Automated cPanel/WHM SSL Renew

Krydos

• July 14, 2016 04:50

Hi, I know I can manually install my certificates through: WHM >> Service Configuration >> Manage Service SSL Configuration But, is there a command line script that will do the same thing? I'm not referring to user accounts, or domains hosted on the server, but the server services themselves. server:2083, server:2087, server:2096, etc. The reason I ask is because I'm interested in automating the renewal process. I've found the certificates/keys located in /var/cpanel/ssl should I just write a script to move the new certificates to overwrite them into all of those service locations? Is there an easier way?

• 

  Infopro

  • July 14, 2016 09:56

  I'm interested in automating the renewal process.

  
  It should already be automated I believe. Here's a Feature Request with comments that explains this:

  0
• 

  Krydos

  • July 14, 2016 18:01

  It should already be automated I believe. Here's a Feature Request with comments that explains this:

  0
• 

  cPanelMichael

  • July 14, 2016 18:44

  Hello, You can do this with a custom script, or with a single command, by using the following WHM API 1 function: Let us know if you have any questions. Thank you.

  0
• 

  Krydos

  • July 15, 2016 16:37

  That API was introduced in cPanel/WHM version 11.52.0.8. One of my older servers that was partitioned with the older suggested partition sizes is currently blocked from upgrading because of the 3 GB requirement. The cPanel & WHM installation and upgrade processes require at least 3 GB of additional disk space for staging purposes.
  Source:

  0
• 

  cPanelMichael

  • July 15, 2016 17:08

  Is there any easy way to install cPanel/WHM service SSL certificates through the command line on an older version of your software?

  
  Hello, Yes, you can manually replace the certificate files via the command line. There's actually a thread here that should help: cPanel SSL Certs for custom Let's Encrypt Plugin It's a question about replacing service SSL certificates for a custom plugin that uses "Let's Encrypt", however all of the paths and information required to manually update the certificate data is provided on this thread. Let us know if you have any questions. Thanks!

  0
• 

  Krydos

  • July 18, 2016 21:33

  Thanks for the replies, and thanks for that link. I had a hard time even searching to figure out that cPanel currently stores certificates in /var/cpanel/ssl/ since it has changed so many times over the years. In case anyone comes across this thread here is a portion of the bash script that I wrote to install the new certificates. Prior to this snippet my script renews the certificates, tests the certificates to make sure they have been updated, and then:
  # location of new certificates cert_dir="/path/to/renewed/certificates" # location to install new certificates cpanel_dir="/var/cpanel/ssl" # domain that certificates are created for domain="mydomain.com" # create certificates here # test certificates to make sure there is something to update timestamp=`date +"_%Y-%m-%d_%H-%M"` # backup existing certificates echo "Backing up existing certificates to $backup_dir." # courier cp $cpanel_dir/courier/myimapd.pem $backup_dir/myimapd.pem$timestamp cp $cpanel_dir/courier/mypop3d.pem $backup_dir/mypop3d.pem$timestamp #cpanel cp $cpanel_dir/cpanel/mycpanel.pem $backup_dir/mycpanel.pem$timestamp cp $cpanel_dir/cpanel/mycpanel.cabundle $backup_dir/mycpanel.cabundle$timestamp #exim cp $cpanel_dir/exim/myexim.key $backup_dir/myexim.key$timestamp cp $cpanel_dir/exim/myexim.crt $backup_dir/myexim.crt$timestamp # ftp cp $cpanel_dir/ftp/pure-ftpd.pem $backup_dir/pure-ftpd.pem$timestamp cp $cpanel_dir/ftp/myftpd-rsa.pem $backup_dir/myftpd-rsa.pem$timestamp cp $cpanel_dir/ftp/myftpd-rsa-key.pem $backup_dir/myftpd-rsa-key.pem$timestamp # install new certificates echo "Installing new certificates to $cpanel_dir." # courier cat $cert_dir/$domain.key $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/courier/myimapd.pem cat $cert_dir/$domain.key $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/courier/mypop3d.pem # cpanel cat $cert_dir/$domain.key $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/cpanel/mycpanel.pem cat $cert_dir/chain.crt > $cpanel_dir/cpanel/mycpanel.cabundle #exim cat $cert_dir/$domain.key > $cpanel_dir/exim/myexim.key cat $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/exim/myexim.crt # ftp cat $cert_dir/$domain.key $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/ftp/pure-ftpd.pem cat $cert_dir/$domain.crt $cert_dir/chain.crt > $cpanel_dir/ftp/myftpd-rsa.pem cat $cert_dir/$domain.key > $cpanel_dir/ftp/myftpd-rsa-key.pem # restart services echo "Restarting courier." /scripts/restartsrv_courier echo "Restarting cPanel." /etc/init.d/cpanel restart echo "Restarting exim." /scripts/restartsrv_exim echo "Restarting ftp." /scripts/restartsrv_ftpd
  I've tested it on a live production server, and it works.

  0

Please sign in to leave a comment.