Comments (5)
Hello!
That looks like an interesting idea, I'll experiment stuff. I get back at you when I have a clear opinion on this :).
Thanks for the feedback!
from acmephp.
Hello @c33s,
I read the link and I think the best way to achieve what you want is to use boulder, the self-hosted Let's Encrypt server. AcmePHP is able to access any server speaking the ACME protocol, so you will be able to request certificates using it.
In my opinion, AcmePHP testing CA (https://github.com/acmephp/testing-ca) is what you need: it's a standalone docker image to run your own version of Let's Encrypt easily. There are two possible ways to use it:
- As a temporary testing tool, as we do in the AcmePHP test suite: when you want to issue false certificates, you start a container, issue the certificate and stop it right after. The issued certificate will be the exact same as the Let's Encrypt one except for the fact that it will be self-signed.
- As a real private certificate authority, in which case you could add to all the machines you have the root certificate of your AcmePHP CA instance so you could easily create private, trusted certificates without troubles.
Don't hesitate to ask me if you have questions about this :) .
from acmephp.
first of all thank you for this awesome project!
comming from php/symfony i love having such a cool php implementation of the letsencrypt client.
back to topic: when i think about having to setup all this stuff i feel its really overkill for me. having a vagrant box which uses virtualbox and which is spinning up one machine (in my case a simple php hosting machine) where i also wrote the puppet code to create web user accounts.
there is some piece of puppetcode which execs acmephp
and verifies that the everything works but if the letsencrypt server isn't able to answer, which he isn't because i am behind a company firewall where i can't do a nat to my local machine for this domain (which also would require that i have access to the domain management to point the domain to the ip of my company but the domain points to the customers ip)
solutions:
1.) setup the acmephp test suite inside my hosting machine
2.) add some hooks to vagrant to also spin up a docker machine
3.) setup a multibox vagrant file to spin up a 2nd vagrant machine to play acmephptest
4.) add a --create-local-cert-with-openssl
flag to acmephp
ad 1) this would add a lot of conflicting stuff in the machine and also require to create a switch in the puppetcode to detect if its inside vagrant or not. but i want to test the puppetcode and not add the switch inside there.
ad 2) possible but here i also have to add different configs to correctly map the domain name of letsencrypt to the private lan ip for my ca server. also i see a lot of work to get vagrant and docker cleanly work together (on a windows machine. its often not that easy to get docker up and running)
ad 3) also possible but compareable with 2). and a multibox vagrant setup which also requires stronger development machines with more ram... slower development because of the overhead of the 2nd machine... (also fits into 2)
ad 4) for me personally encapsulating it in the acmephp client would be awesome. setting environment variables or calling it with the console flag is no external overehead and if acmephp calls the command line openssl
or uses the internal lib to create a self signed certificate, this would a real helpful.
what do you think about it?
from acmephp.
I'm sorry I did not answer you, please don't hesitate to ping me if you need more help.
from acmephp.
If you're talking about the root certificate, it's used in the test https://github.com/acmephp/acmephp/blob/master/tests/run.sh#L8-L25
from acmephp.
Related Issues (20)
- Error During Renewal HOT 2
- website updates? HOT 1
- getResponseBodySummary(): Return value must be of type string, null returned HOT 1
- "OpenSSL signature could not be verified" on Centos 9 (and other updated SSL stacks)
- Format output for commands
- Feature Request: Customizable truncation char limit for RequestException Errors. HOT 2
- Is this project still maintained? HOT 2
- Short / Alternate chain in acme-php ? HOT 1
- Proposal for v3 HOT 10
- Single certificate renewal failure with run command
- Domain name character capitalisation leads to ChallengeNotSupportedException
- Retry on 503s with RetryAfter? HOT 1
- Upgrade PHP to V8 HOT 4
- Maintenance HOT 6
- Proposal: remove @author tags HOT 8
- Proposal: Make classes final & readonly
- Issue with using Symfony Serializer HOT 11
- Subtree does not work anymore? HOT 5
- Improve call examples HOT 4
- Wildcard Domain Authorization using DNS Solver not supported anymore?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acmephp.