ITronic ACME Client ==================== This library implements the ACME 1.0 draft 10 protocol (https://tools.ietf.org/html/draft-ietf-acme-acme-10) Features --------------------- * ACMEv2 support * dns-01 challenge support * http-01 challenge support * Wildcard support * Signed Certificate Timestamp (SCT) registration support Requirements --------------------- * PHP 7.1+ * Openssl 1.0+ * Curl Requirements for dns-01 --------------------- * Dig * Programm execution allowed Usage --------------------- We have some examples in the examples folders with comments. Most simple way is to execute simple.php, but you have to modify some variables in it so it reflect your local settings. # php simple.php Should result in something like this: 2017-09-06 22:30:16 [debug] Start initialisation. 2017-09-06 22:30:16 [debug] Initialisation done. 2017-09-06 22:30:16 [info] Starting account registration 2017-09-06 22:30:16 [info] Account already exists 2017-09-06 22:30:16 [info] Starting certificate generation for domains 2017-09-06 22:30:16 [debug] Check local access for domain: searx.at 2017-09-06 22:30:16 [debug] Try saving local to: /var/www/.well-known/acme-challenge/local_check.txt 2017-09-06 22:30:16 [debug] Check local access for domain: www.searx.at 2017-09-06 22:30:16 [debug] Try saving local to: /var/www/.well-known/acme-challenge/local_check.txt 2017-09-06 22:30:16 [info] Check local successfully completed! 2017-09-06 22:30:16 [info] Requesting challenges for domain searx.at 2017-09-06 22:30:16 [info] Start signing request 2017-09-06 22:30:16 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-authz 2017-09-06 22:30:17 [info] Found challenge for Domain searx.at 2017-09-06 22:30:17 [info] Token is available at http://searx.at/.well-known/acme-challenge/TASdoXhWutv0It_K_CjoZRQdzwh3HtGHYfqL60Wor6Y 2017-09-06 22:30:17 [info] Notify CA that the challenge is ready 2017-09-06 22:30:17 [info] Start signing request 2017-09-06 22:30:17 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/challenge/VMS56QF0MPPdRmBTgvs1UxqTK9yzPWjRdhXYkDvCJV4/56776363 2017-09-06 22:30:18 [info] Verification status: valid 2017-09-06 22:30:18 [info] Requesting challenges for domain www.searx.at 2017-09-06 22:30:18 [info] Start signing request 2017-09-06 22:30:18 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-authz 2017-09-06 22:30:18 [info] Found challenge for Domain www.searx.at 2017-09-06 22:30:18 [info] Token is available at http://www.searx.at/.well-known/acme-challenge/h7I_MhujRTYXek36l8rkCwdfdcChDSKDJXSkeoem1Kg 2017-09-06 22:30:18 [info] Notify CA that the challenge is ready 2017-09-06 22:30:18 [info] Start signing request 2017-09-06 22:30:18 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/challenge/Y5kAEt1j4Trke72xptdhYyodi_SK0RzsBqikWQg-91Y/56805310 2017-09-06 22:30:19 [info] Verification status: valid 2017-09-06 22:30:19 [info] Starting key generation. 2017-09-06 22:30:20 [info] Key generation finished. 2017-09-06 22:30:20 [info] Start signing request 2017-09-06 22:30:20 [info] Sending signed request to https://acme-staging.api.letsencrypt.org/acme/new-cert 2017-09-06 22:30:21 [info] Certificate generation complete. 2017-09-06 22:30:21 [info] Load chain cert from: https://acme-staging.api.letsencrypt.org/acme/issuer-cert 2017-09-06 22:30:21 [notice] Successfuly created certificate for domain: searx.at 2017-09-06 22:30:21 [notice] Successfuly created certificate for domain: www.searx.at 2017-09-06 22:30:21 [info] Diffie-Hellman Parameters already exists. 2017-09-06 22:30:21 [info] Certificate generation finished. Array ( [RSA] => Array ( [cert] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- [chain] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- [key] => -----BEGIN PRIVATE KEY----- MII... -----END PRIVATE KEY----- [pem] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MII... -----END PRIVATE KEY----- -----BEGIN DH PARAMETERS----- MII... -----END DH PARAMETERS----- ) [EC] => Array ( [cert] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- [chain] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- [key] => -----BEGIN EC PRIVATE KEY----- MHc... -----END EC PRIVATE KEY----- [pem] => -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE----- -----BEGIN EC PRIVATE KEY----- MHc... -----END EC PRIVATE KEY----- -----BEGIN DH PARAMETERS----- MII... -----END DH PARAMETERS----- ) [dh] => -----BEGIN DH PARAMETERS----- MII... -----END DH PARAMETERS----- ) The simpleSaveToDir.php examples saves the certificates to File. Extend --------------------- If you like to use your own deployment function for challenges you can extend the class itrAcmeChallengeManagerClass or one of it's children. You find a example in examples/customDnsChallengeDeploy.php Limitations --------------------- * No revocation function * Only dns-01 and http-01 challenge support Links --------------------- * https://github.com/ITronic/itr-acme-client