Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/takuya/php-letencrypt-acme-dns

DNS-01 ACMEv2 suport Library helps us to obtain Let's Encrypt SSLCertificate
https://github.com/takuya/php-letencrypt-acme-dns

acme-client acme-dns acme-v2 pure-php

Last synced: 21 days ago
JSON representation

DNS-01 ACMEv2 suport Library helps us to obtain Let's Encrypt SSLCertificate

Host: GitHub
URL: https://github.com/takuya/php-letencrypt-acme-dns
Owner: takuya
License: gpl-3.0
Created: 2023-02-16T10:21:50.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2024-04-13T11:11:32.000Z (7 months ago)
Last Synced: 2024-04-14T01:09:00.501Z (7 months ago)
Topics: acme-client, acme-dns, acme-v2, pure-php
Language: PHP
Homepage:
Size: 148 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        ## LetsEncrypt for ACME DNS-01 and Cloudflare or your own

[![phpunit](https://github.com/takuya/php-letencrypt-acme-dns/actions/workflows/actions.yml/badge.svg)](https://github.com/takuya/php-letencrypt-acme-dns/actions/workflows/actions.yml)

[![composer](https://github.com/takuya/php-letencrypt-acme-dns/actions/workflows/composer.yml/badge.svg)](https://github.com/takuya/php-letencrypt-acme-dns/actions/workflows/composer.yml)

This Library helps us to obtain Let's Encrypt SSLCertificate with DNS-01 ACMEv2.

This is **Pure-PHP** , intend to be LE embedded WEB-PHP-App (ex. laravel). 

**Independent** from `shell command` like `certbot`.   

### Run ACME. 

request issue of certificate by DNS-01.

shell

```php

export LE_CLOUDFLARE_TOKEN='X-811Gxxxxx'

export LE_EMAIL='[email protected]'

php bin/request-issue.php 'aab.example.tld' 'aaa.example.tld'

```

### EXAMPLE

In you php code.

```php

setDomainNames( $domain_names );

$cli->setAcmeURL( LetsEncryptACMEServer::PROD );

$cli->setDnsPlugin( $dns );

$cert_and_a_key = $cli->orderNewCert();

/** ********

 * Save in your own way.

 */

$owner_pkey = $account->private_key;

$cert_pem  = $cert_and_a_key->cert();

$cert_pkey = $cert_and_a_key->privKey();//domain pkey, not an owner's pkey. 

$full_chain = $cert_and_a_key->fullChain();

$pkcs12     = $cert_and_a_key->pkcs12('enc pass');

$cert_info = new SSLCertificateInfo( $cert_and_a_key->cert(); );

```

### More cases.

#### WildCard name. 

```php

$cli->setDomainNames( ['*.your-domain.tld'] );

```

#### Single name

```php

$cli->setDomainNames( ['www.your-domain.tld'] );

```

#### Multiple sub domain

```php

$cli->setDomainNames( ['www.your-domain.tld','ipsec.your-domain.tld'] );

```

#### Multi , different BASE 

```php

$cli->setDomainNames( ['www.first.tld','www.second.tld'] );

```

### Feature: Two domain in Two DNS server into One Certificate SAN

If you uses two dns server , you can set dns per domain.

For example , Cert with two domain in SAN.

| cert | domain                                   |

|---|------------------------------------------|

|commonName| example.tld                              | 

|subjectAltName| DNS:example.**tld**, DNS:example.**biz** |

DNS-01 plugins for above.

| Base Domain     | DNS        | plugin  | 

|-----------------|------------|---------|

| example.**tld** | cloudflare | CloudflareDNSPlugin|

| example.**biz** | your_own   |YourOwnPlugin|

You can use Multiple Domain DNS Server API to complete LE ACME challenge.

```php

setDnsPlugin( $dns_plugin_1, 'example.tld' );

$cli->setDnsPlugin( $dns_plugin_2, 'example.biz' );

```

## How to write your Own DNS Plugin. 

Create class and extends `DNSPlugin` class.

```php

class YourOwnPlugin extends DNSPlugin{

}

```

Then, complete implementation by your code to update DNS server.

```php

class YourOwnPlugin extends DNSPlugin{

  public function addDnsTxtRecord ( $domain, $content ): bool;{

    // TODO: write your way to add TXT Record for ACME challenge.

  }

  

  public  function removeTxtRecord ( $domain, $content ): bool{

    // TODO: Write in your way, how to remove TXT Record , after ACME.

  }

}

```

## Installation.

From GitHub.

```bash

repository='php-letencrypt-acme-dns'

composer config repositories.$repository \

vcs https://github.com/takuya/$repository  

composer require takuya/$repository:master

composer install

```

From composer packagist

```bash

composer require takuya/php-letencrypt-acme-dns

```

## dependencies

```

php: >=8.1

composer:

    "cloudflare/sdk": "^1.3",

    "acmephp/core": "^2.1",

    "pear/net_dns2": "^1.5",

    "ext-openssl": "*"

```

Fiber used. To use Fiber php8.1 required. Fiber used in waiting dns update.

## Requirements

To Check DNS TXT recoed updated.

- This package requires `Outbound UDP/53 are open`.

## development 

```shell 

git clone [email protected]:takuya/php-letencrypt-acme-dns.git

cd php-letencrypt-acme-dns

composer install 

## write codes, then run tests.

echo "

export LE_CLOUDFLARE_TOKEN1=Bxxxxxxxx4q8mm

export LE_CLOUDFLARE_TOKEN2=KxxxxxxxxxxPbh

export LE_BASE_DOMAIN1=txxxxx.biz

export LE_BASE_DOMAIN2=dxxxxx.com

" > ./env

source ./env

vendor/bin/phpunit --filter CloudflarePluginTest

```

## Future Plan

I will remove `acme/php` dependency in the future.