SSL certificate sync to backup server
We are set up with a primary live server and a backup server that user accounts are synced to. Is it possible to set up the AutoSSL certs to sync and install on the backup server?
The issue is that AutoSSL fails on the backup server because the checks are unable to be completed on hosting that is not currently live. We would like the AutoSSL certs on the primary server to be installed on the backup server automatically. We currently sync the user directory and databases with rsync.
Any suggestions?
Thanks
-
The only way to have AutoSSL working is to have a cPanel server with AutoSSL on live domains. The domains SSL certificates should be kept in their backups, so that wouldn't be needed on the backup server. When you move to a new server, or restore from a backups new AutoSSL certificates are provisioned for the domains using AutoSSL. 0 -
We understand that AutoSSL won't work on the backup server. Do you have a recommendation on transferring and installing the SSL certs from the primary server to the backup server? It looks like the certificates are stored here: /var/cpanel/ssl/apache_tls/domain.tld/combined If we sync that directory to the backup server would the cert still need to be installed on the backup server? Thanks 0 -
We understand that AutoSSL won't work on the backup server. Do you have a recommendation on transferring and installing the SSL certs from the primary server to the backup server? It looks like the certificates are stored here: /var/cpanel/ssl/apache_tls/domain.tld/combined If we sync that directory to the backup server would the cert still need to be installed on the backup server? Thanks
Did you try this approach, and did it work? Despite cpanel's lack of interest, obviously when moving traffic to a backup server, you're not going to want an outage while you wait for autossl to run. We're in the same situation, and likewise looking for a way to keep the certs up to date on the secondary server, short of manually copying them over via whm.0 -
As I indicated previously SSL certificates are backed up with the account. This means when you restore the account the certificate if present should be restored along with the account, should you need to perform a restore. Users' certificates are stored in /home/$user/ssl
but they cannot be installed on a backup server, unless you don't actually mean backup server and instead you mean a failover. In that instance since you wouldn't be able to run autoSSL for the domain on the secondary server you would retrieve the data from/home/$user/ssl/
and use the API to install it, the UAPI function for this can be found here:0 -
Did you try this approach, and did it work? Despite cpanel's lack of interest, obviously when moving traffic to a backup server, you're not going to want an outage while you wait for autossl to run. We're in the same situation, and likewise looking for a way to keep the certs up to date on the secondary server, short of manually copying them over via whm.
I was able to get the AutoSSL certificates to the backup/failover server successfully using this method. I rsync'd the /var/cpanel/ssl/apache_tls/domain.tld/combined and /var/cpanel/ssl/apache_tls/domain.tld/certificate files to the backup server and restarted Apache. This worked for me. I haven't done more testing to find the best way or if both of these files need to be transferred.0
Please sign in to leave a comment.
Comments
5 comments