Creating combined SSL certificate from cPanel generated individual sub-domains

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
Hi,

I've been using the below method to create CA bundle certificate from a cpanel generated subdomain.
What I'd like to know, is how I create a single key and single bundle file that covers multiple subdomains?

Perl:
        my $output = `uapi --user=username SSL fetch_cert_info id=$certname 2>/dev/null`;

        my $yaml = YAML::Tiny->read_string($output);
        my $fh;
        print "Updating Key: $main_key from [$cert]\n";
        open($fh, ">$main_key") or die("Can't open for write $main_key, $!");
        print $fh $yaml->[0]->{result}->{data}->{key}."\n";
        close($fh);

        print "Updating Bundle Key: $bundle_key\n";
        open($fh, ">$bundle_key") or die("Can't open for write $bundle_key, $!");
        print $fh $yaml->[0]->{result}->{data}->{key}."\n";
        print $fh $yaml->[0]->{result}->{data}->{certificate}."\n";
        print $fh $yaml->[0]->{result}->{data}->{cabundle}."\n";
        close($fh);
Thanks
 

cPJustinD

Administrator
Staff member
Jan 12, 2021
286
52
103
Houston
cPanel Access Level
Root Administrator
Hey there! To my understanding, you would need a wildcard certificate to accomplish this, and this would only cover the domain's subdomains, not all subdomains on the server.

You can find more information on generating a CSR to request a wildcard from a Certificate Authority here:

How to create a wildcard CSR (Certificate Signing Request)
 

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
Hey there! To my understanding, you would need a wildcard certificate to accomplish this, and this would only cover the domain's subdomains, not all subdomains on the server.

You can find more information on generating a CSR to request a wildcard from a Certificate Authority here:

How to create a wildcard CSR (Certificate Signing Request)
Thanks, I'll review that page, would that certificate also get automatically renewed like the subdomains ones do?

Cheers
 

cPJustinD

Administrator
Staff member
Jan 12, 2021
286
52
103
Houston
cPanel Access Level
Root Administrator
Hello again! Wildcard certificates renewals via 3rd party providers would require removing the old certificate and replacing it with the new certificate details, which is not handled automatically.

If the certificate was purchased via the cPanel store, the process is still the same but handled automatically. You can enable the cPanel Store in WHM » Market » Market Provider Manager. Then you can purchase a wildcard certificate for the domain from within the cPanel account using the SSL/TLS interface.

Additionally, I wanted to mention a free wildcard SSL option available, but it does have a few caveats. You can find more on the free wildcard SSLs here:

Can I issue a wildcard SSL for free?
 

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
Thanks, I didn't want to have to purchase the certificate, will look into the Lets Encrypt link, cheers!
 
  • Like
Reactions: cPJustinD