ACME PHP - Request Certificate
Once you have proved to LetsEncrypt that you own the domain, you can request a certificate for it. Below are the steps to do so.
Run the following command to request a certificate for the domain:
php acmephp.phar request subdomain.mydomain.com
The first time you do this, it will ask you a series of questions (the same ones you get asked when generating a CSR). Just proceed by answering the questions truthfully.
The output has some really useful information such as where everything is kept, so I am posting it here for reference:
Loading account key pair... There is currently no certificate for domain test.programster.org in the Acme PHP storage. As it is the first time you request a certificate for this domain, some configuration is required. Generating domain key pair... Some informations about you or your company are required for the certificate: What is your country two-letters code (field "C" of the distinguished name, for instance: "US")? : UK What is your country province (field "ST" of the distinguished name, for instance: "California")? : Surrey What is your locality (field "L" of the distinguished name, for instance: "Mountain View")? : xxxxxx What is your organization/company (field "O" of the distinguished name, for instance: "Acme PHP")? : Programster What is your unit/department in your organization (field "OU" of the distinguished name, for instance: "Sales")? : What is your e-mail address (field "E" of the distinguished name)? : firstname.lastname@example.org Distinguished name informations have been stored locally for this domain (they won't be asked on renewal). Requesting first certificate for domain test.programster.org ... Running post-generate actions... The SSL certificate was fetched successfully! This certificate is valid from now to 2018-05-28T23:41:42+0000. 5 files were created in the Acme PHP storage directory: * /home/stuart/.acmephp/master/private/test.programster.org/private.pem contains your domain private key (required in many cases). * /home/stuart/.acmephp/master/certs/test.programster.org/cert.pem contains only your certificate, without the issuer certificate. It may be useful in certains cases but you will probably not need it (use fullchain.pem instead). * /home/stuart/.acmephp/master/certs/test.programster.org/chain.pem contains the issuer certificate chain (its certificate, the certificate of its issuer, the certificate of the issuer of its issuer, etc.). Your certificate is not present in this file. * /home/stuart/.acmephp/master/certs/test.programster.org/fullchain.pem contains your certificate AND the issuer certificate chain. You most likely will use this file in your webserver. * /home/stuart/.acmephp/master/certs/test.programster.org/combined.pem contains the fullchain AND your domain private key (some webservers expect this format such as haproxy). Read the documentation at https://acmephp.github.io/documentation/ to learn more about how to configure your web server and set up automatic renewal. To renew your certificate manually, simply re-run this command.
As stated before, you only have to go through the pain of answering the questions once.
When I re-ran the command (but with
--force to force renewal), I did not get a series of questions, but just got:
Loading account key pair... Forced renewal. Loading domain key pair... Loading domain distinguished name... Renewing certificate for domain test.programster.org ... Running post-generate actions... Certificate renewed successfully!
--force parameter. Be careful though as I believe you can only renew so many certificates per day.
Certificate File Locations
You should now have certificate files within:
However, the private key is at:
If you are running Apache, then you want to use the individual chain.pem and cert.pem files for your certificates. The chain.pem file is the equivalent of the ca_bundle.crt you get from using ssl for free.
If you are using Nginx then you want the fullchain.pem file for the ssl_certificate parameter.
In both cases, you will also need to grab the private key from the path specified earlier.
You have now got your certificate files. That completes our tutorial series on using ACME PHP tool.
First published: 16th August 2018