Introduction
The steps below can be used to restore a domain's DNSSEC keys from a cPanel backup.
Procedure
1) Locate the DNSSEC keys in the backup.
# tar -tvf /backup/2021-12-24/accounts/CPUSER.tar.gz|grep -i dnssec
drwxr-xr-x root/root 0 2021-12-24 09:59 CPUSER/dnssec_keys/
drwxr-xr-x root/root 0 2021-12-24 09:59 CPUSER/dnssec_keys/DOMAIN.TLD/
-rw------- root/root 1703 2021-12-24 09:59 CPUSER/dnssec_keys/DOMAIN.TLD/65317_KSK.key
-rw------- root/root 939 2021-12-24 09:59 CPUSER/dnssec_keys/DOMAIN.TLD/41433_ZSK.key
2) Extract the key files for the domain.
# tar -xvf /backup/2021-12-24/accounts/CPUSER.tar.gz CPUSER/dnssec_keys/DOMAIN.TLD/65317_KSK.key
CPUSER/dnssec_keys/DOMAIN.TLD/65317_KSK.key
# tar -xvf /backup/2021-12-24/accounts/CPUSER.tar.gz CPUSER/dnssec_keys/DOMAIN.TLD/41433_ZSK.key
CPUSER/dnssec_keys/DOMAIN.TLD/41433_ZSK.key
3) Show the contents of the key files.
# cat maindomain/dnssec_keys/addon.domain.com/29454_ZSK.key
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
...
# cat maindomain/dnssec_keys/addon.domain.com/10180_KSK.key
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
...
4) Navigate to the Zone Editor in cPanel.
cPanel > Domains > Zone Editor
5) Click the "DNSSEC" button for your domain.
6) Click the "Import Key" button.
7) Copy and paste in the contents of the key files from step 3. Make sure to select the key type that matches the file name.
8) Click the import button.