Using cPanel generated SSL certs with stunnel

BassTeQ

• March 12, 2020 20:15

I'm trying to configure stunnel, and need to provide a cert and key (see below) cert = /etc/example/fullchain.pem key = /etc/example/privkey.pem I'd like to use the existing certificates generated by cPanel under /var/cpanel/ssl/domain_tls/subdomain.example.com certificates certificates.cache combined combined.cache Would I need the configuration to be; cert = /var/cpanel/ssl/domain_tls/subdomain.example.com/certificates key = not sure what to use? Thanks!

• 

  cPanelLauren

  • March 13, 2020 19:38

  The following should get you this information:

  0
• 

  BassTeQ

  • March 15, 2020 22:25

  The following should get you this information:

  0
• 

  BassTeQ

  • March 17, 2020 01:58

  I managed to get this working, using the command line tool 'uapi', then parsing the output YAML in perl to extract the private key and then save it to a file.

  0
• 

  BassTeQ

  • March 19, 2020 00:40

  Just stuck with another issue. If I generate a cert with letsencrypt and run the command below it generates a bundle.pem file which works well with the application cat /etc/letsencrypt/live/domain.example.com/fullchain.pem /etc/letsencrypt/live/domain.example.com/privkey.pem > /etc/certs/bundle.pem
  I'm trying to work out how to do this with the data returned from the cpanel application "uapi" The data returned is - cabundle - certificate - key I've tried writing out cabundle followed by key, but the bundle.pem wasn't valid. Appreciate any help. Thanks

  0
• 

  cPanelLauren

  • March 19, 2020 13:53

  Well, the cabundle for all of let's encrypt certificates would be the same. What is it you're trying to do with this?

  0
• 

  BassTeQ

  • March 22, 2020 22:16

  Well, the cabundle for all of let's encrypt certificates would be the same. What is it you're trying to do with this?

  
  I'm trying to use the certificate for an icecast server. Update: I've managed to get it working now, found a bug in my script which was causing an issue. On another note, is there a way I can run a custom script after a cPanel SSL cert has been updated for a particular sub-domain? Thanks

  0
• 

  cPanelLauren

  • March 24, 2020 16:20

  That would qualify as a hookable event :)

  0
• 

  BassTeQ

  • March 25, 2020 03:24

  That would qualify as a hookable event :) after a "upcp" runs? /usr/local/cpanel/bin/manage_hooks add script /path/to/postupcpscript.php --manual --category System --event upcp --stage post
  Thanks

  0
• 

  cPanelLauren

  • March 25, 2020 19:41

  Yep, cPanel's maintenance includes checking for SSL certificates. But upcp wouldn't be the only instance in which this occurs, adding a domain, or creating an account also trigger an autossl run for the account.

  0
• 

  techguide

  • July 27, 2021 03:55

  The following should get you this information:

  0
• 

  cPRex Jurassic Moderator

  • July 27, 2021 14:37

  @techguide - this call will show the friendly name for the certificate:

  0

Please sign in to leave a comment.