SOLVED CPANEL-38866 - How to exclude multiple domains of multiple cPanel accounts from AutoSSL via SSH

[Inna]

Hello,

Suppose these are my clients' cPanel accounts:

domain1.com (www and mail are in SSL/TLS Status option too)
domain2.com (www and mail are in SSL/TLS Status option too)
domain3.com (www and mail are in SSL/TLS Status option too)
domain4.com (www and mail are in SSL/TLS Status option too)
domain5.com (www and mail are in SSL/TLS Status option too)

In fact, they are 105 accounts.
I need to exclude each www and mail from AutoSSL renew, and only the main domain (domain1, domain2, ...) remain active in renewal progress.

How can I exclude them via SSH? Is there any way to do that instead of logging in to 105 single accounts?

 

[cPRex]

Hey there! The closest thing I would have would be this API call:

Disable AutoSSL for domain

This function disables AutoSSL for an account's specified domains.

api.docs.cpanel.net

Can you try using that and see if that works for your needs?

 

[Inna]

Hey there! The closest thing I would have would be this API call:

Disable AutoSSL for domain

This function disables AutoSSL for an account's specified domains.

api.docs.cpanel.net

Can you try using that and see if that works for your needs?

Thanks for the link and docs, but the only issue is this. Suppose the below command:

whmapi1 --output=jsonpretty add_autossl_user_excluded_domains username='user' domain=www.ip.domain.com domain1=www.domain.com

in cPanel interface, the order is like this:

• domain.com
• ip.domain.com
• mail.domain.co
• www.ip.domain.com
• www.domain.com
• www.mail.com

The issue with the above command is that the respond is OK, but only the domain in the first parameter (in this case, it is www.ip.domain.com) is implemented.
If I change it to domain=www.domain.com domain1=www.ip.domain.com only www.domain.com is exluced.

The doc says domain=domain=example.com domain1=example1.com domain2=example2.com but the syntax is wrong and if I run this command I get this error:

[root@fqdn ~]# whmapi1 --output=jsonpretty add_autossl_user_excluded_domains username='user' domain=domain=www.ip.domain.com domain1=www.domain.com
{
   "metadata" : {
      "reason" : "API failure: (XID 42pcds) You do not own the following domain: domain=www.ip.domain.com.",
      "command" : "add_autossl_user_excluded_domains",
      "version" : 1,
      "result" : 0
   }
}

 

[Inna]

Delete this post please I see DST Root CA X3 Expiration and Let's Encrypt to update the certificates, but I'm curious about how this API works with multiple domains

 

[cPRex]

Well sure enough, that's happening on my end as well. I'm looking into this now and I'll update you soon.

 

[cPRex]

I've created a case with our team to look into that API behavior. If you're signed in to our system, you can follow along with https://support.cpanel.net/hc/en-us/articles/4410084409239 to receive updates on that.

At this time, the only workaround I have available is to run multiple API commands, or use the cPanel >> SSL/TLS Status interface to get those domains excluded.

 

[cPRex]

Update - we've fixed the typo and updated the command so it actually works. Check it out here: Disable AutoSSL for domain · cPanel & WHM Developer Portal

 

[Inna]

Thanks, it works now

 

[cPRex]

I'm glad to hear that's working well!