PHPackages orangecam/acme2letsencrypt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. orangecam/acme2letsencrypt ActiveLibrary[Security](/categories/security) orangecam/acme2letsencrypt ========================== A PHP client for acme protocal (version 2) implementation, used to get letsencrypt's ssl certificates. v1.0.7(1mo ago)026MITPHPPHP >=8.1 Since Apr 24Pushed 1mo ago1 watchersCompare [ Source](https://github.com/orangecam/acme2letsencrypt)[ Packagist](https://packagist.org/packages/orangecam/acme2letsencrypt)[ RSS](/packages/orangecam-acme2letsencrypt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (8)Dependencies (2)Versions (9)Used By (0) Let's Encrypt ACME2 project =========================== [](#lets-encrypt-acme2-project) A PHP client for acme protocal (version 2) implementation, used to get let's encrypt ssl certificates. Support for both RSA and ECDSA certificates is supported. The code will not set the challenge file or DNS record for you, you must handle these manually. > This project was forked from () and fully upgraded to use guzzlehttp/guzzle package as the http request handler. It also fixes deprecations from newer versions of php, specifically php 8. This project fully supports php 8.1 and assumes that since all the deprecations are fixed, it will work with php 9 as well when it is released. This project is only compatibile with php 8.1 or newer as of April 2025. 1. Current Version ------------------ [](#1-current-version) The current version is `1.0.7`. 2. Prerequisites ---------------- [](#2-prerequisites) This project works with PHP-8.1.0 or higher. You must install PHP and ext-curl, ext-openssl, and ext-json. Guzzle requires json, and intl for Internationalized Domain Name (IDN) support. 3. Install ---------- [](#3-install) Install requires executing `/usr/bin/php composer.phar require orangecam/acme2letsencrypt`. 4. Usage -------- [](#4-usage) The basic methods and its necessary arguments are shown here. An example is supplied in the file [exampleRunScript.php](https://github.com/orangecam/acme2letsencrypt/blob/master/exampleRunScript.php). #### 4.1. Initial setup [](#41-initial-setup) ``` //Pull in the ClientRequest to use it use orangecam\acme2letsencrypt\ClientRequest; // Email list as contact info $emailList = ['alert@example.com']; // Account data and certificates files will be stored here $sslDir = '/var/www/ssl/'; // Hostname without the TLD ***not*** to include the '.' (dot) $name = 'example'; // TLD here, for example 'com' ***not*** to include the '.' (dot) $topLevelDomain = 'com'; // Using stage environment or not, make sure to empty $sslDir directory after you change from staging/test server to the real one $useStagingUrl = FALSE; // Initiating a client $client = new ClientRequest( $emailList, $sslDir.$name.'_'.$topLevelDomain, $useStagingUrl ); ``` After `ClientRequest` had been initiated, a Let's Encrypt account will be created and the account data will be placed in ` $sslDir.$name.'_'.$topLevelDomain`. When you reinitialize the client, the account will not be created again. #### 4.2. Account Management [](#42-account-management) ``` // Get account service instance $account = $client->getAccount(); //----------------------------------- // Update account contact info with an email list $account->updateAccountContact($emailList); //----------------------------------- // Regenerate private/public key pair,the old will be replaced by the new $account->updateAccountKey(); //----------------------------------- // Deactive the account $account->deactivateAccount(); ``` #### 4.3. Order [](#43-order) These methods bellow are mainly used for generating certificates. ``` //Pull in the ConstantVariables to use it in the code below use orangecam\acme2letsencrypt\constants\ConstantVariables; /* Domains and challenges info for a single certificate with multiple SAN: abc.example.com, *.example.com and example.com */ $domainInfo = [ ConstantVariables::CHALLENGE_TYPE_HTTP => [ //WILDCARD certs not allowed on HTTP challenge type 'example.com', 'www.example.com', ], ]; //----------OR---------- $domainInfo = [ ConstantVariables::CHALLENGE_TYPE_DNS => [ 'example.com', '*.example.com', ], ]; // Generate RSA certificates, `ConstantVariables::KEY_PAIR_TYPE_EC` for ECDSA certificates $algorithm = ConstantVariables::KEY_PAIR_TYPE_RSA; // Get an order service instance $order = $client->getOrder($domainInfo, $algorithm, TRUE); ``` ``` //The prototype of method `getOrder()` is shown below: public function getOrder(array $domainInfo, int $algorithm, bool $generateNewOder = TRUE): OrderService ``` The third param `$generateNewOder` controls whether a new order need to be generated. When `$generateNewOder == TRUE`, all files under original certificates directory will be removed in order to generate new certificates; When `$generateNewOder == FALSE`, it will return an existing order service instance used to revoke certificates generally. #### 4.4. Challenge [](#44-challenge) ``` // Get all authorization challenges for domains $challengeList = $order->getPendingChallengeList(); //Loop through the list foreach($challengeList as $challenge) { //Get the credentials $credential = $challenge->getCredential(); //Get the type $type = $challenge->getType(); //****Push the $credentials to the right place. HTTP-01 or DNS-01 //Infinite loop until the authorization status becomes valid or timeout has been reached $challenge->verify(700, 700); } // Get certificates, such as certificates path, private/public key pair path, valid time $order->getCertificateFile(); // Revoke certificates, the certificaes ara unavailable after revoked $order->revokeCertificate($reason); ``` ``` //The prototype of method `verify()` is shown below: public function verify(int $verifyLocallyTimeout = 0, int $verifyCATimeout = 0): bool ``` - The first param `$verifyLocallyTimeout` stands for the timeout of local verification. Default value 0 won't trigger time-out mechanism. - The second param `$verifyCATimeout` stand for the timeout of Let's Encrypt verification. Default value 0 won't trigger time-out mechanism. 5. Domain Verification ---------------------- [](#5-domain-verification) When generating a certificate, Let's Encrypt needs to verify the ownership and validity of the domain. There are two types of verification: http-01, dns-01. In the following, we take `example.com` as an example. #### 5.1. http-01 [](#51-http-01) Let's Encrypt will access a specific file under web server to verify domain. The `$challenge` info is like bellow. ``` print_r($challenge->getType()); /* output */ 'http-01' print_r($challenge->getCredential()); /* output */ [ 'identifier' => 'example.com', 'fileName' => 'RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y', 'fileContent' => 'RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y.CNWZAGtAHIUpstBEckq9W_-0ZKxO-IbxF9Y8J_svbqo', ]; ``` With the above `$challenge` info, Let's Encrypt will access "", and the file content will be expected as "RzMY-HDa1P0DwZalmRyB7wLBNI8fb11LkxdXzNrhA1Y.CNWZAGtAHIUpstBEckq9W\_-0ZKxO-IbxF9Y8J\_svbqo". #### 5.2. dns-01 [](#52-dns-01) You should add a DNS TXT record for domain, Let's Encrypt will check domain's specific TXT record value for verification. As this time, the `$challenge` info is like bellow. ``` print_r($challenge->getType()); /* output */ 'dns-01' print_r($challenge->getCredential()); /* output */ [ 'identifier' => 'example.com', 'dnsContent' => 'xQwerUEsL8UVc6tIahwIVY4e8N5MAf1xhyY20AELurk', ]; ``` With the aboved `$challenge` info, you should add a TXT record for domain `example.com`, the record name should be "\_acme-challenge.example.com", the record value should be "xQwerUEsL8UVc6tIahwIVY4e8N5MAf1xhyY20AELurk". It's worth noting that you should set TTL as short as possible to let the record take effect as soon as possible. #### 5.3. Wildcard domain verification [](#53-wildcard-domain-verification) This tool supports generating certificates for wildcard domains. A wildcard domain, like `*.example.com`, will be verified as `example.com`, this means the DNS record name should be `_acme-challenge.example.com`. Here is a simple summary for dns-01 challenges about domain and DNS record. DomainDNS record nameTypeTTLDNS record value(just examples)example.com\_acme-challenge.example.comTXT60xQwerUEsL8UVc6tIahwIVY4e8N5MAf1xhyY20AELurk\*.example.com\_acme-challenge.example.comTXT60G2dOkzSjW3ohib5doPRDrz5a5l8JB1qU8CxURtzF7aE7. Full example --------------- [](#7-full-example) Project supplies a [full example](https://github.com/orangecam/acme2letsencrypt/blob/master/exampleRunScript.php). 8. Finish --------- [](#8-finish) I hope you find this project useful to you and allows you to automate the generating of ssl certs on your own website. ### Health Score 41 — FairBetter than 89% of packages Maintenance90 Actively maintained with recent releases Popularity8 Limited adoption so far Community7 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~47 days Recently: every ~62 days Total 8 Last Release 51d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/5ebc9b1b84dd472f1141f742500a2ea5bc7959d0b93549e07f08c47a171af745?d=identicon)[orangecam](/maintainers/orangecam) --- Top Contributors [![orangecam](https://avatars.githubusercontent.com/u/15823284?v=4)](https://github.com/orangecam "orangecam (36 commits)") ### Embed Badge ![Health badge](/badges/orangecam-acme2letsencrypt/health.svg) ``` [![Health](https://phpackages.com/badges/orangecam-acme2letsencrypt/health.svg)](https://phpackages.com/packages/orangecam-acme2letsencrypt) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[paragonie/certainty Up-to-date, verifiable repository for Certificate Authorities 2642.4M20](/packages/paragonie-certainty)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[acmephp/core Raw implementation of the ACME protocol in PHP 38973.7k7](/packages/acmephp-core)[nickurt/laravel-pwned-passwords PwnedPasswords for Laravel 11.x/12.x/13.x 187.5k](/packages/nickurt-laravel-pwned-passwords) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)