API function remove_autossl_excluded_domains and wildcard
After creating a new account, AutoSSL no longer automatically generates a certificate for the account. A recent cPanel update confirms this in the online docs.
Our accounts are created upon customer request via a Perl script, which previously worked fine to create the account and enable AutoSSL on the account. However, now it does these steps but the site still has no SSL certificate due to the recent change.
To get past this, I can use the API function:
remove_autossl_excluded_domains?domains=$domain
to remove the specified domain from the excluded list; i.e. to include that domain (for example, "mynewsite.example.com" (all of our new sites start as subdomains of our parent domain).
However, after logging into the account's cPanel and going to the SSL page, I see that the other subdomains of the new account's subdomain are not active for SSL (i.e. they are excluded). The main account subdomain "mynewsite.example.com" is selected and a certificate is created/installed, but that API call does not include "www.mynewsite.example.com", "cpanel.mynewsite.example.com", "mail.mynewsite.example.com", etc.
I tried adding a wildcard (*.mynewsite.example.com) to the list of domains but still only included the new domain "mynewsite.example.com" and not the other subdomains for it, even though the SSL/TLS Certificates page in cPanel lists the wildcard entry as one of the ones I can manually select to add to the SSL certificate.
Is there a way through this API (or another) to include all subdomains of this new account on the SSL certificate after the account is created?
Currently my order of processes (all via the API) is to create the account , then:
1) Enable AutoSSL for the account:
add_override_features_for_user?api.version=1&user=$user&features=%7B%22autossl%22%3A1%7D
2) Remove excluded domains using the API function: remove_autossl_excluded_domains as mentioned above.
3) Then call the API function: start_autossl_check for this one user to initiate the request for their site's certficate.
Is the order of operations wrong?
Do I need to explicitly list: "cpanel.mynewsite.example.com,webmail.mynewsite.example.com,mail.mynewsite.example.com,autodiscover.mynewsite.example.com" (and others) in the domain list for remove_autossl_excluded_domains?
Thanks for any guidance you can provide regarding this function to accomplish my goal. I basically want to emulate the way it worked before.
By the way, I read about the creating the "panel.ini" file in /var/cpanel in the cPanel support article and it does work to return cPanel to the way it previously worked in this regard. But I'd still like to know how to accomplish this via the API, if possible. I don't want to have to reply on remembering to recreate that file if I replace/upgrade my server some day. :) I'd like my scripts to handle as much as possible.
Thanks!
-
Hey there! I've reached out to the SSL team about this and I'm hoping to have an update tomorrow I can share!
0 -
Awesome -- Thanks so much!
0 -
Unfortunately I'm not going to have any updates today - I'll post as soon as I know more.
0 -
No worries -- thanks for the update.
0 -
It is my understanding that yes, you need to specify each domain and subdomain you want to exclude. You can also do this at the root level with this API call:
Is that what you were looking to find out? There isn't going to be an API call for the panel.ini file as far as I am aware.
0 -
Thanks. Actually, it seems cPanel now automatically excludes all domains by default for new accounts, so I was wanting to *remove excluded domains* using (remove_autossl_excluded_domains), whereas the linked API function from your previous reply seems to be related to *adding excluded domains* for AutoSSL. But you have still answered my question by confirming that I do need to specify the individual domains to be removed from the exclude list after creating a new account.
For future reference for those wondering about the process I used when creating a new account, I ended up doing the following steps in my new account creation script, rather than relying on panel.ini being there (but that seems to work fine as well and is much easier). Anyway, here are these steps in order, and it seems to work in the absence of panel.ini. This is just pseudocode with the cPanel API functions listed:
createacct?username=$user&plan=$plan... (tell cPanel to create the account)
add_override_features_for_user?api.version=1&user=$user&features=%7B%22autossl%22%3A1%7D"
remove_autossl_excluded_domains?domains=$domain,$mailsubdomain,$webmailsubdomain,$cpanelsubdomain,$autodiscoverysubdomain
start_autossl_check (for this user account only)These steps in this order seem to work, and all the specified subdomains (mail., cpanel., webmail., etc.) are secured by the resulting SSL certificate that's generated by AutoSSL. Note, in my code I added a short (few seconds "sleep") command between steps to ensure cPanel has time to complete them. I have a 90s sleep after start_autossl_check to allow LetsEncrypt to add the certificate before I continue notifying the customer and providing an https link to their site in the email. 60s was hit or miss in some tests, so I just increased it to 90s and that seems to have been reliable.
Hopefully this helps someone in the future... :) Thanks again for checking into this for me!0 -
Nice - I'm glad you found a good workaround!
0
Please sign in to leave a comment.
Comments
7 comments