-
Notifications
You must be signed in to change notification settings - Fork 49
/
_auto_example.php
91 lines (76 loc) · 2.7 KB
/
_auto_example.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
// Lescript automatic updating script.
//
// This is an example of how Lescript can be used to automatically update
// expiring certificates.
//
// This code is based on FreePBX's LetsEncrypt integration
//
// Copyright (c) 2016 Rob Thomas <[email protected]>
// Licence: AGPLv3.
//
// In addition, Stanislav Humplik <[email protected]> is explicitly granted permission
// to relicence this code under the open source licence of their choice.
if(!defined("PHP_VERSION_ID") || PHP_VERSION_ID < 50300 || !extension_loaded('openssl') || !extension_loaded('curl')) {
die("You need at least PHP 5.3.0 with OpenSSL and curl extension\n");
}
// Configuration:
$domains = array('test.example.com', 'example.com');
$webroot = "/var/www/html";
$certlocation = "/usr/local/lescript";
require 'Lescript.php';
// Always use UTC
date_default_timezone_set("UTC");
// you can use any logger according to Psr\Log\LoggerInterface
class Logger { function __call($name, $arguments) { echo date('Y-m-d H:i:s')." [$name] ${arguments[0]}\n"; }}
$logger = new Logger();
// Make sure our cert location exists
if (!is_dir($certlocation)) {
// Make sure nothing is already there.
if (file_exists($certlocation)) {
unlink($certlocation);
}
mkdir ($certlocation);
}
// Do we need to create or upgrade our cert? Assume no to start with.
$needsgen = false;
// Do we HAVE a certificate for all our domains?
foreach ($domains as $d) {
$certfile = "$certlocation/$d/cert.pem";
if (!file_exists($certfile)) {
// We don't have a cert, so we need to request one.
$needsgen = true;
} else {
// We DO have a certificate.
$certdata = openssl_x509_parse(file_get_contents($certfile));
// If it expires in less than a month, we want to renew it.
$renewafter = $certdata['validTo_time_t']-(86400*30);
if (time() > $renewafter) {
// Less than a month left, we need to renew.
$needsgen = true;
}
}
}
// Do we need to generate a certificate?
if ($needsgen) {
try {
$le = new Analogic\ACME\Lescript($certlocation, $webroot, $logger);
# or without logger:
# $le = new Analogic\ACME\Lescript($certlocation, $webroot);
$le->initAccount();
$le->signDomains($domains);
} catch (\Exception $e) {
$logger->error($e->getMessage());
$logger->error($e->getTraceAsString());
// Exit with an error code, something went wrong.
exit(1);
}
}
// Create a complete .pem file for use with haproxy or apache 2.4,
// and save it as domain.name.pem for easy reference. It doesn't
// matter that this is updated each time, as it'll be exactly
// the same.
foreach ($domains as $d) {
$pem = file_get_contents("$certlocation/$d/fullchain.pem")."\n".file_get_contents("$certlocation/$d/private.pem");
file_put_contents("$certlocation/$d.pem", $pem);
}