DEV Community

Cover image for Adding Let's Encrypt SSL Certificates To Your Domain Using Acme PHP.
James Sinkala
James Sinkala

Posted on • Updated on • Originally published at jamesinkala.com

Adding Let's Encrypt SSL Certificates To Your Domain Using Acme PHP.

Straight down to business..

Begin by setting up ssh connection to your server then proceed as follows:

1) Begin by setting up acmephp on your server.

cd ~
php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar', 'acmephp.phar');"
php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar.pubkey', 'acmephp.phar.pubkey');"
php acmephp.phar --version
Enter fullscreen mode Exit fullscreen mode

If the last command display the Acme PHP version, you are ready to use Acme PHP.

2) Register your email address with Lets Encrypt.

$ php acmephp.phar register myuser@somemail.com
Enter fullscreen mode Exit fullscreen mode

3) Write a config.yaml with the following details

contact_email: myemail@somemail.com

defaults:
  distinguished_name:
      country: TZ
      locality: Dar es Salaam
      organization_name: MyCompany
  solver: dns

certificates:
  - domain: '*.mydomain.com'
    distinguished_name:
      organization_name: My Domain
    subject_alternative_names:
      - mydomain.com
    solver: dns
Enter fullscreen mode Exit fullscreen mode

The configuration above will make a certificate that covers both your domain root and all it's subdomains via the wildcard '*.mydomain.com'.

4) Run the following command:

$ php acmephp.phar run -v --ansi acmephp_config.yml
Enter fullscreen mode Exit fullscreen mode

This command does the following:-

  • registers your account key in the Let's Encrypt/ACME server,
  • associating it with your e-mail address for each certificate configured in the file
  • asks the ACME server for a token and ask to the configured solver to expose the token
  • locally checks that the token is well exposed
  • asks the ACME server to validate the domain
  • asks the ACME server to generate a certificate
  • installs the certificate by using the configured action

Follow the instructions given by the acmephp tool if it's to add a TXT record to your domain DNS do so, wait for it to propagate and then follow the instructions given to authorize your domain.

Per the config file, when the run command is successful, your certificate will be available on this path /home/youruser/.acmephp/master/certs/*.mydomain.com

What we need is all inside this file - *.mydomain.com/private/combined.pem

5) Open the above file and copy the first certificate key starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE----- both inclusive. Also copy the private key starting with -----BEGIN PRIVATE KEY----- and ending with -----END PRIVATE KEY----- likewise inclusive.

6) Fill in those two in your cpanel SSL/TLS manager:
SSL Keys Form

And voila, there you have your green lock 🔒.

One important Note.

Since letsencrypt certificates expire after every 90 days, it is advised to update your certificates after every 60 days. Setting up a CRON job to check and update your certificate after a certain period of time should be an option of choice than doing it manually.

The following cron job will update your certificates every other month.

0 0 1 */2 * php /home/youruser/acmephp.phar run acmephp_config.yml
Enter fullscreen mode Exit fullscreen mode

Top comments (2)

Collapse
 
steve0071 profile image
steve0071

thanks

Collapse
 
xinnks profile image
James Sinkala

you're welcome