Comments (15)
Mostly time to finish some changes I planned. I can release v0.4.0
anyway and will add those features in v0.5.0
which will be based on Amp v2 then.
from acme.
v0.4.0
has been released. 🎉
from acme.
The first one, see https://github.com/kelunik/acme-client/blob/f4cabf755b0615ef1e33a0efbbfdeb2a8081cc33/src/Stores/CertificateStore.php#L46-L77
from acme.
That'd be great!
from acme.
Just because I'm curious: Where are you using the library?
from acme.
We're implementing HTTPS for our customers in a multi-tenant CMS. Our general idea is that some PHP workers are going to create and refresh the certs. Your library is the only one I've found suitable for PHP, although we won't be running stuff in async.
If we're not successful, we'll probably just wrap one of the CLI clients instead, though.
from acme.
Not running stuff in async is totally fine, I just wrote it in async so it can be used, e.g. in Aerys to automatically issue and renew certificates.
You could also just wrap https://github.com/kelunik/acme-client, yes, but then you could also wrap any other CLI client.
from acme.
Are you up for answering some simple questions about the process? I might be misunderstanding how the manual Let's Encrypt process works so it's okay to yell at me if that's the case, but I've dug around as much as I could and can't get further.
The process as I've imagined it:
// Trying the staging url but the production url gives me the same results
$directoryUri = "https://acme-staging.api.letsencrypt.org/directory";
$key = $keyGenerator->generate()
$service = new AcmeService(new AcmeClient($directoryUri, $key))
$challenges = $service->requestChallenges("www.my-domain.com")
(Shouldn't I provide a key here somehow?)$challenges
contains some challenge types with tokens and uris. I pluck out thehttp-01
one.$keyAuth = generateKeyAuthorization($key, $challengeToken)
- I make sure
www.my-domain.com/.well-known/acme-challenge/$challengeToken
returns??????
(Do I receive this JSON blob in step 3?) $answered = $service->answerChallenge($challengeUri, $keyAuth)
$service->pollForChallenge($challengeUri)
until validated/failed- How do I generate a CSR using the service?
$certUri = $service->requestCertificate($csr)
$certChain = $service->pollForCertificate($certUri)
$certChain
should now be a certificate chain. Is this somewhat correct?
Problem is right now that, everytime I try to do a requestChallenges
I get this error:
Invalid response: No registration exists matching provided key.
Request URI: https://acme-staging.api.letsencrypt.org/acme/new-authz.
Thanks a bunch. I understand you can't be expected to give detailed Let's Encrypt support, but any pointers would help.
from acme.
Yes, that's pretty much right.
- The step you forgot is the account registration with the account key (that's the initial key you generated). You can use
AcmeService::register()
for that. - Step 8 can be done with the
CSRGenerator
. - The key you're missing for step 3 has been provided in step 2.
??????
in step 6 is the$keyAuth
generated in step 5.
If you don't want to use async, you can wrap the calls in Amp\wait
, otherwise I'd recommend using a coroutine and yield
to await the promises returned from the methods.
from acme.
Thanks, this helped me a lot!
from acme.
One final thing, which certificate in the chain is "the one" for my requested DNS name? First? Last?
I'm going to import them into AWS ACM, so I need both "the certificate" and "the chain".
from acme.
I'm struggling a bit with OpenSSLCSRGenerator->generate
. The docs say that it returns a promise, but Amp\wait
doesn't seem to work with it: Type error: Argument 1 passed to Amp\wait() must implement interface Amp\Promise, instance of Generator given
So I'm thinking, I should turn this generator into a Promise with Amp\resolve
first. This seems to work, but the result from the generate
method is a bool true
instead of a string CSR.
So I dig into the OpenSSLCSRGenerator
source and find: yield new CoroutineResult(openssl_csr_export($csr, $csr));
.
It seems to be returning the result of openssl_scr_export
which is always a bool (http://se2.php.net/manual/en/function.openssl-csr-export.php), instead of the &out
ref argument that openssl_scr_export
writes to (weird old C API, I suppose).
from acme.
Yes, I also noticed that earlier today while rewriting the library to Amp v2. Want to provide a PR that fixes it?
from acme.
Gladly! I'll do one tomorrow.
from acme.
from acme.
Related Issues (20)
- Invalid response: JWS has invalid anti-replay nonce HOT 1
- Fix failing tests HOT 3
- ECC Support HOT 1
- CSR creation with CN only HOT 5
- Support for Custom CSRs
- Support for Account Deletion HOT 1
- Invalid CSR config
- use dns01 Challenge HOT 8
- kelunik/acme is still using amphp/amp v1, will it be upgraded to use v2? HOT 5
- PHPDoc links don't work HOT 3
- AcmeService::pollForCertificate does not work for the dns-01 HOT 1
- Certificate Renewal only for 5-6 days HOT 4
- Add verifier for CAA records HOT 2
- ACMEv2 support HOT 3
- Wildcard certificates HOT 3
- New release HOT 2
- Implement TLS ALPN support
- AcmeService Exception handling: Can't buffer() a payload more than once HOT 1
- Location header in FinalizeOrder response HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme.