This library implements the dns-01
challenge type for wildcard domains.
composer install ssigwart/letsencryptdns
- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClient(...);
indicating if staging or production endpoint should be used and setting up provider for your LetsEncrypt account. - Call setDNSProvider to set up a DNS provider. Use
\LetsEncryptDNSClient\Route53DNSProvider
to use AWS's Route53. - Optionally use
setLogger(...)
to handle log messages. By default, log messages are not output. - Call
getTermsOfServiceUrl(...)
to get the terms of service, thenagreeToTermsOfService
to agree to them. - Call
$order = $leClient->startWildcardSslOrder('example.com');
to get a wildcard SSL certificate for*.example.com
. Store the returned$order->orderUrl
. - Store the order URL in a queue for later processing. You should wait a minute or so to wait for DNS propagation.
- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClient
as in the initial request. - Call
$order = $leClient->getOrder('YOUR_ORDER_URL');
- Optionally call
$order->selfValidateOrderChallenges();
. If this fails, the order will likely be rejected. - Call
$csr = $this->createCSR(...);
to set up certificate signing request. - Call
$order = $this->finalizeSslOrder($order, $csr);
- Set up
$leClient = \LetsEncryptDNSClient\LetsEncryptDNSClient
as in the initial request. - Call
$order = $leClient->getOrder('YOUR_ORDER_URL');
- If
$order->isOrderValid()
returns true, call$leClient->getOrderCertificate()
to get the SSL certificate
The IAM user you use should have the following policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/REPLACE_WITH_YOUR_HOSTED_ZONE"
}
]
}