fridde/letsencrypt 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

fridde/letsencrypt

Composer 安装命令:

composer require fridde/letsencrypt

包简介

A Fork of imbrish/letsencrypt to enable a simple cron task to update Let's Encrypt SSL certificates on shared hostings.

README 文档

README

PHP script to automatically issue and renew Let's Encrypt SSL certificates on shared hostings.

Credits

Development of the script was inspired by this article.

Checking, issuing and renewal of certificates is handled using kelunik/acme-client.

Thanks to the authors!

Requirements

  • PHP 5.4 or higher
  • Access to server via SSH
  • Access to cPanel via UAPI

Installation

We will use composer to easily install dependencies.

First connect to the server with SSH and then:

# Clone the repository
git clone https://github.com/imbrish/letsencrypt

# Navigate to repository folder
cd letsencrypt

# Install dependencies
composer install

# Create the config file, should be customized afterwards
cp config.yml.example config.yml

# Allow only owner to access the config
chmod 600 config.yml

Updating

To update the script to the newest version:

# Pull changes from the repository
git fetch
git reset --hard origin/master

# Install dependencies
composer install

# Optionally restore executable mode
chmod 775 bin/letsencrypt

Remember to review your configuration against config.yml.example for possible changes!

Configuration

All configuration should be placed in the config.yml:

# Server to use, "letsencrypt" and "letsencrypt:staging" are valid shortcuts.
# The latter can help when testing as it offers more lenient usage quotas.
server: letsencrypt

# Custom nameserver IP used by the "acme issue" command.
# For example Google public DNS "8.8.8.8" or "8.8.4.4", or Cloudflare 1.1.1.1.
nameserver: null

# Base directory of the certificate document roots.
home: /home/user

# List of certificates to issue and install, for each there are a few options:
# bits:    Number of bits for the domain private key, from 2048 to 4096.
# domains: Map of document roots to domains. Maps paths of challenge directories
#          to the domains for which certificate should be issued. The very first
#          domain will be the common name for the certificate and its directory.
certificates:
    # This is the first certificate, common name and directory will be example.com.
    # It will be issued for domains example.com and sub.example.com with www variants.
    # The challenge files go to /home/user/public_html and /home/user/sub/public_html.
    - bits: 4096
      domains:
        /public_html:
            - example.com
            - www.example.com
        /sub/public_html:
            - sub.example.com
            - www.sub.example.com
    # This is the second certificate, common name and directory will be another.com.
    # It will be issued for domain another.com with www variant. The challenge files
    # go to /home/user/another/public_html.
    - bits: 2048
      domains:
        /another/public_html:
            - another.com
            - www.another.com

# Renew a certificate if it is due to expire within so many days.
renew: 30

# E-mail to use for the Let's Encrypt registration. This e-mail will receive
# certificate expiration notices from Let's Encrypt.
email: me@example.com

# E-mail to notify about errors or certificates issued during the execution.
# Used only when command is called with a "-notify" or "-n" flag.
notify: me@example.com

# The cPanel user for which certificates should be installed.
# Necessary only when logged-in as a root.
user: null

# By default certificates will be installed in cPanel for all domains listed above.
# Domains can be filtered by a whitelist of names to accept and/or blacklist to reject.
# The www prefix should be omitted because it is trimmed before the installation.
install:
    whitelist:
    blacklist:
        - sub.example.com

Usage

Certificates can be issued/renewed by running the command manually.

Run script as an executable:

# Make the script executable
chmod 775 bin/letsencrypt

# Run it
bin/letsencrypt

Alternatively use PHP to execute the script:

php bin/letsencrypt

Script will check if certificates should be renewed and issue/reissue them if so. Then it will install newly issued certificates in all specified domains using cPanel API.

It can also notify you about actions it took via email, if you wish so.

Command line arguments:

Option Description
-n, --notify Send email notification about errors or issued certificates
-c, --config Name of the configuration file including extension, by default config.yml
-v, --verbose Enable verbose output
-h, --help Display the help message
Optional list of certificate common names to issue and install only
a subset of certificates defined in the configuration file.

For example to use configuration file example.yml, issue and install only certificate for example.com and send email notification to the address defined in the config:

php bin/letsencrypt -c custom.yml -n -- example.com

Automation

Issuing, renewal and installation of certificates can be automated by setting up a cron job:

0 0 * * * /path/to/php-cli /home/user/letsencrypt/bin/letsencrypt -n

It will run the script every day at midnight and notify you about errors or issued certificates to an email defined in the configuration file.

You can check path to CLI version of PHP by connecting to your hosting via SSH and running:

which php

Alternatives

The Neilpang/acme.sh may be a more robust alternative.

fridde/letsencrypt 适用场景与选型建议

fridde/letsencrypt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 9 次下载、GitHub Stars 达 0, 最近一次更新时间为 2018 年 08 月 18 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「ssl」 「shared hosting」 「certificate」 「letsencrypt」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 fridde/letsencrypt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 fridde/letsencrypt 我们能提供哪些服务?
定制开发 / 二次开发

基于 fridde/letsencrypt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 9
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 10
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 7
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-3.0
  • 更新时间: 2018-08-18