This library implements the dns-01 challenge type for wildcard domains.
composer install ssigwart/letsencryptdns- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClient(...);indicating if staging or production endpoint should be used and setting up provider for your LetsEncrypt account. - Call setDNSProvider to set up a DNS provider. Use
\LetsEncryptDNSClient\Route53DNSProviderto use AWS's Route53. - Optionally use
setLogger(...)to handle log messages. By default, log messages are not output. - Call
getTermsOfServiceUrl(...)to get the terms of service, thenagreeToTermsOfServiceto agree to them. - Call
$order = $leClient->startWildcardSslOrder('example.com');to get a wildcard SSL certificate for*.example.com. Store the returned$order->orderUrl. - Store the order URL in a queue for later processing. You should wait a minute or so to wait for DNS propagation.
- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClientas in the initial request. - Call
$order = $leClient->getOrder('YOUR_ORDER_URL'); - Optionally call
$order->selfValidateOrderChallenges();. If this fails, the order will likely be rejected. - Call
$csr = $this->createCSR(...);to set up certificate signing request. - Call
$order = $this->finalizeSslOrder($order, $csr);
- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClientas in the initial request. - Call
$order = $leClient->getOrder('YOUR_ORDER_URL'); - If
$order->isOrderValid()returns true, call$leClient->getOrderCertificate()to get the SSL certificate
The IAM user you use should have the following policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/REPLACE_WITH_YOUR_HOSTED_ZONE"
}
]
}