v0.1.0 - First Beta

🐺 Order placed. Certificate incoming. No anvils required.

CoyoteCert is a brand new PHP 8.3+ ACME v2 client that actually does what it says on the tin. Grab TLS certificates from Let's Encrypt, ZeroSSL, Google Trust Services, and more, without the pain.

Install

composer require blendbyte/coyotecert

What's in the box

The ACME v2 goods (RFC 8555)

• Full protocol support: accounts, orders, authorizations, issuance, revocation
• HTTP-01, DNS-01, and TLS-ALPN-01 challenges
• ECDSA (P-256, P-384) + RSA, pick your poison
• EAB support for the CAs that make you jump through hoops (ZeroSSL, GTS, SSL.com)
• ARI smart renewal (RFC 8739): asks the CA when to renew, not just if
• Dual-algorithm certs: serve RSA and ECDSA from the same domain simultaneously
• Preferred chain selection
• dns-persist-01 for when you've already deployed the record and just need validation

Supported CAs
Let's Encrypt · ZeroSSL · Google Trust Services · SSL.com · Buypass Go · Pebble · Custom

DNS-01 Providers
Cloudflare · Hetzner · DigitalOcean · ClouDNS · AWS Route53 · Shell/exec (bring your own)

Storage
Filesystem · PDO · In-Memory · Roll your own via StorageInterface

CLI

coyote issue --provider=letsencrypt --dns=cloudflare example.com
coyote status example.com

Built right
PSR-18 HTTP · PSR-3 logging · PHPStan max · PHP CS Fixer · ~94% test coverage

What's Changed

• Remove RemoveFromCrl from RevocationReason enum by @bashgeek in #3
• Add onIssued/onRenewed event callbacks by @bashgeek in #4
• Add dual-algorithm certificate storage (RSA + ECDSA per domain) by @bashgeek in #6
• Add typed exceptions: AuthException, RateLimitException::getRetryAfter(), AcmeException::getSubproblems() by @bashgeek in #7
• Add preferred chain selection (RFC 8555 §7.4.2) by @bashgeek in #5
• Add coyote CLI (issue + status commands) by @bashgeek in #8
• feat: DNS-01 provider adapters by @bashgeek in #9

Full Changelog: https://github.com/blendbyte/CoyoteCert/commits/v0.1.0