I don't think this is a great approach to certificate management. Is there a specific reason you're constrained to automating Certbot through PHP subprocess creation? There are serveral pure PHP ACME clients listed here: ACME Client Implementations - Let's Encrypt You might have a better experience with one of them.
If you're absolutely constrained to invoking Certbot from PHP with shell_exec I think you'll have to provide a lot more information to help with debugging. (What's the cert.sh script? What does the interpolated certbot command line given to shell_exec look like at runtime? What is the $www output returned from shell_exec? Is the return NULL? What user is the PHP process running as? What's its $PATH?, etc)
I’m afraid to use these third-party stuff because you update and terminate with the agent, I protected the shell_exec command well, it’s turned on and released when it validates the domain, what do you tell me?
I'm not sure I understand what you mean. Certbot is third-party as well.
shell_exec returns NULL in the error case, so that is one signal to help with debugging
One way to make progress debugging this may be to try running your .cert.sh script as the php-fpm user from a SSH connection. It will probably provide error messages to stderr that are being masked by shell_exec. You may also want to check what the $PATH for that user is, and make sure that the certbot executable is located somewhere in that user's $PATH.
(I still think that trying to use Certbot in this manner is a recipe for trouble)
[root]# /usr/local/openresty/nginx/html/pHpServer-PG/api/./cert.sh teste.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Resetting dropped connection: acme-v02.api.letsencrypt.org
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2019-09-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le