Begin by setting up ssh connection to your server then proceed as follows:
1) Begin by setting up acmephp on your server.
cd ~ php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar', 'acmephp.phar');" php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar.pubkey', 'acmephp.phar.pubkey');" php acmephp.phar --version
If the last command display the Acme PHP version, you are ready to use Acme PHP.
2) Register your email address with Lets Encrypt.
$ php acmephp.phar register email@example.com
3) Write a config.yaml with the following details
contact_email: firstname.lastname@example.org defaults: distinguished_name: country: TZ locality: Dar es Salaam organization_name: MyCompany solver: dns certificates: - domain: '*.mydomain.com' distinguished_name: organization_name: My Domain subject_alternative_names: - mydomain.com solver: dns
The configuration above will make a certificate that covers both your domain root and all it's subdomains via the wildcard '*.mydomain.com'.
4) Run the following command:
$ php acmephp.phar run -v --ansi acmephp_config.yml
This command does the following:-
- registers your account key in the Let's Encrypt/ACME server,
- associating it with your e-mail address for each certificate configured in the file
- asks the ACME server for a token and ask to the configured solver to expose the token
- locally checks that the token is well exposed
- asks the ACME server to validate the domain
- asks the ACME server to generate a certificate
- installs the certificate by using the configured action
Follow the instructions given by the acmephp tool if it's to add a TXT record to your domain DNS do so, wait for it to propagate and then follow the instructions given to authorize your domain.
Per the config file, when the run command is successful, your certificate will be available on this path
What we need is all inside this file -
5) Open the above file and copy the first certificate key starting with
-----BEGIN CERTIFICATE----- and ending with
-----END CERTIFICATE----- both inclusive. Also copy the private key starting with
-----BEGIN PRIVATE KEY----- and ending with
-----END PRIVATE KEY----- likewise inclusive.
And voila, there you have your green lock 🔒.
Since letsencrypt certificates expire after every 90 days, it is advised to update your certificates after every 60 days. Setting up a CRON job to check and update your certificate after a certain period of time should be an option of choice than doing it manually.
The following cron job will update your certificates every other month.
0 0 1 */2 * php /home/youruser/acmephp.phar run acmephp_config.yml