Force installation of new SSL cert using UAPI install_ssl?

swbrains

Well-Known Member
Sep 13, 2006
306
45
178
(Centos 7 server / WHM 58.0 build 32)

I am calling UAPI install_ssl to install a wildcard cert on a subdomain on my server. The script works fine when installing a certificate on a subdomain with no existing certificate installed. Now I have a wildcard cert installed on this account (expires in February 2017) and I want to test the renewal process via my script that handles updating the cert when it is close to expiration.

I generated a new wildcard SSL certificate and I call UAPI install_ssl function to install it. It returns with a message: "This certificate was already installed on this host. The system made no changes" and the updated certificate is not installed, which makes sense.

I realize the current certificate is not due to expire until next year, but I want to test the renewal process by installing a new copy of the wildcard cert on this account. I am unsure if this function will allow the new certificate to be installed over the current certificate at a later time, closer to it's expiration date or if I need to do something manually to "force" the installation of a new SSL cert via the UAPI when one already exists on that account.

My questions:

1) Does the UAPI install the new cert based on the expiration date of the current certificate (assuming one is installed)? If so, when does this function actually succeed in updating the certificate with the new one provided (that is, how close to the old cert's expiration date)?

2) Is there a way to force the installation of the new certificate regardless of the existing cert's expiration, short of deleting the existing cert using UAPI SSL::delete_cert and then attempting the installation of the new cert?

Thanks!
 

swbrains

Well-Known Member
Sep 13, 2006
306
45
178
Figured this out... I was sending in the same CRT and KEY data from my old certificate, so cPanel's message was right on. I had not updated the source location I was pulling this data from so it kept trying to pull from the previous CRT and KEY data and, of course, said the certificate was already installed. After updating the CRT and KEY data in the source location, the script properly sent in the new certificate data and cPanel updated the account with the new certificate.