/**
* Request a first certificate for the given domain.
*
* @param string $domain
* @param array $alternativeNames
*/
private function executeFirstRequest($domain, array $alternativeNames)
{
$introduction = <<<'EOF'
There is currently no certificate for domain %s in the Acme PHP storage. As it is the
first time you request a certificate for this domain, some configuration is required.
<info>Generating domain key pair...</info>
EOF;
$this->output->writeln(sprintf($introduction, $domain));
// Generate domain key pair
$domainKeyPair = $this->getContainer()->get('ssl.key_pair_generator')->generateKeyPair();
$this->repository->storeDomainKeyPair($domain, $domainKeyPair);
$distinguishedName = $this->getOrCreateDistinguishedName($domain, $alternativeNames);
$this->output->writeln("<info>Distinguished name informations have been stored locally for this domain (they won't be asked on renewal).</info>");
// Request
$this->output->writeln(sprintf('<info>Requesting first certificate for domain %s ...</info>', $domain));
$csr = new CertificateRequest($distinguishedName, $domainKeyPair);
$response = $this->client->requestCertificate($domain, $csr);
$this->repository->storeDomainCertificate($domain, $response->getCertificate());
// Post-generate actions
$this->output->writeln('<info>Running post-generate actions...</info>');
$this->actionHandler->handle($response);
// Success message
/** @var ParsedCertificate $parsedCertificate */
$parsedCertificate = $this->getContainer()->get('ssl.certificate_parser')->parse($response->getCertificate());
$success = <<<'EOF'
<info>The SSL certificate was fetched successfully!</info>
This certificate is valid from now to %expiration%.
5 files were created in the Acme PHP storage directory:
* <info>%private%</info> contains your domain private key (required in many cases).
* <info>%cert%</info> contains only your certificate, without the issuer certificate.
It may be useful in certains cases but you will probably not need it (use fullchain.pem instead).
* <info>%chain%</info> contains the issuer certificate chain (its certificate, the
certificate of its issuer, the certificate of the issuer of its issuer, etc.). Your certificate is
not present in this file.
* <info>%fullchain%</info> contains your certificate AND the issuer certificate chain.
You most likely will use this file in your webserver.
* <info>%combined%</info> contains the fullchain AND your domain private key (some
webservers expect this format such as haproxy).
Read the documentation at https://acmephp.github.io/documentation/ to learn more about how to
configure your web server and set up automatic renewal.
To renew your certificate manually, simply re-run this command.
EOF;
$masterPath = $this->getContainer()->getParameter('app.storage_directory');
$replacements = ['%expiration%' => $parsedCertificate->getValidTo()->format(\DateTime::ISO8601), '%private%' => $masterPath . '/private/' . $domain . '/private.pem', '%cert%' => $masterPath . '/certs/' . $domain . '/cert.pem', '%chain%' => $masterPath . '/certs/' . $domain . '/chain.pem', '%fullchain%' => $masterPath . '/certs/' . $domain . '/fullchain.pem', '%combined%' => $masterPath . '/certs/' . $domain . '/combined.pem'];
$this->output->writeln(str_replace(array_keys($replacements), array_values($replacements), $success));
}