通过 
搜索
搜索fridde / letsencrypt
imbrish/letsencrypt 的分支,允许在共享托管上通过简单的cron任务更新Let's Encrypt SSL证书。
v0.6.4
2018-06-25 17:17 UTC
Requires
- php: >=5.4.0
- kelunik/acme-client: ^0.2.13
README
PHP 脚本,用于在共享托管上自动颁发和续期 Let's Encrypt SSL证书。
致谢
脚本的开发受到了 这篇文章 的启发。
证书的检查、颁发和续期是通过使用 kelunik/acme-client 来处理的。
感谢作者们!
要求
- PHP 5.4 或更高版本
- 通过SSH访问服务器
- 通过UAPI访问cPanel
安装
我们将使用 composer 来轻松安装依赖项。
首先通过SSH连接到服务器,然后
# Clone the repository git clone https://github.com/imbrish/letsencrypt # Navigate to repository folder cd letsencrypt # Install dependencies composer install # Create the config file, should be customized afterwards cp config.yml.example config.yml # Allow only owner to access the config chmod 600 config.yml
更新
要将脚本更新到最新版本
# Pull changes from the repository git fetch git reset --hard origin/master # Install dependencies composer install # Optionally restore executable mode chmod 775 bin/letsencrypt
请记得根据 config.yml.example 检查您的配置是否有任何变化!
配置
所有配置都应放在 config.yml
# Server to use, "letsencrypt" and "letsencrypt:staging" are valid shortcuts. # The latter can help when testing as it offers more lenient usage quotas. server: letsencrypt # Custom nameserver IP used by the "acme issue" command. # For example Google public DNS "8.8.8.8" or "8.8.4.4", or Cloudflare 1.1.1.1. nameserver: null # Base directory of the certificate document roots. home: /home/user # List of certificates to issue and install, for each there are a few options: # bits: Number of bits for the domain private key, from 2048 to 4096. # domains: Map of document roots to domains. Maps paths of challenge directories # to the domains for which certificate should be issued. The very first # domain will be the common name for the certificate and its directory. certificates: # This is the first certificate, common name and directory will be example.com. # It will be issued for domains example.com and sub.example.com with www variants. # The challenge files go to /home/user/public_html and /home/user/sub/public_html. - bits: 4096 domains: /public_html: - example.com - www.example.com /sub/public_html: - sub.example.com - www.sub.example.com # This is the second certificate, common name and directory will be another.com. # It will be issued for domain another.com with www variant. The challenge files # go to /home/user/another/public_html. - bits: 2048 domains: /another/public_html: - another.com - www.another.com # Renew a certificate if it is due to expire within so many days. renew: 30 # E-mail to use for the Let's Encrypt registration. This e-mail will receive # certificate expiration notices from Let's Encrypt. email: me@example.com # E-mail to notify about errors or certificates issued during the execution. # Used only when command is called with a "-notify" or "-n" flag. notify: me@example.com # The cPanel user for which certificates should be installed. # Necessary only when logged-in as a root. user: null # By default certificates will be installed in cPanel for all domains listed above. # Domains can be filtered by a whitelist of names to accept and/or blacklist to reject. # The www prefix should be omitted because it is trimmed before the installation. install: whitelist: blacklist: - sub.example.com
使用方法
可以通过手动运行命令来颁发/续期证书。
以可执行文件运行脚本
# Make the script executable chmod 775 bin/letsencrypt # Run it bin/letsencrypt
或者使用PHP来执行脚本
php bin/letsencrypt
脚本将检查证书是否需要续期,并在必要时颁发/重新颁发它们。然后,它将使用cPanel API在所有指定的域中安装新颁发的证书。
如果需要,它还可以通过电子邮件通知您它所采取的操作。
命令行参数
例如,要使用配置文件 example.yml,只为 example.com 颁发和安装证书,并将电子邮件通知发送到配置中定义的地址
php bin/letsencrypt -c custom.yml -n -- example.com
自动化
可以通过设置cron作业来自动化证书的颁发、续期和安装
0 0 * * * /path/to/php-cli /home/user/letsencrypt/bin/letsencrypt -n
它将在每天午夜运行脚本,并将错误或颁发的证书通知到配置文件中定义的电子邮件地址。
您可以通过通过SSH连接到您的托管并运行以下命令来检查PHP CLI版本的路径
which php
替代方案
Neilpang/acme.sh 可能是一个更健壮的替代方案。