a example in examples/customDnsChallengeDeploy.php
Limitations
---------------------
* No revocation function
* Only dns-01 and http-01 challenge support
Links
---------------------
* https://github.com/ITronic/itr-acme-client