Download the PHP package skoerfgen/acmecert without Composer

On this page you can find all versions of the php package skoerfgen/acmecert. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of skoerfgen/acmecert

Informations about the package acmecert

ACMECert

PHP client library for Let's Encrypt and other ACME v2 - RFC 8555 compatible Certificate Authorities.
Version: 3.4.0

Description

ACMECert is designed to help you to setup an automated SSL/TLS-certificate/renewal process with a few lines of PHP.

It is self contained and contains a set of functions allowing you to:

It abstracts away the complexity of the ACME protocol to get a certificate (create order, fetch authorizations, compute challenge tokens, polling for status, generate CSR, finalize order, request certificate) into a single function getCertificateChains to also get all alternate chains), where you specify a set of domains you want to get a certificate for and which challenge type to use (all challenge types are supported). This function takes as third argument a user-defined callback function which gets invoked every time a challenge needs to be fulfilled. It is up to you to set/remove the challenge tokens:

see description of getCertificateChain for details about the callback function.

also see the Get Certificate examples below.

Instead of returning FALSE on error, every function in ACMECert throws an Exception if it fails or an ACME_Exception if the ACME-Server reponded with an error message.

Requirements

Require ACMECert

manual download: https://github.com/skoerfgen/ACMECert/archive/master.zip

usage:

or download it using git:

usage:

or download it using composer:

usage:

Usage / Examples

Choose Certificate Authority (CA)

Let's Encrypt

Live CA

Staging CA

Buypass

Live CA

Staging CA

Google Trust Services

Live CA

Staging CA

SSL.com

Live CA

ZeroSSL

Live CA

or any other (ACME v2 - RFC 8555) compatible CA

Generate RSA Private Key

Equivalent to: openssl genrsa -out account_key.pem 2048

Generate EC Private Key

Equivalent to: openssl ecparam -name secp384r1 -genkey -noout -out account_key.pem

Register Account Key with CA

Register Account Key with CA using External Account Binding

Get Certificate using http-01 challenge

Get Certificate using all (http-01,dns-01 and tls-alpn-01) challenge types together

Get alternate chains

Revoke Certificate

Get Account Information

Account Key Roll-over

Deactivate Account

Get/Use ACME Renewal Information

Get Remaining Percentage

This allows you to run your renewal script without the need to time it exactly, just run it often enough. (cronjob)

Get Remaining Days

Logging

By default ACMECert logs its actions using error_log which logs messages to stderr in PHP CLI so it is easy to log to a file instead:

To disable the default logging, you can use setLogger, Exceptions are nevertheless thrown:

Or you can you set it to a custom callback function:

ACME_Exception

If the ACME-Server responded with an error message an \skoerfgen\ACMECert\ACME_Exception is thrown. (ACME_Exception extends Exception)

ACME_Exception has two additional functions:

Function Reference

ACMECert::__construct

Creates a new ACMECert instance.

Parameters

ca_url

A string containing the URL to an ACME CA directory endpoint.

Return Values

Returns a new ACMECert instance.

ACMECert::generateRSAKey

Generate RSA private key (used as account key or private key for a certificate).

Parameters

bits

RSA key size in bits.

Return Values

Returns the generated RSA private key as PEM encoded string.

Errors/Exceptions

Throws an Exception if the RSA key could not be generated.

ACMECert::generateECKey

Generate Elliptic Curve (EC) private key (used as account key or private key for a certificate).

Parameters

curve_name

Supported Curves by Let’s Encrypt:

  • P-256 (prime256v1)
  • P-384 (secp384r1)
  • P-521 (secp521r1)
Return Values

Returns the generated EC private key as PEM encoded string.

Errors/Exceptions

Throws an Exception if the EC key could not be generated.

ACMECert::loadAccountKey

Load account key.

Parameters

account_key_pem

can be one of the following:

  • a string containing a PEM formatted private key.
  • a string beginning with file:// containing the filename to read a PEM formatted private key from.
    Return Values

    No value is returned.

    Errors/Exceptions

    Throws an Exception if the account key could not be loaded.

ACMECert::register

Associate the loaded account key with the CA account and optionally specify contacts.

Parameters

termsOfServiceAgreed

By passing TRUE, you agree to the Terms Of Service of the selected CA. (Must be set to TRUE in order to successully register an account.)

Hint: Use getTermsURL() to get the link to the current Terms Of Service.

contacts

can be one of the following:

  1. A string containing an e-mail address
  2. Array of e-mail adresses
    Return Values

    Returns an array containing the account information.

    Errors/Exceptions

    Throws an ACME_Exception if the server responded with an error message or an Exception if an other registration error occured.

ACMECert::registerEAB

Associate the loaded account key with the CA account using External Account Binding (EAB) credentials and optionally specify contacts.

Parameters

termsOfServiceAgreed

By passing TRUE, you agree to the Terms Of Service of the selected CA. (Must be set to TRUE in order to successully register an account.)

Hint: Use getTermsURL() to get the link to the current Terms Of Service.

eab_kid

a string specifying the EAB Key Identifier

eab_hmac

a string specifying the EAB HMAC Key

contacts

can be one of the following:

  1. A string containing an e-mail address
  2. Array of e-mail adresses
    Return Values

    Returns an array containing the account information.

    Errors/Exceptions

    Throws an ACME_Exception if the server responded with an error message or an Exception if an other registration error occured.

ACMECert::update

Update account contacts.

Parameters

contacts

can be one of the following:

  • A string containing an e-mail address
  • Array of e-mail adresses
    Return Values

    Returns an array containing the account information.

    Errors/Exceptions

    Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured updating the account.

ACMECert::getAccount

Get Account Information.

Return Values

Returns an array containing the account information.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured getting the account information.

ACMECert::getAccountID

Get Account ID.

Return Values

Returns the Account ID

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured getting the account id.

ACMECert::keyChange

Account Key Roll-over (exchange the current account key with another one).

If the Account Key Roll-over succeeded, the new account key is automatically loaded via loadAccountKey

Parameters

new_account_key_pem

can be one of the following:

  • a string containing a PEM formatted private key.
  • a string beginning with file:// containing the filename to read a PEM formatted private key from.
    Return Values

    Returns an array containing the account information.

    Errors/Exceptions

    Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured during key change.

ACMECert::deactivateAccount

Deactivate account.

Return Values

Returns an array containing the account information.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured during account deactivation.

ACMECert::getCertificateChain

Get certificate-chain (certificate + the intermediate certificate(s)).

This is what Apache >= 2.4.8 needs for SSLCertificateFile, and what Nginx needs for ssl_certificate.

Parameters

pem

A Private Key used for the certificate (the needed CSR is generated automatically using the given key in this case) or an already existing CSR in one of the following formats:

  • a string containing a PEM formatted private key.
  • a string beginning with file:// containing the filename to read a PEM encoded private key from.
    or
  • a string beginning with file:// containing the filename to read a PEM encoded CSR from.
  • a string containing the content of a CSR, PEM encoded, may start with -----BEGIN CERTIFICATE REQUEST-----

domain_config

An Array defining the domains and the corresponding challenge types to get a certificate for.

The first domain name in the array is used as Common Name for the certificate if it does not exceed 64 characters, otherwise the Common Name field will be empty.

Here is an example structure:

Hint: Wildcard certificates (*.example.com) are only supported with the dns-01 challenge type.

challenge is mandatory and has to be one of http-01, dns-01 or tls-alpn-01. All other keys are optional and up to you to be used and are later available in the callback function as $opts['config'] (see the http-01 example where docroot is used this way)

callback

Callback function which gets invoked every time a challenge needs to be fulfilled.

Inside a callback function you can return another callback function, which gets invoked after the verification completed and the challenge tokens can be removed again.

Hint: To get access to variables of the parent scope inside the callback function use the use languange construct:

The $opts array passed to the callback function contains the following keys:

$opts['domain']

Domain name to be validated.

$opts['config']

Corresponding element of the domain_config array.

$opts['key'] and $opts['value']

Contain the following, depending on the chosen challenge type:

Challenge Type $opts['key'] $opts['value']
http-01 path + filename file contents
dns-01 TXT Resource Record Name TXT Resource Record Value
tls-alpn-01 unused token used in the acmeIdentifier extension of the verification certificate; use tls-alpn-01 example)

settings (optional)

This array can have the following keys:

authz_reuse (boolean / default: TRUE)

If FALSE the callback function is always called for each domain and does not get skipped due to possibly already valid authorizations (authz) that are reused. This is achieved by deactivating already valid authorizations before getting new ones.

Hint: Under normal circumstances this is only needed when testing the callback function, not in production!

notBefore / notAfter (mixed)

can be one of the following:

  • a string containing a RFC 3339 formated date
  • a timestamp (integer)

Example: Certificate valid for 3 days:

or

replaces (string)

The ARI CertID uniquely identifying a previously-issued certificate which this order is intended to replace.

Use: getARI to get the ARI CertID for a certificate.

Example: Get/Use ACME Renewal Information

Return Values

Returns a PEM encoded certificate chain.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured obtaining the certificate.

ACMECert::getCertificateChains

Get all (default and alternate) certificate-chains. This function takes the same arguments as the getCertificateChain function above, but it returns an array of certificate chains instead of a single chain.

Return Values

Returns an array of PEM encoded certificate chains.

The keys of the returned array correspond to the issuer Common Name (CN) of the topmost (closest to the root certificate) intermediate certificate.

The first element of the returned array is the default chain.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured obtaining the certificate chains.

ACMECert::revoke

Revoke certificate.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----
    Return Values

    No value is returned.

If the function completes without Exception, the certificate was successully revoked.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured revoking the certificate.

ACMECert::generateCSR

Generate CSR for a set of domains.

Parameters

private_key

can be one of the following:

  • a string containing a PEM formatted private key.
  • a string beginning with file:// containing the filename to read a PEM formatted private key from.

domains

Array of domains

Return Values

Returns the generated CSR as string.

Errors/Exceptions

Throws an Exception if the CSR could not be generated.

ACMECert::generateALPNCertificate

Generate a self signed verification certificate containing the acmeIdentifier extension used in tls-alpn-01 challenge.

Parameters

private_key

private key used for the certificate.

can be one of the following:

  • a string containing a PEM formatted private key.
  • a string beginning with file:// containing the filename to read a PEM formatted private key from.

domain

domain name to be validated.

token

verification token.

Return Values

Returns a PEM encoded verification certificate.

Errors/Exceptions

Throws an Exception if the certificate could not be generated.

ACMECert::parseCertificate

Get information about a certificate.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----
    Return Values

    Returns an array containing information about the certificate.

    Errors/Exceptions

    Throws an Exception if the certificate could not be parsed.

ACMECert::getRemainingPercent

Get the percentage the certificate is still valid.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----
    Return Values

    A float value containing the percentage the certificate is still valid.

    Errors/Exceptions

    Throws an Exception if the certificate could not be parsed.

ACMECert::getRemainingDays

Get the number of days the certificate is still valid.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----
    Return Values

    Returns how many days the certificate is still valid.

    Errors/Exceptions

    Throws an Exception if the certificate could not be parsed.

ACMECert::splitChain

Split a string containing a PEM encoded certificate chain into an array of individual certificates.

Parameters

pem

  • a certificate-chain as string, PEM encoded.
    Return Values

    Returns an array of PEM encoded individual certificates.

    Errors/Exceptions

    None

ACMECert::getCAAIdentities

Get a list of all CAA Identities for the selected CA. (Useful for setting up CAA DNS Records)

Return Values

Returns an array containing all CAA Identities for the selected CA.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured getting the CAA Identities.

ACMECert::getSAN

Get all Subject Alternative Names of given certificate.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----
Return Values

Returns an array containing all Subject Alternative Names of given certificate.

Errors/Exceptions

Throws an Exception if an error occured getting the Subject Alternative Names.

ACMECert::getTermsURL

Get URL to Terms Of Service for the selected CA.

Return Values

Returns a string containing a URL to the Terms Of Service for the selected CA.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured getting the Terms Of Service.

ACMECert::setLogger

Turn on/off logging to stderr using error_log or provide a custom callback function.

Parameters

value

  • If TRUE, logging to stderr using error_log is enabled. (default)
  • If FALSE, logging is disabled.
  • If a callback function is provided, the function gets called with the log message as first argument:

see Logging

Return Values

No value is returned.

Errors/Exceptions

Throws an Exception if the value provided is not boolean or a callable function.

ACMECert::getARI

Get ACME Renewal Information (ARI) for a given certificate.

Parameters

pem

can be one of the following:

  • a string beginning with file:// containing the filename to read a PEM encoded certificate or certificate-chain from.
  • a string containing the content of a certificate or certificate-chain, PEM encoded, may start with -----BEGIN CERTIFICATE-----

ari_cert_id

If this parameter is present, it will be set to the ARI CertID of the given certificate.

See the documentation of getCertificateChain where the ARI CertID can be used to replace an existing certificate.

Example: Get/Use ACME Renewal Information

Return Values

Returns an Array with the following keys:

suggestedWindow (array)

An Array with two keys, start and end, whose values are unix timestamps, which bound the window of time in which the CA recommends renewing the certificate.

explanationURL (string, optional)

A URL pointing to a page which may explain why the suggested renewal window is what it is. For example, it may be a page explaining the CA's dynamic load-balancing strategy, or a page documenting which certificates are affected by a mass revocation event.

Errors/Exceptions

Throws an ACME_Exception if the server responded with an error message or an Exception if an other error occured getting the ACME Renewal Information.

MIT License

Copyright (c) 2018 Stefan Körfgen

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

All versions of acmecert with dependencies

PHP Build Version
Package Version
Requires php Version >=5.6.0
ext-openssl Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package skoerfgen/acmecert contains the following files

Loading the files please wait ....