Simply and quickly order a certificate using TBSCertBot
Pré-requis
TBSCertBot fonctionne avec php 5.4 et supérieur.
Note : TBSCertbot autodétecte et installe des dépendances. Cependant si vous rencontrez des difficultés, nous vous invitons à mettre à jour vos librairies :
#composer update
Step 1 - Connection to TBSCertBot
TBSCertBot requires a configuration file to work properly. This file, namedconf.ini, is in the directory data.
Le configuration file is following the ini syntax and gathers the information requested to connect to TBSCertBot (login, password, server to use).
To create the configuration file, run your terminal, move to the TBSCertBot directory and follow the instructions:
php tbscertbot.php The config file doesn't exist. Do you want create a new config file ? [Y/n] *** Server setting & username/password setting *** 1. Production server 2. Production server IPv4 3. Sandbox server 4. Sandbox server IPv4 Choose a server to use: 1 Username: myAPIlogin Password: myAPIpassword Making Server CALL for test parameters Connexion successful, parameters are valid
WARNING: If you want to use the Sandbox server, you'll first have to open an account on the Sandbox and create a API user. To do so, follow the steps explained in the "How to proceed?" section of the TBS CERTIFICATS API documentation.
Step 2 - Edit the configuration file (optional)
Once the configuration file is created you can edit it to add the information linked to the certificates order (domain, organization...).
firstName = John lastName = Smith ;This is a lastname
In the previous example, the "firstName" parameter has the value "John", "lastName" has the value "Smith", "This is a lastname" has no incidence on the value of the parameter "lastname": the message is only informative.
Step 3 - Ordering
Option 1: You have edited the configuration file (step 2)
Run your terminal and move to the TBSCertBot directory. Then, to order, you just have to run the following command:
php tbscertbot.php order
Example return of this test file:
Validating all parameters... All parameters are OK! Generating new cryptographic key... - Type = RSA - Length = 2048 New cryptographic key generated! Generating new CSR... - CN = example.org - O = Example Inc - L = Paris - ST = Paris - C = FR New CSR generated! Placing order... Order taken into account under the reference 1444444444. Checking if certificate reference 1444444444 (CN = example.org) is available... -> Certificate is NOT AVAILABLE now, its current state is "Processing". -> Extra information says "Awaiting DCV". DCV: DCV: easyx509.com: DCV Method: HTTPS_CSR_HASH DCV Status: The file is not available yet on your server DCV Checked URL: https://example.org/9116535D66E2F4FC3203AAFCFA6D7F52.txt DCV File: /path/to/TBSCertBot/data/dcv/9116535D66E2F4FC3203AAFCFA6D7F52.txt
The first step is the private key generation, followed by the CSR's. Then the certificate is ordered, and the API answers the request.
Ordering with parameters
TBSCertBot allows you to add a great number of parameters in the cli. The complete list is available in the help: php tbscertbot.php --help.
For instance, if you want to use your configuration file, and only change the certificate's domains, you can use the following command:
php tbscertbot.php --maindomain example.com --domain "example.com test.example.com"
Option 2: You have not edited the configuration file (step 2)
In this case you'll have to provide the order information in prompt mode:
php tbscertbot.php order Validating all parameters... An issue occured with the PRODUCT. Please provide or correct the following information: +-----------------+------------------------------------------------+------------------+---------+ | code | description | validity | license | +-----------------+------------------------------------------------+------------------+---------+ | sslev | Thawte SSL EV | 1, 2, 3, 4, 5 | 0 | | ssl | Thawte SSL Standard | 1, 2, 3, 4, 5 | 0 | | certiSSLRGS | Certigna SSL RGS* | 1 | 0 | | certiSSLWild | Certigna SSL Wildcard | 1 | 0 | | COMqwac | Sectigo Certificate QWAC for 1 Legal Person | 1, 2, 3 | 0 | | COMqwac3+ | Sectigo Certificate QWAC 3+ for 1 Legal Person | 1, 2, 3 | 0 | +-----------------+------------------------------------------------+------------------+---------+ Please input a product: - Code: ssl Please input the desired validity periods in years, or with the suffix d for days Valid period examples: 1, 2, 30d, 90d - Validity: 1 Request Validate An issue occured with the REQUEST. Please provide or correct the following information: - Main Domain: example.org If pertinent, please fill the domain list. ...
DCV Case
For products requiring a DCV Challenge For products requiring a DCV Challenge (TBSX509, Sectigo, et PositiveSSL), the command return will display the DCV details.
In the case of the DCV email method, the chosen address will be displayed, along with other possible choices.
For HTTP/HTTPS challenges (only possibility for PositiveSSL Web products), the return will display the address at which you need to put your file, along with the complete path to the generated challenge file. Once this file has been place at your webserver's root, the domain possession will be validated.
For CNAME challenges, the DNS record and its status will be displayed.
Step 4 - Certificate delivery
You can look for new certificate deliveries using the command:
php tbscertbot.php download
Return:
Checking if certificate reference 1444444444 (CN = easyx509.com) is available... -> Certificate has been successfully issued! - Certificate downloaded and saved in file /path/to/TBSCertBot/data/certs/cert-1444444444.cer - Certificate chain downloaded and saved in file /path/to/TBSCertBot/data/certs/chain-1444444444.txt - Moving and renaming private key file to /path/to/TBSCertBot/data/keys/key-1444444444.pkey
You certificate has been downloaded. You can install it on your server.