<?php
require 'vendor/autoload.php';
use AcmePhp\Ssl\Generator\KeyPairGenerator;
use AcmePhp\Ssl\Parser\KeyParser;
use AcmePhp\Ssl\Signer\DataSigner;
use AcmePhp\Core\Http\Base64SafeEncoder;
use AcmePhp\Core\Http\SecureHttpClient;
use AcmePhp\Core\AcmeClient;
use AcmePhp\Core\Challenge\Http\HttpDataExtractor;
use AcmePhp\Core\Challenge\Http\HttpChallengeHandler;
use AcmePhp\Core\Challenge\Http\HttpChallengeVerifier;
// 生成密钥对
$keyPairGenerator = new KeyPairGenerator();
$keyPair = $keyPairGenerator->generateKeyPair();
// 创建安全的HTTP客户端
$secureHttpClient = new SecureHttpClient(
$keyPair,
new KeyParser(),
new DataSigner(),
new Base64SafeEncoder()
);
// 创建ACME客户端
$acmeClient = new AcmeClient($secureHttpClient);
// 注册账户
$acmeClient->registerAccount('[email protected]');
// 请求证书
$domains = ['your-domain.com', 'www.your-domain.com'];
$order = $acmeClient->requestOrder($domains);
// 处理HTTP挑战
$httpChallengeHandler = new HttpChallengeHandler();
$httpDataExtractor = new HttpDataExtractor();
foreach ($order->getAuthorizationsChallenges() as $authorizationChallenges) {
$domain = $authorizationChallenges->getLocation()->getDomain();
$challenge = $authorizationChallenges->getHttpChallenge();
$httpChallengeHandler->handle($challenge, $httpDataExtractor->getCheckPath($challenge));
$acmeClient->challenge($challenge);
$httpChallengeHandler->cleanUp($domain, $httpDataExtractor->getFilePath($challenge));
}
// 生成域名密钥对
$domainKeyPair = $keyPairGenerator->generateKeyPair();
// 请求证书签名
$certificate = $acmeClient->requestCertificate($order, $domainKeyPair);
// 保存证书和私钥
file_put_contents('/etc/letsencrypt/live/your-domain.com/cert.pem', $certificate->getPEM());
file_put_contents('/etc/letsencrypt/live/your-domain.com/private.pem', $domainKeyPair->getPrivateKey()->getPEM());
>
我的方案是php调用(shell命令)docker版的acme.sh生成证书后再移动证书文件到指定位置(远程shell 写入)或读取证书内容通过api部署到阿里云。好处是更少的代码,但需要有docker环境
同求
小米MIX2s(白)