takuya / php-letencrypt-acme-dns
acme v2 to Let'sEncrypt by dns cloudflare or your own.
Requires
- ext-openssl: *
- acmephp/core: ^2.1
- cloudflare/sdk: ^1.3
- pear/net_dns2: ^1.5
Requires (Dev)
- larapack/dd: *
- phpunit/phpunit: *
- takuya/php-random-string: ^0.1.0
This package is auto-updated.
Last update: 2024-12-21 11:13:27 UTC
README
This Library helps us to obtain Let's Encrypt SSLCertificate with DNS-01 ACMEv2.
This is Pure-PHP , intend to be LE embedded WEB-PHP-App (ex. laravel).
Independent from shell command like certbot.
Run ACME.
request issue of certificate by DNS-01.
shell
export LE_CLOUDFLARE_TOKEN='X-811Gxxxxx' export LE_EMAIL='yourname@example.tld' php bin/request-issue.php 'aab.example.tld' 'aaa.example.tld'
EXAMPLE
In you php code.
<?php /** ******** * Prepare */ use Takuya\LEClientDNS01\Account; $cf_api_token = getenv( 'LE_CLOUDFLARE_TOKEN' ); $your_email = getenv( 'LE_EMAIL' ); $domain_names = ["www.your-domain.tld",'*.www.your-domain.tld']; $account = new Account( $your_email ); /** ******** * Order certificate. */ $dns = new CloudflareDNSPlugin( $cf_api_token, base_domain($domain_names[0]) ); $cli = new LetsEncryptAcmeDNS( $account ); $cli->setDomainNames( $domain_names ); $cli->setAcmeURL( LetsEncryptACMEServer::PROD ); $cli->setDnsPlugin( $dns ); $cert_and_a_key = $cli->orderNewCert(); /** ******** * Save in your own way. */ $owner_pkey = $account->private_key; $cert_pem = $cert_and_a_key->cert(); $cert_pkey = $cert_and_a_key->privKey();//domain pkey, not an owner's pkey. $full_chain = $cert_and_a_key->fullChain(); $pkcs12 = $cert_and_a_key->pkcs12('enc pass'); $cert_info = new SSLCertificateInfo( $cert_and_a_key->cert(); );
More cases.
WildCard name.
$cli->setDomainNames( ['*.your-domain.tld'] );
Single name
$cli->setDomainNames( ['www.your-domain.tld'] );
Multiple sub domain
$cli->setDomainNames( ['www.your-domain.tld','ipsec.your-domain.tld'] );
Multi , different BASE
$cli->setDomainNames( ['www.first.tld','www.second.tld'] );
Feature: Two domain in Two DNS server into One Certificate SAN
If you uses two dns server , you can set dns per domain.
For example , Cert with two domain in SAN.
DNS-01 plugins for above.
You can use Multiple Domain DNS Server API to complete LE ACME challenge.
<?php // set dns plugin per Domain. $cli = new LetsEncryptAcmeDNS( 'priv_key_pem', 'your_email@gmail.com' ); $dns_plugin_1 = new CloudflareDNSPlugin( 'cloudflare_token', 'example.tld' ); $dns_plugin_2 = new YourOwnPlugin( 'your_own_key', 'example.biz' ); $cli->setDnsPlugin( $dns_plugin_1, 'example.tld' ); $cli->setDnsPlugin( $dns_plugin_2, 'example.biz' );
How to write your Own DNS Plugin.
Create class and extends DNSPlugin class.
class YourOwnPlugin extends DNSPlugin{ }
Then, complete implementation by your code to update DNS server.
class YourOwnPlugin extends DNSPlugin{ public function addDnsTxtRecord ( $domain, $content ): bool;{ // TODO: write your way to add TXT Record for ACME challenge. } public function removeTxtRecord ( $domain, $content ): bool{ // TODO: Write in your way, how to remove TXT Record , after ACME. } }
Installation.
From GitHub.
repository='php-letencrypt-acme-dns' composer config repositories.$repository \ vcs https://github.com/takuya/$repository composer require takuya/$repository:master composer install
From composer packagist
composer require takuya/php-letencrypt-acme-dns
dependencies
php: >=8.1
composer:
"cloudflare/sdk": "^1.3",
"acmephp/core": "^2.1",
"pear/net_dns2": "^1.5",
"ext-openssl": "*"
Fiber used. To use Fiber php8.1 required. Fiber used in waiting dns update.
Requirements
To Check DNS TXT recoed updated.
- This package requires
Outbound UDP/53 are open.
development
git clone git@github.com:takuya/php-letencrypt-acme-dns.git cd php-letencrypt-acme-dns composer install ## write codes, then run tests. echo " export LE_CLOUDFLARE_TOKEN1=Bxxxxxxxx4q8mm export LE_CLOUDFLARE_TOKEN2=KxxxxxxxxxxPbh export LE_BASE_DOMAIN1=txxxxx.biz export LE_BASE_DOMAIN2=dxxxxx.com " > ./env source ./env vendor/bin/phpunit --filter CloudflarePluginTest
Future Plan
I will remove acme/php dependency in the future.