daanra / laravel-lets-encrypt Goto Github PK

The jobs should have their number of tries and retry after behavior configurable.

Got this error when i install on Lrael 8

Your requirements could not be resolved to an installable set of packages.

Problem 1
- acmephp/core[dev-master, 1.3.0] require guzzlehttp/psr7 ^1.0 -> found guzzlehttp/psr7[1.0.0, ..., 1.x-dev] but the package is fixed to 2.1.0 (lock file version) by a partial update and that version does not match. Make sure yo
u list it as an argument for the update command.
- acmephp/core 1.2.0 requires guzzlehttp/guzzle ^6.0 -> found guzzlehttp/guzzle[6.0.0, ..., 6.5.x-dev] but it conflicts with your root composer.json require (^7.0.1).
- daanra/laravel-lets-encrypt v0.2.4 requires acmephp/core ^1.2|dev-master -> satisfiable by acmephp/core[dev-master, 1.2.0, 1.3.0].
- Root composer.json requires daanra/laravel-lets-encrypt ^0.2.4 -> satisfiable by daanra/laravel-lets-encrypt[v0.2.4].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

Installation failed, reverting ./composer.json and ./composer.lock to their original content.

Regards Ben

Getting an issue installing in on a fresh laravel 8.65 installation (installing all dependencies) - is it compatible?

I cannot get the certificate.
[2022-01-13 08:42:32] local.ERROR: An error occured during request "GET https://acme-v02.api.letsencrypt.org/directory" {"exception":"[object] (AcmePhp\Core\Exception\AcmeCoreClientException(code: 0): An error occured during request "GET https://acme-v02.api.letsencrypt.org/directory\" at /var/www/vhosts/ddns7.de/httpdocs/vendor/acmephp/core/Http/SecureHttpClient.php:446)

Same is if i call artisan command:

php artisan lets-encrypt:create -d mydomain.de

Failed to generate a certificate for mydomain.de
An error occured during request "GET https://acme-v02.api.letsencrypt.org/directory"

Any Solution for that?

Kindly add support for laravel 9 & php 8

Your requirements could not be resolved to an installable set of packages.

Problem 1
- acmephp/core[dev-master, 1.3.0] require guzzlehttp/psr7 ^1.0 -> found guzzlehttp/psr7[1.0.0, ..., 1.x-dev] but the package is fixed to 2.2.1 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
- acmephp/core 1.2.0 requires guzzlehttp/guzzle ^6.0 -> found guzzlehttp/guzzle[6.0.0, ..., 6.5.x-dev] but it conflicts with your root composer.json require (^7.0.1).
- daanra/laravel-lets-encrypt v0.2.4 requires acmephp/core ^1.2|dev-master -> satisfiable by acmephp/core[dev-master, 1.2.0, 1.3.0].
- Root composer.json requires daanra/laravel-lets-encrypt ^0.2.4 -> satisfiable by daanra/laravel-lets-encrypt[v0.2.4].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
You can also try re-running composer require with an explicit version constraint, e.g. "composer require daanra/laravel-lets-encrypt:*" to figure out if any version is installable, or "composer require daanra/laravel-lets-encrypt:^2.1" if you know which you need.

Hi,
I am getting the below issue while renewing the certificate, kindly suggest the solution

Argument 2 passed to AcmePhp\Core\AcmeClient::registerAccount() must be an instance of AcmePhp\Core\Protocol\ExternalAccount or null, string given, called in /var/www/html/typof/vendor/daanra/laravel-lets-encrypt/src/Jobs/RegisterAccount.php on line 27

Each job should dispatch an event when it fails so that developers may easily add custom behavior in case of failure.

I do all the operations as you describe. I see that it is saved in the key files. But ssl does not work. I don't understand, do I need to make a setting on the apache side?
By the way, I could not access the following classes in the library.
new CreateNewApacheVirtualHost('mydomain.com'),
new ReloadApache(),
new NotifyUserOfNewCertificate(request()->user()),

I see there is support for Subject Alternative Names, but it’s not clear how it should work.

To create a mutidomain certificate, authorization of all alternate domain names is required or there will be an [orderNotReady error].(acmephp/acmephp#181)

https://github.com/acmephp/documentation/blob/bad08d8735ab11c9d9ed0950214d94956437b9d5/guides/multidomain-certificates.md?plain=1#L22-L24C84

How is this supposed to work?

Create certificates for alternate domains

If, before obtaining a multi-domain certificate, you obtain certificates for all alternative domains, in addition to creating unnecessary files, this leads to the creation of unnecessary entries in the database that are involved in updating certificates.

Use the RequestAuthorization class

This can be done using the RequestAuthorization class, but you need to pass an existing certificate model, just to get the name domain

Why store obvious certificate information in a database?

Are there any important reasons for storing certificate data other than obtaining the domain name and renewal date? You can, for example, use the functionality of the package https://github.com/spatie/ssl-certificate

Why use the LetsEncrypt::checkDomainDoesNotExist($domain) record existence check?

For example, when adding a new alternative name to the main domain, it is necessary to re-create a multi-domain certificate, but the check does not allow this to be done.
It would be possible to omit the checkDomainDoesNotExist check and change the LetsEncryptCertificate::create method to LetsEncryptCertificate::updateOrCreate.

When generating SSL, an error is displayed that it is impossible to confirm and the link is in this https://demo.ru/.well-known/acme-challenge/mfWca8xsOPwcgHHTsPwit0xE0zvvXNoZLOx-JMTJsrs

But if you try
https://demo.ru/public/storage/.well-known/acme-challenge/mfWca8xsOPwcgHHTsPwit0xE0zvvXNoZLOx-JMTJsrs

Then everything turns out perfectly. How to fix it?

I know it's early, but this no longer works with Laravel 11. Is there a plan to make it compatible?

I was wondering if it is possible o use this package to create SSL certificates for internally used domains that are not accessible from outside of our network. The domain is set using our own local DNS Server.

Right now when I try to create a certificate it returns the following:

Challenge failed (response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"91.184.0.100: Invalid response from http://labelsolutions..........nl/.well-known/acme-challenge/w9Js1qFOMkH9LH2Bp6jTJBZFNq79KM0ehuHuJ92MSd0: 404","status":403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/174525676347/Y0Wtbw","token":"w9Js1qFOMkH9LH2Bp6jTJBZFNq79KM0ehuHuJ92MSd0","validationRecord":[{"url":"http://labelsolutions............nl/.well-known/acme-challenge/w9Js1qFOMkH9LH2Bp6jTJBZFNq79KM0ehuHuJ92MSd0","hostname":"labelsolutions..........nl","port":"80","addressesResolved":["91.184.0.100"],"addressUsed":"91.184.0.100"}],"validated":"2022-11-10T09:56:36Z"}).

I replaced the original domain name for dots, but the url for us internally is working.

I am struggling to find a solution for a scope problem in the Laravel when you execute the command from the callback. From the Laravel command, I am trying to execute the job in a different context (multi-tenant platform, changing database and other settings). However, no matter what I tried, I all the time getting the error from the package. Reading through PHP manuals, StackOverflow and other articles, I tried bunch of different things such as:

• callable (https://www.php.net/manual/en/language.types.callable.php, How to call the callable function in PHP?)
• passing $this (Is there a workaround for $this within a closure in PHP 5.3?)
• passing $this by reference etc.
  However, none of these approaches worked in this case. What do you think that's causing this problem?

I must emphasize that I do not have a problem with scope in general - I have numerous commands which are executed in a dynamic context and everything runs without any problem. This error occurs only when I try to use this package in a callback

Expected result: Running job in correct Laravel context (changed by setup method in Instance model).

Actual result:

Using $this when not in object context
at app/Models/Instance.php:80

Let me show you the problem:

Command:

class RenewExpiringCertificates extends Command {
  public function handle(): int {
      LetsEncryptCertificate::query()
          ->requiresRenewal()
          ->chunk(100, function (LetsEncryptCertificateCollection $certificates) {
              $certificates->renewNow();  // PROBLEMATIC CALL
          });

      return 0;
  }
  
  protected function execute(InputInterface $input, OutputInterface $output) {
      $method = method_exists($this, 'handle') ? 'handle' : '__invoke';

      $count = 0;
      Instance::inAllActiveSpaces(function () use ($method, &$count) {
          $count += $this->laravel->call([$this, $method]); // CALL TO HANDLE METHOD
      });

      return $count;
  }
}

Instance:

class Instance extends Model {
    protected $connection = 'mysql-master';

    public function setup() {
        Config::set('database.connections.mysql.database', $this->database);
        DB::reconnect('mysql');
        // ...
    }

    public static function inAllActiveSpaces($callback) {
        Instance::active()->each(function ($instance) use ($callback) {
            $instance->setup();
            $callback($instance);  // BREAKING POINT
        });
    }
}

From my research and looking into the source code, this looks to raise a problem:

// Daanra\LaravelLetsEncrypt\Models\LetsEncryptCertificate
public function renewNow(): self
{
    return LetsEncrypt::renewNow($this);
}

After installing the library, it gives this error on local! not tested on staging yet.
AcmePhp\Ssl\Exception\KeyPairGenerationException
Fail to generate a KeyPair with the given options

\vendor\acmephp\ssl\Generator\KeyPairGenerator.php:68

Hi there,
Thank you for creating this laravel flavor of ACME-PHP. It's really helpful!

However, I need to use a different connection for this package. I think model customization would take off any future requests burden instead of just allowing customization of connection.

Regarding Model customization, I am thinking of something the approach that Spatie uses.

Kindly let me know whether I should send a PR or you can manage it.

Thank you :)

Hi, thank you fro the awesome package.

I have tried to install the package in laravel 5.5 project but not working. so i am wondering in which php version it was tested?

if you wondering what the errors:
PHP Error: Call to undefined method Daanra/LaravelLetsEncrypt/Jobs/RegisterAccount::dispatchNow()
second error
BadMethodCallException with message 'Method ensureDirectoryExists does not exist.

Hello, first of all thanks for this plugin.
We have some issue, when we try to issue e certrificate we receive a 404.
The /.well-known folder not exists in the file system and is temporary created when we call a create method right?
If i manually create the folder and visit the url i can see the content correctly, there is something that we are missing.

Thanks for help

MM

Can wildcard certificates be issued for domains like *.example.org? Let's Encrypt needs a DNS validation for this. I know this depends on the DNS provider, but it would be nice if the package had methods to get the string for the TXT record.

root@files:/home/fs/public_html# php artisan lets-encrypt:create -d edulife.cmhlmc.com
Generating certificates for 1 domains.
edulife.cmhlmc.com:
Failed to generate a certificate for edulife.cmhlmc.com
Challenge failed (response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"66.45.249.26: Invalid response from http://edulife.cmhlmc.com/.well-known/acme-challenge/qCfxYAtN2NeQPm5WT1EIPTO5DBOX_u9YW3pp8VxChao: 404","status":403},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3123418344/UPLhFg","token":"qCfxYAtN2NeQPm5WT1EIPTO5DBOX_u9YW3pp8VxChao","validationRecord":[{"url":"http://edulife.cmhlmc.com/.well-known/acme-challenge/qCfxYAtN2NeQPm5WT1EIPTO5DBOX_u9YW3pp8VxChao","hostname":"edulife.cmhlmc.com","port":"80","addressesResolved":["66.45.249.26"],"addressUsed":"66.45.249.26"}],"validated":"2022-07-25T10:12:37Z"}).

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

1. The workflow run-tests.yml is referencing action shivammathur/setup-php using references v1. However this reference is missing the commit 7163319 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

Hi,

Thanks for providing this package!

After upgrading to 0.5.1 I encounter the following type error when trying to generating any SSL certificate:

Daanra\LaravelLetsEncrypt\AcmePhp\Ssl\DistinguishedName::__construct(): Argument #8 ($subjectAlternativeNames) must be of type array, null given, called in /home/netweak-prod/htdocs/netweak.com/vendor/daanra/laravel-lets-encrypt/src/Jobs/RequestCertificate.php on line 4

Using
LetsEncrypt::certificate('mydomain.com')->create();

Also tried without success either:
LetsEncrypt::certificate('mydomain.com')->setSubjectAlternativeNames([])->create();

Any idea where it would come from?

Regards,
Lucas

Hello, I tried running the php artisan command but it returns the following error:

I saw the other thread with this error that was resolved by installing OpenSSL. I have got it enabled and php says it is enabled with a path to a openssl.cnf. The thing is that the path doesn't actually exist.

I don't know if that is why the command doesn't work? I am very new with certificates...

Hello,

I don't understand how create jobs after successfully generate certificate.
For example, I would like to create an apache virtualhost and add a row in database.
I found this on website but I don't understand where is this job ?

[$certificate, $pendingDispatch] = \Daanra\LaravelLetsEncrypt\Facades\LetsEncrypt::create('mydomain.com', [
new CreateNewApacheVirtualHost('mydomain.com'),
new ReloadApache(),
new NotifyUserOfNewCertificate(request()->user()),
]);

Where is job CreateNewApacheVirtualHost ? How create this please ?

Hey there, first of all, thanks for the amazing package.

Im trying to use it for creating ssl certs for clients of my saas app.

Basically after users register in the app, they get a custom subdomain, in the form: client1.myapp.com, client2.myapp.com.., etc. And they can use a CNAME to use a custom domain they bring, classic SAAS.

I configured a CNAME record which is reaching the app fine, but in this case when creating a certificate I am failing on the challenge step, not being able to validate the file in .well_known....

My routes file looks like this:

Route::group(['domain' => '{company:slug}.'.config('app.domain')], function () {
	Route::group(['middleware' => 'tenant'], function(){
		Route::get('', [HomeController::class, 'index']);

...
...

I'm using the config file as is, only updating the api_url to use the production one.

Checking in the server, i can't see any file created in public/.well_known.... Should I be able to see the file even if challenge fails? Maybe that's where i'm having the issue so the file is never uploaded...

Thanks in advance for any help!

Please share correct nginx configuration. Default Laravel / nginx / apache install give 404 Not Found error when trying to access https://mydomain.com/.well-known/acme-challenge/any8Token8Typed8Here.

If I'm creating Laravel route with "dot" before "well-know" as it requires lets encrypt:

Route::get('/.well-known/acme-challenge/{token}', function (string $token) { <<<=== it doesn't work

Removing dot makes routes reachable but it is not something what lets encrypt expects:

Route::get('/well-known/acme-challenge/{token}', function (string $token) { <<<=== it works

For some reason /.well-known/acme-challenge/{token} is not served by laravel application, nginx doesn't allow this route. (But for example allows next: "/.well-known/acme-challenge")

Approach no. 2:

If nginx settings are not available, please help to understand how to put / return token from default "/public/.well-known/acme-challenge/....." folder

In documentation I clearly see: "You can customise this behavior by setting a custom PathGenerator class in your config under path_generator', but no further explanation how to create custom PathGenerator class.

The latest updates added a migration to add a new subject_alternative_names field to the certificates table. However, mySQL does not allow default values for JSON fields, so running this migration can not succeed:

BLOB, TEXT, GEOMETRY or JSON column 'subject_alternative_names' can't have a default value

When modifying the migration file to remove the default value declaration, the migration succeeds, but Certificate Requests fail because the code is expecting an empty array in this field:

TypeError: Argument 8 passed to Daanra\LaravelLetsEncrypt\AcmePhp\Ssl\DistinguishedName::__construct() must be of the type array, null given, called in /home/forge/[redacted]/vendor/daanra/laravel-lets-encrypt/src/Jobs/RequestCertificate.php on line 41

Hi, i'm using this package for quite a long time and basically everything is working great. Thanks for this awesome package. Unfortunately, since some time I get an error when renewing the certificates. I'm getting the following error:

A non-ACME 503 HTTP error occured on request "HEAD https://acme-v02.api.letsencrypt.org/acme/new-nonce" (response body: "")

This error only appears within the cronjob. When i try to renew a certificate manually, it's working fine:

$cert = \App\Models\LetsEncryptCertificate::find(1); $cert->renew();

I'm using Debian 10 with apache. This is my complete error log:

production.ERROR: A non-ACME 503 HTTP error occured on request "HEAD https://acme-v02.api.letsencrypt.org/acme/new-nonce" (response body: "") {"exception":"[object] (Daanra\\LaravelLetsEncrypt\\AcmePhp\\Core\\Exception\\AcmeCoreServerException(code: 503): A non-ACME 503 HTTP error occured on request \"HEAD https://acme-v02.api.letsencrypt.org/acme/new-nonce\" (response body: \"\") at /var/www/backend/vendor/daanra/laravel-lets-encrypt/src/AcmePhp/Core/Http/ServerErrorHandler.php:140)

Hi,

I'm wondering if this package supports sending SubjectAlternativeNames to LetsEncrypt / AcmePHP?

I can see that AcmePHP itself does have support for them, but I couldn't see any obvious references in this package.

EDIT: Our use case is for a multi-tenant Laravel application. we want one vhost per tenant rather than one per domain, so it makes sense to have a single SSL cert with all their active domains contained inside.