Site Updates by Cristian Sandu

Using Let’s Encrypt with a PHP Application on OpenShift

Hi,

Update: github.com/kuba/simp_le is dead, the github.com/zenhack/simp_le fork is to be used instead.

The following post documents how I used Let’s Encrypt to secure this WordPress site which hosted on OpenShift.

The following is based on this forum post/tutorial. I just made it work with virtualenv and a PHP OpenShift app.

Please note that you need to be a bronze OpenShift user to be able to do this as they don’t allow custom certificates for regular free users.

Login into your rhc app & go to ~/app-root/data

 

rhc ssh <app_name>
cd app-root/data

Spin-up a virtualenv:

virtualenv letsencrypt
cd letsencrypt
source bin/activate

Install dependencies via pip in the virtualenv:

pip install git+https://github.com/zenhack/simp_le
pip install --upgrade six
pip install --upgrade setuptools

The cool part is that it seems multiple apps share the same environment and you might need to do the above steps only once for all your apps.

Now generate the certificates:

gear stop
mkdir -p /tmp/http/.well-known/acme-challenge
cd /tmp/http
wget https://gist.githubusercontent.com/bmsleight/bc34254eed0ee458738e/raw/61110fe6e3980f0c6a401acae93f221f56b1eced/simple_acme_server.py
OPENSHIFT_PYTHON_IP=$OPENSHIFT_PHP_IP OPENSHIFT_PYTHON_PORT=$OPENSHIFT_PHP_PORT python simple_acme_server.py &

The trick is in the last line where we use the PHP environment variables for this python script.

Now pull the certificates:

cd ~/app-root/data/
simp_le --email example@example.com -f account_key.json   -f fullchain.pem -f key.pem   -d www.example.com --default_root /tmp/http

Or course, replace “www.example.com” with your hostname.

Restart your app & exit:

killall python
gear start
exit

Pull the certificates to your local filesystem:

rhc scp -a <app_name> download ./ ./app-root/data/fullchain.pem
rhc scp -a <app_name> download ./ ./app-root/data/key.pem

Set them on your app:

rhc alias update-cert <app_name> www.example.com --certificate fullchain.pem --private-key key.pem

Again replace www.example.com with your hostname.

Aaand we’re done!

 

 

 

1 thought on “Using Let’s Encrypt with a PHP Application on OpenShift”

  1. Thanks, this was perfect.
    I added a terms of service hash argument to the “simp_le –email…” line to resolve a “TOS hash mismatch” error.
    –tos_sha256 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.