
Show HN: Lescript – Simple PHP client library for Let's encrypt - efesak2
https://github.com/analogic/lescript
======
ewams
Thanks, nice looking code that is pretty darn clean. It is always refreshing
to see an application that is as self contained as possible without all the
multitude of required dependencies.

------
jnardiello
Mate, seriously, use composer and packagist.

~~~
mschuster91
Well, composer needs to be installed and present on the system. As the author
states, minimal dependencies.

Hell why doesn't everyone follow this? Instead I see projects with five or
more build tools needed to deploy a website.

A single small website depending on... PHP/MySQL (obviously), Symfony,
composer, npm, grunt, bower, ant, vagrant, docker. And well, language
dependencies not needed by the website itself, just for the buildtools:
python, nodejs, ruby, java plus virtualbox for vagrant!

All of this for a setup that can be (with proper documentation) replicated by
hand and from scratch in <10 minutes (Debian, not RPM-based crap). The fuck
are you smoking, people? Took me even WITH documentation about all those build
tools 30min to get running where a simple git clone should be all that's
needed. Bonus side effect: if you need to hack stuff in your deps, it's easier
to ship them in your repo than if you use composer and friends.

I'd coin a new term for this: tool-sturbation.

~~~
jnardiello
You just don't get it :)

Whoever wish to include manually this package and use it like if it was 1993
will still be able to do by cloning this repo and including the file by hand.
On the other side, 99% of the sane PHP that has been written in the last few
years including fairly large projects, WILL use composer to manage external
dependencies as it's probably the single project who made PHP a modern
language.

So, what are the cons of releasing this as a package?

I'm not even starting the conversation where I'm trying to convince you that
using a dependencies manager is always a good thing to keep the codebase sane
and clean - even for small scripts. That "<10 mins thing" is an empty claim as
you have to do a boilerplate once and can use it all the time (unless you are
the kind of programmer who is not 'good-lazy' but rather 'bad-lazy' and love
to re-do its job by hand over and over)

~~~
degenerate
"99% of sane PHP" is not the audience here. There are millions and millions of
shared hosting accounts running basic cPanel + PHP + some minimal form of SSH
access - those are the people that won't have a way to install LetsEncrypt
otherwise, except for the ability to execute some random PHP file in their SSH
home directory. Step out of your walled garden and buy yourself a crappy $5/mo
hosting account, and you will see why the author's choices are a blessing in
disguise.

~~~
mschuster91
A pity you're being downvoted. People forget not everyone has the bucks to
shell out for even a webhost with SSH enabled.

~~~
Killswitch
$5/mo shared hosting plan where you're walled and can't do anything you want,
or $5/mo VPS at Digital Ocean where you have SSH enabled by default and can
install anything you want.

of course, people don't have the bucks to shell out for that. I get it.

~~~
mschuster91
> of course, people don't have the bucks to shell out for that. I get it.

they don't know better. Don't forget what the base of most Wordpress and
Drupal setups is - people with barely enough skill to do a FTP push, download
and install a theme from Themeforest and done.

or they can't pay because nearly every US startup/service accepts credit cards
only (which is not widespread in Europe) and no one really trusts Paypal.

~~~
Killswitch
> they don't know better. Don't forget what the base of most Wordpress and
> Drupal setups is

Considering the audience of HN, I am astounded by the amount of people who
complain about a PHP package being on Composer, yet they all use NodeJS, Go,
and other things that require more than modern PHP and Composer does.

------
adolfoabegg
From README: If you prefer more robust and clean library see excellent
[https://github.com/kelunik/acme](https://github.com/kelunik/acme)

~~~
efesak2
Huge obstacle from using kelunik lib is PHP7 and need of external libraries.

~~~
TazeTSchnitzel
What's wrong with external libraries? They're a mere `composer install` away.

~~~
efesak2
Nothing in general, its about choice...

~~~
TazeTSchnitzel
So this is a solution looking for a problem, then?

------
sschueller
Thanks, seems like every day we get a shorter version. This is actually quite
useful since I have PHP on most system but not all the dependencies that some
of the python versions require.

I'm hoping to see a single file bash script at some point :)

~~~
efesak2
Actually there is single bash file client
[https://github.com/lukas2511/letsencrypt.sh](https://github.com/lukas2511/letsencrypt.sh)
:)

------
TazeTSchnitzel
> public function signDomains($domains)

Should this have an `array` type declaration? You used it on another function.

------
Kiro
What is Let's encrypt exactly? I thought it was just free SSL so why do I need
to touch my code at all?

~~~
onion2k
Let's Encrypt certificates expire after 30 days. The reason for that is to
mitigate problems with old certs and to encourage automation so there's less
danger of a server being left unsecured because an admin forgotten to update
something. This sort of library is aimed at [sys|web|dev]ops rather than
developers per se.

Ultimately services like LE will get to the point where certificates will
expire in _hours_ rather than days, so a problem like Heartbleed will 'self-
heal' because certificates can be fixed and servers will automatically get the
patch within a day.

~~~
akerro
90 days.

------
c_prompt
How is this used to renew? I don't see a function related to renewals.

~~~
dangrossman
What would be the difference between "renewing" and running the script twice?
There's no distinction made when I buy certificates from another CA.

~~~
c_prompt
This is probably my misunderstanding of how it works. Pardon what's probably a
silly question, but do all certs work the same way (i.e., certs are never
"renewed" but just reissued with new dates)?

~~~
286c8cb04bda
_> certs are never "renewed" but just reissued with new dates_

This is correct.

~~~
cosecantt
The question arises. How Letsencrypt handle reissued certificates under one
domain? Guess if I reissue million times for a specific domain, does this
override the previous certificates on their database or does it create valid
certificates each time I reissue? Thanks for the script.

------
mei0Iesh
I was going to star it, until I saw the advertisement in the README.md.

~~~
TazeTSchnitzel
Putting a line or two about why you developed a library doesn't seem
unreasonable.

~~~
Vendan
I'm actually happy about it in most cases, as it shows that it's likely to be
maintained, as it has a existing use outside of "Hey, I wrote some code!"

