acmephp / acmephp Goto Github PK
View Code? Open in Web Editor NEWLet's Encrypt or ZeroSSL ACME Command Line client written in PHP
Home Page: https://acmephp.github.io
License: MIT License
Let's Encrypt or ZeroSSL ACME Command Line client written in PHP
Home Page: https://acmephp.github.io
License: MIT License
Hello,
File combined.pem contains a private key, yet it is stored in the /certs/ subdirectory. This can be dangerous - someone may publish it in error.
It should be moved to the /private/ subdirectory.
Note: this may break backwards compatiblity so probably it should be created in the /certs/ subdirectory only if it existed there previously.
See:
acmephp/src/Cli/Command/RequestCommand.php
Line 210 in 09437a7
acmephp/src/Cli/Repository/Repository.php
Line 275 in b727bd3
Acmephp breaks after new letsencrypt v2 changes for all v2 requests.
According to - https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
As of Tuesday, June 19th the Staging ACMEv 2 endpoint returns Order objects with "status":"ready" when all of the order’s authorizations have "status" equal to "valid". As of Thursday, July 5th this change is also in effect for the production ACME v2 endpoint
Please ensure your ACME v2 client does not error in the presence of this new order status value, or depend on order objects remaining in the “pending” status when all of the authorizations are status “valid”.
If someone would request certificate, this is the error they would get (because of this condition)-
In AcmeClient.php line 245:
PHP Fatal error: Uncaught AcmePhp\Core\Exception\Protocol\CertificateRequestFailedException: Certificate request failed (response: The order h
as not been validated)
I tested and fixed it by modifying
if ('pending' === $response['status']) {
to
if ('ready' === $response['status']||'pending' === $response['status']) {
because the response is no longer 'pending' but has now become 'ready'. So due to the old if
condition it was unable to go in and execute the finalize request.
After the above modification it works for my use case(I don't know if it would work for all use cases).
Hence I request you to make these changes ASAP wherever required. Or give me a direction, (as I am fairly new to letsencrypt) if other changes will have to be made apart from the one I did. I would love to contribute and send a PR.
Hiya,
I was planning on using the core class of acmephp for implementing Let's encrypt certificate handling seeing as it has lots of possibilities.
Now i noticed that it was version 1.0.0-beta4 using composer (https://packagist.org/packages/acmephp/core) while acmephp/acmephp includes version 1.0.0-beta5.
Once implemented i'll have to deploy it to different servers so it would be nice to just require the necessary core libraries with composer without needing the rest of the project.
Any chance you could bring this up-to-date? :-)
Thanks in advance!
Kind regards,
Yannick
I have the following code in .acmephp/acmephp.conf
monitoring:
slack:
token: xxxxxxxxxx
channel: #general
#username: Acme PHP
#level: info # By default, on every CRON for slack handler
When executing the monitoring Test i get:
root:~# php -f acmephp.phar monitoring-test
Loading monitoring configuration...
[AcmePhp\Cli\Exception\AcmeCliException]
The Slack channel (key "channel") is required in the slack monitoring alert handler.
monitoring-test [<level>]
I'm using Version: Acme PHP - Let's Encrypt client 1.0.0-dev
Introduce a Sentry monitoring handler provides several advantages:
Hi,
I have site secured by the CloudFlare DNS and it provides its own ssl certificate that handles communication from client to DNS/CloudFlare. But communication from CF to server is not encrypted so CF offers free SSL certificate(or you can upload your own) for this purpose. I have opted for the free one(since it can be valid for 15 years it you like = no hassle with updating LE). I am trying to put it into my system that handles proxying and other stuff and the CertificateParser class will fail to parse the certificate because of missing issuer[CN] value.
So I am wondering who got this wrong - the parser or the issuer?
It would be awesome idea, to allow us to store auth files that need to be created on FTP to file. Currently I haven't found command for it. So I can create all files, upload them via FTP and then run acmephp.phar check on domains.
Thanks in advance
At https://acmephp.github.io/documentation/cli/get-certificate.html it says "This command will do four main things" even tho listed are only 3 things.
https://github.com/acmephp/core was last updated in 2016.
While code in https://github.com/acmephp/acmephp/tree/master/src/Core was updated 4 days ago :/
Shouldn't acmephp/core
reflect latest changes in master 🤔
Also if possible, do tag it it so anyone can require it from composer.
I've gone through all the steps and seems to have worked fine, except I'm missing the private.pem file. Confirmation message says:
This certificate is valid from now to 2017-06-27T12:17:00+0000.
5 files were created in the Acme PHP storage directory:
* /root/.acmephp/master/private/redacted.co.uk/private.pem contains your domain private key (required in many cases).
* /root/.acmephp/master/certs/redacted.co.uk/cert.pem contains only your certificate, without the issuer certificate.
It may be useful in certains cases but you will probably not need it (use fullchain.pem instead).
* /root/.acmephp/master/certs/redacted.co.uk/chain.pem contains the issuer certificate chain (its certificate, the
certificate of its issuer, the certificate of the issuer of its issuer, etc.). Your certificate is
not present in this file.
* /root/.acmephp/master/certs/redacted.co.uk/fullchain.pem contains your certificate AND the issuer certificate chain.
You most likely will use this file in your webserver.
* /root/.acmephp/master/certs/redacted.co.uk/combined.pem contains the fullchain AND your domain private key (some
webservers expect this format such as haproxy).
ls -l
says:
-rw------- 1 root root 2147 Mar 29 13:17 cert.pem
-rw------- 1 root root 1647 Mar 29 13:17 chain.pem
-rw------- 1 root root 7066 Mar 29 13:17 combined.pem
-rw------- 1 root root 3794 Mar 29 13:17 fullchain.pem
Use the AcmePHP Core library I would like to have access to the authorization expiration date.
To do this I would expect that AcmeClient::requestAuthorization()
and AcmeClient::challengeAuthorization()
would return authorization objects, not just the challenges. I realize that this would be a BC-breaking change for the library, although not necessarily for the CLI client.
Additionally, my reading of the current ACME spec (Draft 9, section 7.5.1) is that the polling should be done on the authorization URL, not the challenge URL as AcmeClient::challengeAuthorization()
is currently implemented. Passing the authorization object to that method would make this possible.
getting this while trying to do initial register
[InvalidArgumentException]
Resource type ""key-change"" is not supported by the ACME server (supported
: "new-reg", "recover-reg", "new-authz", "new-cert", "revoke-cert", "reg",
"authz", "challenge", "cert")
Hi,
the method \AcmePhp\Core\AcmeClient::requestAuthorization transforms the response into an array of AuthorizationChallenge objects. There are only tree types of challenges now and if I want to get the information for the sepcific challenge I want to use I have to filter this array. I think that is an unnecessary step and the challenges should be keyed by the type of challenge they represent.
So instead of this:
$authorizationChallenges = [];
foreach ($response['challenges'] as $challenge) {
$authorizationChallenges[] = new AuthorizationChallenge(
$domain,
$challenge['type'],
$challenge['uri'],
$challenge['token'],
$challenge['token'].'.'.$encodedHeader
);
}
return $authorizationChallenges;
it should be like this:
$authorizationChallenges = [];
foreach ($response['challenges'] as $challenge) {
$authorizationChallenges[$challenge['type']] = new AuthorizationChallenge(
$domain,
$challenge['type'],
$challenge['uri'],
$challenge['token'],
$challenge['token'].'.'.$encodedHeader
);
}
return $authorizationChallenges;
Hi,
I am trying to generate a certificate(currently by DNS challenge) and I can get challenge(s) but so far I have tried to provide the token, the payload, the second part of the payload(which is the hashed header) and in all cases the validation has failed.
I have checked the docs in here https://letsencrypt.github.io/acme-spec/#rfc.section.7.4 and it sounds to me like after I get the challenge I have to request the token which will be the returned value or something like that.
What is the value that has to be returned and where do I get it? The LE is effing frustrating to work with.
PS: I have AcmePHP core only.
PS2: http challenge works right away.
Hi,
I am implementing the core into my app so that I can use LE and all is fine but one thing: if I use the staging directory it will always result in invalid argument exception stating: Resource type ""key-change"" is not supported by the ACME server (supported: "new-reg", "recover-reg", "new-authz", "new-cert", "revoke-cert", "reg", "authz", "challenge", "cert")
. Funny thing is, the 'key-change' is not mentioned once in the code so I cannot figure out where this is coming from. If I switch to production no issues whatsoever.
I don't need to use staging that much but I'm just interested to know the reason for this.
I am unable to renew the certificates on my 2 domains. One has already expired, the other is about to. I updated to the beta-2 and reran the commands with no luck. The cert files and such are also not being updated. Any idea what I could be doing wrong here?
When authorizing (or doing any command) with a domain where we already created a certificate, the following message is printed to the command line on every command, for example:
Command: php acmephp.phar authorize -s http brucht.me
Output:
~~
Loading account key pair...
Requesting an authorization token for domain brucht.me ...
[InvalidArgumentException]
Resource type ""key-change"" is not supported by the ACME server (supported: "new-reg", "recover-reg", "new-authz", "new-cert", "revoke-cert", "reg", "authz", "challenge", "cert")
authorize [-s|--solver SOLVER] [--]
~~
I already tried to debug the current release, but I can't seem to find out where a request with the resource type key-change is actually fired and why it's fired.
I have exactly 10 days left before around 100 client certificates are going to expire, so any help with debugging this would be greatly appreciated.
Hi,
I'm currently trying to use acmephp in some self-written software.
AcmeClient->finalizeOrder unfortunatly only accepts CSRs in the form of CertificateRequest-objects, not directly as a CSR, because the requestCertificate-Method then calls signCertificateRequest to generate a CSR.
I'd like to provide a custom CSR as a string. Any ideas on how to nicely implement this?
One method I could imagine would be to have a string-variable in CertificateRequest that you could populate with a custom CSR, another would be a second method that accepts CSRs directly.
Any suggestions on how to implement this? Would you accept a pull request implementing this functionality?
so long,
Tobi
workaround for
Obtain fake certificate in "staging/developer" mode without authorization
https://community.letsencrypt.org/t/obtain-fake-certificate-in-staging-mode-without-authorization/17629
in development environment in a [vagrant][1] box deployed with [puppet][2]/[chef][3] , it is sometimes not (easily) possible to have inbound traffic from the letsencypt server.
so it would be awesome to have an for example environment variable which is read by acmephp and which leads to acmephp only create a self signed cert so the [puppet][2]/[chef][3] code can be coded and tested as if the letsencrypt server generates the cert.
To further automate the certificate creation process it woud be helpfull to have the DNS challenge supported with plugins for a range of DNS Providers ( to direct create the TXT DNS entries ).
php acmephp.phar authorize --solver dns yourdomain.org --dns-provider dns-plugin
php acmephp.phar setup --dns-provider dns-plugin to setup creditentials, server endpoints ..
where dns-plugin could be any DNS server with an API
kasserver see http://kasapi.kasserver.com/dokumentation/phpdoc/packages/API%20Funktionen.html
ispconfig see https://www.howtoforge.com/how-to-create-remote-api-scripts-for-ispconfig-3
I am willing to create those plugins but we should agree how to add this plugin support to acmephp
Let's Encrypt has released their staging environment for ACME v2 (including wildcard certificates): https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605
Are there plans to support v2 with this project?
$ php acmephp.phar --version
Acme PHP - Let's Encrypt client version 1.0.0-beta2
$ php acmephp.phar authorize --solver dns art-und-weise.org
Loading account key pair...
Requesting an authorization token for domain art-und-weise.org ...
[InvalidArgumentException]
Resource type ""key-change"" is not supported by the ACME server (supported: "new-reg", "recover-reg", "new-authz", "new-cert", "revoke-cert", "reg", "authz", "challenge", "cert")
Hello,
Is there a way to specify overriding the services.xml file for the Cli client?
Here is my thought process: I like 98% of what the Cli client does such as handling storage and making calls to the LE api, and I was hoping to override the last 2% with some custom service classes rather than building 100% of a custom Cli client alternative myself. I'm hoping to just modify a few small behaviors, but without touching the distribution files so I can continue to update with composer.
It seems like being able to specify a custom services.xml file would open up a lot of capabilities like this, but please let me know if there is a way to achieve a similar result already and I might just be thinking about this wrong?
Thank you
How to solve this?
[Exception]
DateTime::__construct(): It is not safe to rely on the system's timezone se
ttings. You are required to use the date.timezone setting or the date_def
ault_timezone_set() function. In case you used any of those methods and you
are still getting this warning, you most likely misspelled the timezone id
entifier. We selected the timezone 'UTC' for now, but please set date.timez
one to select your timezone.
Hi guys,
we have a problem to renew certificates, because we get an authorization errors.
The real issue is that let's encrypt has changed (in January) the expire date of the authorization challenges from 60days to 30days (according to this: https://community.letsencrypt.org/t/upcoming-api-changes/17947).
Acutally, let's encrypt send us an email 10days before our certificate expire, but if we renew the certificate only 10days before with acmephp we get an error saying that we don't have authorization.
So we need to re-run the whole authorization process and get a new certificate.
You can try to see your active authorization in .acmephp/master/private/yourdomain.com/authorization_challenge.json
.
Try to make a request to the url that you find in the "url" key: if you get a 404, you need to re-run the authorization, otherwise, you can make a renew.
What we can do?
Run the renew each month, when the authorization is still valid.
It's sound strange that let's encrypt (with 100.000.000 certs) can't get an authorization more than 30days, but I think that the problem we got to renew a certificate is this one.
On my ISP Panel i have only one input for the domain without www and with www. Can i request two domains in one certificate (www.example.com, example.com)?
Running bin/acme authorize '*.domain.ext'
gives following error -
In AuthorizeCommand.php line 95:
This ACME server does not expose supported challenge.
In such case, acmephp should set dns
as default resolver(If the domain starts with *)
if user specifies any non-dns solver, then error should be thrown that non-dns solvers are not allowed by acme in wildcard domains.
Hey there,
I've just started using the tool and it's fantastic! Thank you very much. This is going to save me so much time.
I couldn't find any documentation on what commands to run to remove certificates from the tool. E.g. stop them showing up in the output from acmephp status
. For now, I just want to remove the certificates from my status output, but what if I wanted to go further and revoke them instead? Is that possible?
Would be a good way to simplify set-up as the initial account authorization has already been established.
Certbot directory is /etc/letencrypt
.
Not actually sure if this is possible, but it might be interesting for acmephp to be libressl-compatible?
This library is a modern rework of openssl, security-wise best-practice based, reducing the risk of vulnerabilities...
Just suggesting :)
I've got the certificate for an unqualified domain setup then later tried to add a subdomain. I received this error:
Requesting first certificate for domain ********* ...
[AcmePhp\Core\Exception\Server\UnauthorizedServerException]
[unauthorized] The client lacks sufficient authorization: Error creating new cert :: Authorizations for these names not found or expired: ********* (on request "POST https://acme-v01.api.letsencrypt.org/acme/new-cert")
[GuzzleHttp\Exception\ClientException]
Client error: POST https://acme-v01.api.letsencrypt.org/acme/new-cert
resulted in a 403 Forbidden
response:
{
"type": "urn:acme:error:unauthorized",
"detail": "Error creating new cert :: Authorizations for these names not fo (truncated...)
Any tips on how to debug this? Thank you!!
@tgalopin Preface: Sorry again for asking a question as opposed to presenting a code issue here, but you were helpful the last time and I've hit a brick wall today.
So basically I'm using this library as part of another application I'm building, so I'm storing the various object data into mysql.
I think I have all of that working, but I can't seem to figure out something basic about letsencrypt/acme.
For the http-01 challenge, I'm supposed to provision a file at say http://example.com/.well-known/acme-challenge/$token
and it's contents should be... what exactly?
Looking through your test cases (since that's better than documentation sometimes) I see that you are putting the "payload" into the file:
https://github.com/acmephp/acmephp/blob/master/tests/Core/AcmeClientTest.php#L131
So if that's true, then the file should contain something like:
qu6WeClKmrROn0d9_gdbs0hgRtwyXeCScBt031mulKI.hS9kK3SM_bfmYvDYe-JjxWbrQL6eSjBdY4p9XnIZqDQ
and that's it. Is that right?
That doesn't work for me, and I'm not sure if I'm doing something wrong, or it's a complete misunderstanding of Acme/LetsEncrypt. But even if that's what I'm supposed to do, that doesn't match the test case in the LetsEncrypt's certbot
test here:
And it doesn't match the information in the SPEC here:
https://letsencrypt.github.io/acme-spec/#rfc.section.7.1
So what am I missing exactly? Sorry to trouble you with a question, but I've tried to figure this out for way too long and I feel like you might be able to help me. Thanks so much in advance if you can shed some light on this for me.
$ php acmephp.phar --version
Acme PHP - Let's Encrypt client version 1.0.0-beta2
$ php acmephp.phar self-update
Updating...
Error: file_get_contents(): Peer certificate CN=`*.s3.amazonaws.com' did not match expected CN=`github.com'
You can also select update stability using --dev, --pre (alpha/beta/rc) or --stable.
Can you add option to store / retrieve the conf and key pairs from a different location than the default ~/.acme/
?
I tried renewing a certificate that was issued last year (it's about to expire).
/usr/bin/php /home/simon/acmephp.phar request --force strategy.sjsu.edu
Loading account key pair...
Forced renewal.
Loading domain key pair...
Loading domain distinguished name...
Renewing certificate for domain strategy.sjsu.edu ...
[AcmePhp\Core\Exception\Server\UnauthorizedServerException]
[unauthorized] The client lacks sufficient authorization: Error creating new cert :: authorizations for these names not found o
r expired: strategy.sjsu.edu (on request "POST https://acme-v01.api.letsencrypt.org/acme/new-cert")
[GuzzleHttp\Exception\ClientException]
Client error: POST https://acme-v01.api.letsencrypt.org/acme/new-cert
resulted in a 403 Forbidden
response:
{
"type": "urn:acme:error:unauthorized",
"detail": "Error creating new cert :: authorizations for these names not fo (truncated...)
SO, I tried generating a new certificate, which worked. I created the new challenge file in .well-known/acme-challenge and then trued to run check:
/usr/bin/php /home/simon/acmephp.phar check -s http strategy.sjsu.edu
Loading account key pair...
Loading the authorization token for domain strategy.sjsu.edu ...
Testing the challenge...
[GuzzleHttp\Exception\RequestException]
Error creating resource: [message] fopen(http://strategy.sjsu.edu/.well-known/acme-challenge/GQQcNE7jrP4IfDcS_NDsZbBkU7GwVGy9O-
LJXMK47L0): failed to open stream: Connection timed out
[file] phar:///home/simon/acmephp.phar/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
[line] 312
[RuntimeException]
Error creating resource: [message] fopen(http://strategy.sjsu.edu/.well-known/acme-challenge/GQQcNE7jrP4IfDcS_NDsZbBkU7GwVGy9O-
LJXMK47L0): failed to open stream: Connection timed out
[file] phar:///home/simon/acmephp.phar/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
[line] 312
So now I'm stuck - any help would be greatly appreciated.
Hi there,
Rather than using the phar, I am running the bin/acme file - but as-is it fails unless I tell it to look one directory higher for the composer autoload file like this:
$autoload = [
__DIR__.'/../../../autoload.php',
because after a composer install, the folder structure will be: vendor/acmephp/acmephp/bin , making bin need to look 3 folders up to be in vendor to then find autoload.php.
Unless maybe I am doing something wrong?
Great work so far, thank you.
Everything looks fine in the CLI output...
$ php acmephp.phar --version
Acme PHP - Let's Encrypt client version 1.0.0-beta2
$ php acmephp.phar -n -v request art-und-weise.org -a www.art-und-weise.org
Loading account key pair...
Current certificate will expire in less than a week (2016-12-25 14:07:00), renewal is required.
Loading domain key pair...
Loading domain distinguished name...
Renewing certificate for domain art-und-weise.org ...
... however, the certs remain untouched:
$ ll .acmephp/master/certs/art-und-weise.org/
total 28
drwxr-s---+ 2 vm-admin www 76 26. Sep 15:40 .
drwxr-s---+ 4 vm-admin www 60 24. Okt 17:19 ..
-rw-------+ 1 vm-admin www 2179 26. Sep 17:07 cert.pem
-rw-------+ 1 vm-admin www 1647 26. Sep 17:07 chain.pem
-rw-------+ 1 vm-admin www 7098 26. Sep 17:07 combined.pem
-rw-------+ 1 vm-admin www 3826 26. Sep 17:07 fullchain.pem
... whereas distinguished_name.json
is loaded:
$ ll .acmephp/master/private/art-und-weise.org/
total 28
drwxr-s---+ 2 vm-admin www 106 26. Sep 15:40 .
drwxr-s---+ 8 vm-admin www 4096 24. Okt 17:10 ..
-rw-------+ 1 vm-admin www 414 26. Sep 12:39 authorization_challenge.json
-rw-------+ 1 vm-admin www 286 20. Dez 16:59 distinguished_name.json
-rw-------+ 1 vm-admin www 3272 26. Sep 15:39 private.pem
-rw-------+ 1 vm-admin www 800 26. Sep 15:39 public.pem
My environment:
$ php --version
PHP 5.5.38-pl0-gentoo (cli) (built: Dec 5 2016 13:22:50)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
When testing with beta-3, I received:
Loading account key pair...
Current certificate will expire in less than a week (2016-12-25 14:07:00), renewal is required.
Loading domain key pair...
Loading domain distinguished name...
Renewing certificate for domain art-und-weise.org ...
[AcmePhp\Core\Exception\Server\UnauthorizedServerException (403)]
[unauthorized] The client lacks sufficient authorization: Error creating new cert :: Authorizations for these names not found or expired: art-und-weise.org, www.art-und-weise.org (on request "POST https://acme-v01.api.
letsencrypt.org/acme/new-cert")
What can be done to avoid an unpleasant christmas surprise? Thanks for your support.
Hello,
The ./LICENSE
file is outdated - its header should probably be:
Copyright (c) 2016-2018 Titouan Galopin
Copyright (c) 2016-2018 Jérémy Derussé
The convention is to include only significant contributors in the copyright header.
Hello.
The last release is 1 year old. And I have some issue with it. I would like to try a new version but there are release. Could you release it please ?
Thanks.
Hi, i'm Using beta4 and have the Same Issue for the second time:
[AcmePhp\Core\Exception\Server\UnauthorizedServerException]
[unauthorized] The client lacks sufficient authorization: Error creating new cert :: authorizations
for these names not found or expired: mydomain.de, www.mydomain.de
(on request "POST https://acme-v01.api.letsencrypt.org/acme/new-cert")
[GuzzleHttp\Exception\ClientException]
Client error: `POST https://acme-v01.api.letsencrypt.org/acme/new-cert` resulted in a `403 Forbidden` response:
{
"type": "urn:acme:error:unauthorized",
"detail": "Error creating new cert :: authorizations for these names not fo (truncated...)
The domains will expire in 1week. I'm using the following Syntax in the daily cron:
php /root/acmephp.phar request mydomain.de -a www.mydomain.de -q
I'm Missing something? It doesn't make fun to authorize > 20domains every 3month,...
Hi there,
Wonderful tool, thanks for making it.
I'm wondering whether there's a way to change the path where files are stored, or else how to configure the post_generate in order to move or copy the generated files or directory to another location.
Eg right now the location is:
/root/.acmephp/master/certs/domain.org/cert.pem
And I want to have a copy at:
/foo/bar/ssl/domain.org/cert.pem
For various reasons I can't just rely on a symlink, I need the file to be in that location.
Enhancement request...
In addition to SMTP, allow th monitoring emails to be sent using sendmail or PHP's mail().
Hi @tgalopin,
You mentioned in #3 that if I had any other questions, feel free to ask, so I'm cashing in on that offer. ;)
So I have just a few.
mydomain.com
and the SAN had www.mydomain.com
a single, successful dns-01 challenge that had the appropriate TXT record would be sufficient to cover both, and we could then get a certificate?mydomain.com
, and another for www.mydomain.com
, (even though they point to the same IP in 99% of cases) so we're trying to streamline that process if possible. And my thought was that implementing the dns-01 challenge might solve that. I'm not sure.Thanks again for the awesome library
When calling
acmephp monitoring-test
I can see this output
Loading monitoring configuration...
Triggering monitoring on "error" level...
Triggered successfully
You should have been alerted
but no email is sent.
My acmephp.conf (monitoring part) is the following:
###################################################################
# Monitoring
#
# This section let you configure a simple monitoring mechanism that
# will warn you if an error occurs during a CRON job.
#
#monitoring: ~ # Monitoring is disabled by default
# You can enabled it by configuring at least one alert handler.
# You can change the default handler level to decide when to be alerted
# (only when an error occurs or every time the CRON is started).
monitoring:
email:
to: [email protected]
host: smtp.xxxxxxx.xxxx
port: 587
username: userxxxx
password: passxxxx
subject: Error during Acme PHP CRON renewal
encryption: TLS
level: info
#
# slack:
# token: your_token
# channel: general # Channel name without hashtag
# # username: Acme PHP
# # level: info # By default, on every CRON for slack handler
How can i test email error/info monitoring?
With the 'info' level setting, commands like theese
acmephp check -s http domain.xxxxx
acmephp request domain.xxxxx
acmephp request --force domain.xxxxx
should generate email report?
Thanks for your support.
I'm trying to use this software on Windows Server (unfortunately) and when running the following command I get an exception I can't figure out.
php acmephp.phar register [email protected]
Which throws out the following output.
No account key pair was found, generating one...
[AcmePhp\Ssl\Exception\KeyPairGenerationException]
OpenSSL key creation failed during generation with error: error:02001003:sy
stem library:fopen:No such process
register [--agreement AGREEMENT] [--] [<email>]
ECDSA certificate signing is a completed feature of Let's Encrypt as of February, and ECDSA intermediates are expected by April 2017. Do you plan on making ECDSA certificate signing an option in the beta release?
In acmephp/src/Ssl/Signer/CertificateRequestSigner.php the CSR payload returned via getCSRPayload currently doesn't contain the common name, resulting in the subject of the CSR not having a CN value defined.
Example:
Subject: C=CA, ST=British Columbia, L=Nanaimo, O=NA/[email protected]
Adding the common name to the payload in getCSRPayload will result in:
Subject: C=CA, ST=British Columbia, L=Nanaimo, O=NA, CN=example.com/[email protected]
Hi there,
I noticed ResourceDirectory.php includes a RECOVER_REGISTRATION
resource for /recover-reg
.
You should be able to delete this outright. It doesn't look like this constant is used anywhere outside of the directory. It also isn't present in the latest ACME draft specifications and isn't implemented by Boulder/Let's Encrypt.
Thanks!
Hey,
Not sure if it's actually a bug, but in the {IMO} last-version, the self-update end-up in a var_dump of the available versions, without actually any way to finish the update (choose a version manually?).
Am I missing something?
It is not a main issue, acmephp works fine otherwise, but I was curious :)
$ php acmephp.phar -V
Acme PHP - Let's Encrypt client 1.0.0-dev
$ php acmephp.phar self-update
Updating...
array(9) {
[0]=>
string(10) "dev-master"
[1]=>
string(18) "dev-custom-actions"
[2]=>
string(14) "dev-improve-dx"
[3]=>
string(11) "1.0.0-beta3"
[4]=>
string(11) "1.0.0-beta2"
[5]=>
string(11) "1.0.0-beta1"
[6]=>
string(13) "1.0.0-alpha10"
[7]=>
string(12) "1.0.0-alpha9"
[8]=>
string(12) "1.0.0-alpha8"
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.