Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Force installation of new SSL cert using UAPI install_ssl?

Discussion in 'cPanel Developers' started by swbrains, Oct 19, 2016.

Tags:
  1. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    54
    Likes Received:
    2
    Trophy Points:
    158
    (Centos 7 server / WHM 58.0 build 32)

    I am calling UAPI install_ssl to install a wildcard cert on a subdomain on my server. The script works fine when installing a certificate on a subdomain with no existing certificate installed. Now I have a wildcard cert installed on this account (expires in February 2017) and I want to test the renewal process via my script that handles updating the cert when it is close to expiration.

    I generated a new wildcard SSL certificate and I call UAPI install_ssl function to install it. It returns with a message: "This certificate was already installed on this host. The system made no changes" and the updated certificate is not installed, which makes sense.

    I realize the current certificate is not due to expire until next year, but I want to test the renewal process by installing a new copy of the wildcard cert on this account. I am unsure if this function will allow the new certificate to be installed over the current certificate at a later time, closer to it's expiration date or if I need to do something manually to "force" the installation of a new SSL cert via the UAPI when one already exists on that account.

    My questions:

    1) Does the UAPI install the new cert based on the expiration date of the current certificate (assuming one is installed)? If so, when does this function actually succeed in updating the certificate with the new one provided (that is, how close to the old cert's expiration date)?

    2) Is there a way to force the installation of the new certificate regardless of the existing cert's expiration, short of deleting the existing cert using UAPI SSL::delete_cert and then attempting the installation of the new cert?

    Thanks!
     
  2. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    54
    Likes Received:
    2
    Trophy Points:
    158
    Figured this out... I was sending in the same CRT and KEY data from my old certificate, so cPanel's message was right on. I had not updated the source location I was pulling this data from so it kept trying to pull from the previous CRT and KEY data and, of course, said the certificate was already installed. After updating the CRT and KEY data in the source location, the script properly sent in the new certificate data and cPanel updated the account with the new certificate.
     
  3. cPLevey

    cPLevey Technical Analyst Supervisor
    Staff Member

    Joined:
    Dec 3, 2015
    Messages:
    44
    Likes Received:
    8
    Trophy Points:
    83
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Awesome news! Thanks for sharing. I'm glad to hear you were able to get this resolved!
     
Loading...

Share This Page