BlogHome
Adding Let's Encrypt SSL Certificates To Your Domain Using Acme PHP.

Adding Let's Encrypt SSL Certificates To Your Domain Using Acme PHP.

Nov 28, 2020Updated on Apr 3, 2021

Straight down to business..

Begin by setting up ssh connection to your server then proceed as follows:

  1. Begin by setting up acmephp on your server.
cd ~
php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar', 'acmephp.phar');"
php -r "copy('https://github.com/acmephp/acmephp/releases/download/1.0.1/acmephp.phar.pubkey', 'acmephp.phar.pubkey');"
php acmephp.phar --version

If the last command display the Acme PHP version, you are ready to use Acme PHP.

  1. Register your email address with Lets Encrypt.
$ php acmephp.phar register [email protected]
  1. Write a config.yaml with the following details
contact_email: [email protected]

defaults:
  distinguished_name:
      country: TZ
      locality: Dar es Salaam
      organization_name: MyCompany
  solver: dns

certificates:
  - domain: '*.mydomain.com'
    distinguished_name:
      organization_name: My Domain
    subject_alternative_names:
      - mydomain.com
    solver: dns

The configuration above will make a certificate that covers both your domain root and all it's subdomains via the wildcard '*.mydomain.com'.

  1. Run the following command:
$ php acmephp.phar run -v --ansi acmephp_config.yml

This command does the following:-

  • registers your account key in the Let's Encrypt/ACME server,
  • associating it with your e-mail address for each certificate configured in the file
  • asks the ACME server for a token and ask to the configured solver to expose the token
  • locally checks that the token is well exposed
  • asks the ACME server to validate the domain
  • asks the ACME server to generate a certificate
  • installs the certificate by using the configured action

Follow the instructions given by the acmephp tool if it's to add a TXT record to your domain DNS do so, wait for it to propagate and then follow the instructions given to authorize your domain.

Per the config file, when the run command is successful, your certificate will be available on this path /home/youruser/.acmephp/master/certs/*.mydomain.com

What we need is all inside this file - *.mydomain.com/private/combined.pem

  1. Open the above file and copy the first certificate key starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE----- both inclusive. Also copy the private key starting with -----BEGIN PRIVATE KEY----- and ending with -----END PRIVATE KEY----- likewise inclusive.

  2. Fill in those two in your cpanel SSL/TLS manager: SSL Keys Form

And voila, there you have your green lock 🔒.

One important Note.

Since letsencrypt certificates expire after every 90 days, it is advised to update your certificates after every 60 days. Setting up a CRON job to check and update your certificate after a certain period of time should be an option of choice than doing it manually.

The following cron job will update your certificates every other month.

0 0 1 */2 * php /home/youruser/acmephp.phar run acmephp_config.yml