picture of tbs certificates
picture of tbs certificates
Our products range

Simply and quickly order a certificate using TBSCertBot

Prerequisite: TBSCertBot is compatible with php 5.4 to 7.x

Step 1 - Connection to TBSCertBot

TBSCertBot requires a configuration file to work properly. This file, namedconf.ini, is in the directory data.

Le configuration file is following the ini syntax and gathers the information requested to connect to TBSCertBot (login, password, server to use).

To create the configuration file, run your terminal, move to the TBSCertBot directory and follow the instructions:

php tbscertbot.php

The config file doesn't exist.
Do you want create a new config file ? [Y/n]

*** Server setting & username/password setting ***
 1. Production server
 2. Production server IPv4
 3. Sandbox server
 4. Sandbox server IPv4

Choose a server to use: 1

Username: myAPIlogin
Password: myAPIpassword
Making Server CALL for test parameters
Connexion successful, parameters are valid

WARNING: If you want to use the Sandbox server, you'll first have to open an account on the Sandbox and create a API user. To do so, follow the steps explained in the "How to proceed?" section of the TBS CERTIFICATS API documentation.

Step 2 - Edit the configuration file (optional)

Once the configuration file is created you can edit it to add the information linked to the certificates order (domain, organization...).

firstName = John
lastName = Smith ;This is a lastname

In the previous example, the "firstName" parameter has the value "John", "lastName" has the value "Smith", "This is a lastname" has no incidence on the value of the parameter "lastname": the message is only informative.

Step 3 - Ordering

Option 1: You have edited the configuration file (step 2)

Run your terminal and move to the TBSCertBot directory. Then, to order, you just have to run the following command:

php tbscertbot.php order

Example return of this test file:

  Validating all parameters...
  All parameters are OK!

  Generating new cryptographic key...
  - Type = RSA
  - Length = 2048
  New cryptographic key generated!

  Generating new CSR...
  - CN =
  - O = Example Inc
  - L = Paris
  - ST = Paris
  - C = FR
  New CSR generated!

  Placing order...
  Order taken into account under the reference 1444444444.

  Checking if certificate reference 1444444444 (CN = is
  -> Certificate is NOT AVAILABLE now, its current state is "Processing".
  -> Extra information says "Awaiting DCV".

  DCV Status: The file is not available yet on your server
        DCV Checked URL:
        DCV File: /path/to/TBSCertBot/data/dcv/9116535D66E2F4FC3203AAFCFA6D7F52.txt

The first step is the private key generation, followed by the CSR's. Then the certificate is ordered, and the API answers the request.

Ordering with parameters

TBSCertBot allows you to add a great number of parameters in the cli. The complete list is available in the help: php tbscertbot.php --help.

For instance, if you want to use your configuration file, and only change the certificate's domains, you can use the following command:

  php tbscertbot.php --maindomain --domain "" 

Option 2: You have not edited the configuration file (step 2)

In this case you'll have to provide the order information in prompt mode:

php tbscertbot.php order

Validating all parameters...

An issue occured with the PRODUCT. Please provide or correct the following information:
| code            | description                                    | validity         | license |
| sslev           | Thawte SSL EV                                  | 1, 2, 3, 4, 5    | 0       |
| ssl             | Thawte SSL Standard                            | 1, 2, 3, 4, 5    | 0       |
| certiSSLRGS     | Certigna SSL RGS*                              | 1                | 0       |
| certiSSLWild    | Certigna SSL Wildcard                          | 1                | 0       |
| COMqwac         | Sectigo Certificate QWAC for 1 Legal Person    | 1, 2, 3          | 0       |
| COMqwac3+       | Sectigo Certificate QWAC 3+ for 1 Legal Person | 1, 2, 3          | 0       |
Please input a product:
   - Code: ssl

Please input the desired validity periods in years, or with the suffix d for days
Valid period examples: 1, 2, 30d, 90d
   - Validity: 1

Request Validate
An issue occured with the REQUEST. Please provide or correct the following information:
   - Main Domain:

If pertinent, please fill the domain list.

DCV Case

For products requiring a DCV Challenge For products requiring a DCV Challenge (TBSX509, Sectigo, et PositiveSSL), the command return will display the DCV details.

In the case of the DCV email method, the chosen address will be displayed, along with other possible choices.

For HTTP/HTTPS challenges (only possibility for PositiveSSL Web products), the return will display the address at which you need to put your file, along with the complete path to the generated challenge file. Once this file has been place at your webserver's root, the domain possession will be validated.

For CNAME challenges, the DNS record and its status will be displayed.

Step 4 - Certificate delivery

You can look for new certificate deliveries using the command:

php tbscertbot.php download


Checking if certificate reference 1444444444 (CN = is
-> Certificate has been successfully issued!
      - Certificate downloaded and saved in file /path/to/TBSCertBot/data/certs/cert-1444444444.cer
      - Certificate chain downloaded and saved in file /path/to/TBSCertBot/data/certs/chain-1444444444.txt
      - Moving and renaming private key file to /path/to/TBSCertBot/data/keys/key-1444444444.pkey

You certificate has been downloaded. You can install it on your server.

See also