/letsencrypt

Automatic issuing and renewal of Let's Encrypt SSL certificates on shared hostings.

Primary LanguagePHPGNU General Public License v3.0GPL-3.0

letsencrypt

PHP script for automatic issuing and renewal of Let's Encrypt SSL certificates on shared hostings.

Credits

This script is in fact a wrapper for two other:

Especially acme-client and this article greatly inspired development. Thanks to the authors!

Requirements

  • Access to CPanel
  • Access to server via SSH
  • PHP 5.4 or higher

Installation

We will use composer to easily install all dependencies. First we connect to our server with SSH and then:

# Clone the repository
git clone https://github.com/imbrish/letsencrypt

# Navigate to repository folder
cd letsencrypt

# Install dependencies
composer install

# Create the config file, should be customized afterwards
cp config.yml.example config.yml

# Allow only owner to access the config
chmod 600 config.yml

Configuration

Domains for certificate should be defined in the config.yml:

# Base directory for domain paths.
home: /home/user

# Server to use, "letsencrypt" and "letsencrypt:staging" are valid shortcuts.
server: letsencrypt

# E-mail to use for the Let's Encrypt registration.
# This e-mail will receive expiration notices from Let's Encrypt.
email: me@example.com

# Renew certificate if it expires within so many days.
renew: 30

# List of certificates to issue.
certificates:
    # For each certificate, there are a few options.
    # bits:    Number of bits for the domain private key.
    # domains: Map of document roots to domains. Maps each path to one or multiple
    #          domains. If one domain is given, it's automatically converted to an
    #          array. The first domain will be the common name.
    - bits: 4096
      domains:
        /public_html:
            - example.com
            - www.example.com
        /sub/public_html:
            - sub.example.com
            - www.sub.example.com

# E-mail to send notifications about errors or issued certificates.
# Used only when command is executed with "-notify" or "-n" flag.
notify: me@example.com

# CPanel credentials necessary to install certificates.
cpanel:
    user: example
    password: secret

# List of domains for which certificates will be installed in CPanel.
# The www prefix should be omitted as it is trimmed for installation.
install:
    whitelist:
    blacklist:
        - sub.example.com

# Custom nameserver IP used by "acme issue" command.
# For example Google public DNS "8.8.8.8" or "8.8.4.4".
nameserver: false

Usage

Certificates can be issued/renewed by running script manually.

Run script as executable:

# Make the script executable
chmod 775 bin/letsencrypt

# Run it
bin/letsencrypt

Alternatively use php:

php bin/letsencrypt

Script will check if certificates should be renewed and issue/reissue them if so. Then it will install newly issued certificates in all specified domains using CPanel API.

It can also notify you about actions it took via email, if you wish so.

Command line options:

-n, -notify - Notify via email about errors or issued certificates.

Cron job

Even more automation by setting up a cron job:

0 0 * * * /path/to/php-cli /home/user/letsencrypt/bin/letsencrypt -n

It will run the script every day at midnight.

You can check path to cli version of php by connecting to your hosting via ssh and running:

which php

Todo