Download the PHP package digicatech/yaac without Composer
On this page you can find all versions of the php package digicatech/yaac. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download digicatech/yaac
More information about digicatech/yaac
Files in digicatech/yaac
Package yaac
Short Description Yet Another ACME client: a decoupled LetsEncrypt client
License MIT
Homepage https://www.digicatech.com
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package yaac
ACME client, forked from Afosto/Yaac
Written in PHP, this client aims to be a simplified and decoupled Let’s Encrypt client, based on ACME V2.
Decoupled from a filesystem or webserver
Instead of, for example writing the certificate to the disk under an nginx configuration, this client just returns the data (the certificate and private key).
Why
Why would I need this package? At Digicatech we run our software in a multi-tenant setup, as any other SaaS would do, and therefore we cannot make use of the many clients that are already out there.
Almost all clients are coupled to a type of webserver or a fixed (set of) domain(s). This package can be extremely useful in case you need to dynamically fetch and install certificates.
Requirements
- PHP7+
- openssl
- Flysystem (any adapter would do) - to store the Lets Encrypt account information
Getting started
Getting started is easy. First install the client, then you need to construct a flysystem filesystem, instantiate the client and you can start requesting certificates.
Installation
Installing this package is done easily with composer.
Instantiate the client
To start the client you need 3 things; a username for your Let’s Encrypt account, a bootstrapped Flysystem and you need to
decide whether you want to issue Fake LE Intermediate X1 (staging: MODE_STAGING) or Let's Encrypt Authority X3
(live: MODE_LIVE, use for production) certificates.
While you instantiate the client, when needed a new Let’s Encrypt account is created and then agrees to the TOS.
Create an order
To start retrieving certificates, we need to create an order first. This is done as follows:
In the example above the primary domain is followed by a secondary domain(s). Make sure that for each domain you are able to prove ownership. As a result the certificate will be valid for all provided domains.
Prove ownership
Before you can obtain a certificate for a given domain you need to prove that you own the given domain(s). We request the authorizations to prove ownership. Obtain the authorizations for order. For each domain supplied in the create order request an authorization is returned.
You now have an array of Authorization objects. These have the challenges you can use (both DNS and HTTP) to
provide proof of ownership.
HTTP validation
HTTP validation (where serve specific content at a specific url on the domain, like:
example.org/.well-known/acme-challenge/*) is done as follows:
Use the following example to get the HTTP validation going. First obtain the challenges, the next step is to make the challenges accessible from
If you need a wildcard certificate, you will need to use DNS validation, see below
DNS validation
You can also use DNS validation - to do this, you will need access to an API of your DNS provider to create TXT records for the target domains.
Self test
After exposing the challenges (made accessible through HTTP or DNS) we should perform a self test just to be sure it works before asking Let's Encrypt to validate ownership.
For a HTTP challenge test call:
For a DNS test call:
With DNS validation, after the selfTest has confirmed that DNS has been updated, it is
recommended you wait some additional time before proceeding, e.g. sleep(30);. This is
because Let’s Encrypt will perform multiple viewpoint validation,
and your DNS provider may not have completed propagating the changes across their network.
If you proceed too soon, Let's Encrypt will fail to validate.
Request validation
Next step is to request validation of ownership. For each authorization (domain) we ask Let’s Encrypt to verify the challenge.
For HTTP validation:
For DNS validation:
The code above will first perform a self test and, if successful, will do 15 attempts to ask Let’s Encrypt to validate the challenge (with 1 second intervals) and retrieve an updated status (it might take Let’s Encrypt a few seconds to validate the challenge).
Get the certificate
Now to know if we can request a certificate for the order, test if the order is ready as follows:
We now know validation was completed and can obtain the certificate. This is done as follows:
We now have the certificate, to store it on the filesystem:
To get a seperate intermediate certificate and domain certificate:
All versions of yaac with dependencies
league/flysystem Version ^1.0|^3.0
ext-openssl Version *
ext-json Version *