The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[How-To] Installing SSL from Let's Encrypt

Discussion in 'Security' started by cPMatthewV, Dec 4, 2015.

Thread Status:
Not open for further replies.
  1. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    UPDATE: As of cPanel and WHM version 58 the AutoSSL feature now includes Let's Encrypt support. This blog post will help you get set up there.

    Anyone using the custom workaround on this thread may want to keep this in mind when using these steps.

    The following below will show you how to install the Let's Encrypt client and how to generate and install SSL certificates from Lets Encrypt via the WHM API using a custom workaround.

    Installing the Let's Encrypt Client on CentOS 6.x
    Please note: The Let's Encrypt client requires / prefers python 2.7, so we will install Python 2.7 alongside Python 2.6. Don't worry it won't break anything.
    Code:
    rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
    yum -y install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv --enablerepo=ius
    cd /root
    git clone https://github.com/letsencrypt/letsencrypt
    cd /root/letsencrypt
    sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
    ./letsencrypt-auto --verbose
    
    Installing the Let's Encrypt Client on CentOS 7.x
    Code:
    yum -y install git
    cd /root
    git clone https://github.com/letsencrypt/letsencrypt
    cd /root/letsencrypt
    ./letsencrypt-auto --verbose
    
    NOTE: The Let's Encrypt installer will create the /etc/letsencrypt/renewal and /etc/letsencrypt/csr directories as world readable. The administrator may want to tighten the readability of these directories to fit their requirements.

    Generate an SSL
    You will be required to enter your email and accept their license agreement. I would recommend using the server admins email. Also make sure you replace "cPanelUser" with your actual username. This is require to allow the Let's Encrypt client to create the auth files for the domain and be able to access them during the authorization. Please note if you are installing a subdomain or addon domain that points to another path, that you set the path of the subdomain or addon domain.
    Code:
    cd /root/letsencrypt
    ./letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
    
    For all subsequent runs use the following below, as there is no need to re-provide your email or re-agree to the TOS.
    Code:
    cd /root/.local/share/letsencrypt/bin/
    ./letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
    
    By adding the renew-by-default command you can add this to a cron to run every 60 (recommended) or say 85 days to avoid this expiring before you are sure the new certs are retrieved. Then all you need to do is simply run the install script below again to install the updated certificate to cPanel.
    Code:
    0 0 */60 * * /root/.local/share/letsencrypt/bin/letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com; /root/installssl.pl domain.com
    
    You can also generate an SSL certificate via Get HTTPS for free!, there are additional steps that are required however.

    Script to automatically install the SSLs you generated
    This script will be used to install the SSL's you generated to cPanel/WHM via the API. Please note the following things.

    1. You must replace "rootpass" with your actual root password.
    2. The CA Bundle is not by default in the location below and is generally saved to /etc/letsencrypt/live/domain.com/fullchain.pm and is the second cert in the file. I have included the CA Bundle below the script so you can create this.
    Code:
    #!/usr/local/cpanel/3rdparty/bin/perl
    
    use strict;
    use LWP::UserAgent;
    use LWP::Protocol::https;
    use MIME::Base64;
    use IO::Socket::SSL;
    use URI::Escape;
    
    my $user = "root";
    my $pass = "rootpass";
    
    my $auth = "Basic " . MIME::Base64::encode( $user . ":" . $pass );
    
    my $ua = LWP::UserAgent->new(
        ssl_opts   => { verify_hostname => 0, SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_use_cert => 0 },
    );
    
    my $dom = $ARGV[0];
    
    my $certfile = "/etc/letsencrypt/live/$dom/cert.pem";
    my $keyfile = "/etc/letsencrypt/live/$dom/privkey.pem";
    my $cafile =  "/etc/letsencrypt/live/$dom/chain.pem";
    
    my $certdata;
    my $keydata;
    my $cadata;
    
    open(my $certfh, '<', $certfile) or die "cannot open file $certfile";
        {
            local $/;
            $certdata = <$certfh>;
        }
        close($certfh);
    
    open(my $keyfh, '<', $keyfile) or die "cannot open file $keyfile";
        {
            local $/;
            $keydata = <$keyfh>;
        }
        close($keyfh);
    
    open(my $cafh, '<', $cafile) or die "cannot open file $cafile";
        {
            local $/;
            $cadata = <$cafh>;
        }
        close($cafh);
    
    my $cert = uri_escape($certdata);
    my $key = uri_escape($keydata);
    my $ca = uri_escape($cadata);
    
    my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/installssl?api.version=1&domain=$dom&crt=$cert&key=$key&cab=$ca" );
    $request->header( Authorization => $auth );
    my $response = $ua->request($request);
    print $response->content;
    
    Add the Let's Encrypt CA Bundle
    Let's Encrypt should now include the CA Bundle when generating certs. It will be saved as chain.pem

    In the event that is missing or not created you can manually create the CA for use with the script below and change "my $cafile" in the script above to use this file instead.
    Code:
    vi /etc/letsencrypt/live/bundle.txt
    
    When editing that file set the following below and save
    Note: This has been updated with the Let's Encrypt Authority X3
    Code:
    -----BEGIN CERTIFICATE-----
    MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
    MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
    DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
    SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
    GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
    AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
    q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
    SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
    Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
    a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
    /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
    CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
    bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
    c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
    VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
    ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
    MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
    Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
    AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
    uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
    wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
    X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
    PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
    KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
    -----END CERTIFICATE-----
    

    Running the script
    First make the script executable. Then run the script with the main domain of the certificate generated from Let's Encrypt.
    Code:
    chmod +x installssl.pl
    ./installssl.pl domain.com
    
    There you go you are all set and ready to generate and install SSLs from Let's Encrypt automatically via the command line.
     
    #1 cPMatthewV, Dec 4, 2015
    Last edited: Jun 20, 2016
    EneTar, MaxFein and eva2000 like this.
  2. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    On CloudLinux 6.7, running the above line results in the following error:

    Code:
    Transaction Check Error:
    
      file /usr/bin/2to3 from install of python27-tools-2.7.10-1.ius.el6.x86_64 conflicts with file from package python-tools-2.6.6-64.el6.x86_64
     
  3. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    Hi Valetia

    This occurs because of the python-tools package from CentOS / CL 6.7. When this occurs you simply need to remove that package. I have updated the original entry to indicate this.
     
    eva2000 likes this.
  4. eva2000

    eva2000 Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    322
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Brisbane, Australia
    cPanel Access Level:
    Root Administrator
    Twitter:
    nice @cPMatthewV love the perl script ! :cool:

    cmds for LE install look familiar :-D
     
  5. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    Thanks :D and yeah I got the install instructions from their site and simply included the repo commands. It's good that is as easy as that and not to complicated. Hopefully in the future we will add native support and installation for this.
     
    MaxFein and eva2000 like this.
  6. eva2000

    eva2000 Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    322
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Brisbane, Australia
    cPanel Access Level:
    Root Administrator
    Twitter:
    https://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-2-7/2190 :)

    @cPMatthewV you also might want to pass command --renew-by-default and go full text based so subsequent runs can use a cron schedule so you can renew the SSL certs and also use letsencrypt instead of letsencrypt-auto which auto updates dependencies every run :)

    Code:
    /root/.local/share/letsencrypt/bin/letsencrypt certonly --text --agree-tos --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
    or pass email one time to register a LE account for expiry notifications etc + text only (or use cli.ini file)

    Code:
    /root/.local/share/letsencrypt/bin/letsencrypt certonly --text --agree-tos --renew-by-default --email email@domain.com --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
    also can populate i.e. with email setting in a cli.ini config file so to pass less parameters on cmd line User Guide — Let's Encrypt 0.2.0.dev0 documentation

    HTH
     
    #6 eva2000, Dec 5, 2015
    Last edited: Dec 5, 2015
  7. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    It doesn't look like they have a standard client ./letsencrypt anymore and they just have ./letsencrypt-auto. I do agree it is quite annoying have to re-run those checks. Hopefully they will fix this.
     
  8. eva2000

    eva2000 Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    322
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Brisbane, Australia
    cPanel Access Level:
    Root Administrator
    Twitter:
    Ah you're looking in wrong directory. With above install instructions the non-auto binary will be at /root/.local/share/letsencrypt/bin/letsencrypt

    It's defined at https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt-auto#L13-L16

    Code:
    /root/.local/share/letsencrypt/bin/letsencrypt --version  
    letsencrypt 0.1.0
    Code:
    /root/.local/share/letsencrypt/bin/letsencrypt --help webroot
    usage:
      letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ...
    
    The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates.  By
    default, it will attempt to use a webserver both for obtaining and installing
    the cert. Major SUBCOMMANDS are:
    
      (default) run        Obtain & install a cert in your current webserver
      certonly             Obtain cert, but do not install it (aka "auth")
      install              Install a previously obtained cert in a server
      revoke               Revoke a previously obtained certificate
      rollback             Rollback server configuration changes made during install
      config_changes       Show changes made to server config during installation
      plugins              Display information about installed plugins
    
    optional arguments:
      -h, --help            show this help message and exit
      -c CONFIG_FILE, --config CONFIG_FILE
                            config file path (default: None)
    
    webroot:
      Webroot Authenticator
    
      -w WEBROOT_PATH, --webroot-path WEBROOT_PATH
                            public_html / webroot path. This can be specified
                            multiple times to handle different domains; each
                            domain will have the webroot path that preceded it.
                            For instance: `-w /var/www/example -d example.com -d
                            www.example.com -w /var/www/thing -d thing.net -d
                            m.thing.net` (default: None)
    Code:
    ls -lah /root/.local/share/letsencrypt/bin/
    total 72K
    drwxr-xr-x 2 root root 4.0K Dec  3 19:10 .
    drwxr-xr-x 5 root root 4.0K Nov 15 20:42 ..
    -rw-r--r-- 1 root root 2.2K Nov 15 20:42 activate
    -rw-r--r-- 1 root root 1.3K Nov 15 20:42 activate.csh
    -rw-r--r-- 1 root root 2.4K Nov 15 20:42 activate.fish
    -rw-r--r-- 1 root root 1.2K Nov 15 20:42 activate_this.py
    -rwxr-xr-x 1 root root  261 Dec  3 19:10 easy_install
    -rwxr-xr-x 1 root root  261 Dec  3 19:10 easy_install-2.7
    -rwxr-xr-x 1 root root  245 Dec  3 19:10 jws
    -rwxr-xr-x 1 root root  245 Dec  3 19:10 letsencrypt
    -rwxr-xr-x 1 root root  249 Dec  3 19:10 letsencrypt-renewer
    -rwxr-xr-x 1 root root  368 Nov 15 20:42 ndg_httpclient
    -rwxr-xr-x 1 root root  242 Nov 15 20:42 pbr
    -rwxr-xr-x 1 root root  310 Nov 15 20:42 pip
    -rwxr-xr-x 1 root root  312 Nov 15 20:42 pip2
    -rwxr-xr-x 1 root root  316 Nov 15 20:42 pip2.7
    lrwxrwxrwx 1 root root    9 Nov 15 20:42 python -> python2.7
    lrwxrwxrwx 1 root root    9 Nov 15 20:42 python2 -> python2.7
    -rwxr-xr-x 1 root root 4.8K Nov 15 20:42 python2.7
    also corrected my above post with full path as i assumed ./letsencrypt was from /root/.local/share/letsencrypt/bin/
     
    #8 eva2000, Dec 5, 2015
    Last edited: Dec 5, 2015
    MaxFein likes this.
  9. ChristianSB

    ChristianSB Registered

    Joined:
    Sep 23, 2015
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Getting

    -bash: ./installssl.pl: /usr/local/cpanel/3rdparty/bin/perl^M: bad interpreter: No such file or directory

    when running the ./installssl.pl mydomain.tld

    Works now, used
    sed -i 's/\r//' installssl.pl
     
    #9 ChristianSB, Dec 5, 2015
    Last edited: Dec 5, 2015
    eva2000 likes this.
  10. pankajsystem

    pankajsystem Registered

    Joined:
    Nov 29, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    This is great only yesterday I got the query from a client to install lets encryt ssl on cPanel server and I was trying to upgrade phython from 2.6 to 2.7 but that was not recommended hence I have stop working on it. I will try this new tutorial now and hopefully this will help me
     
  11. eminos

    eminos Member

    Joined:
    Oct 26, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm getting this error following the tutorial, after running the ./letsencrypt-auto --verbose command for the first time.
    I'm on CloudLinux 6.

    Code:
    Creating virtual environment...
    Running virtualenv with interpreter /usr/bin/python2.7
    Traceback (most recent call last):
      File "/usr/lib/python2.6/site-packages/virtualenv.py", line 16, in <module>
        import tempfile
      File "/usr/lib64/python2.7/tempfile.py", line 32, in <module>
        import io as _io
      File "/usr/lib64/python2.7/io.py", line 51, in <module>
        import _io
    ImportError: /usr/lib64/python2.7/lib-dynload/_io.so: undefined symbol: _PyErr_ReplaceException
    
    Also the packages python-virtualenv and cloudlinux' alt-python-virtualenv were in some conflict so I removed the alt-python-virtualenv which solved that issue.
     
  12. siriusb

    siriusb Member

    Joined:
    Mar 10, 2009
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Argentina
    cPanel Access Level:
    Root Administrator
    Hi.

    When I try to make a demo SSL , script doesn't create /etc/letsencrypt/live/$domain directory.
    So, I did it manually.

    If I execute it again, same error.

    Code:
    cannot open file /etc/letsencrypt/live/zagas.com.ar/cert.pem at /root/installssl.pl line 29.
    


    Code:
    root@eh-002 [~/scripts/letsencrypt]# pwd
    /root/scripts/letsencrypt
    
    root@eh-002 [~/scripts/letsencrypt]# ./letsencrypt-auto --text --agree-tos --email webmaster@$domain.com.ar --renew-by-default --webroot --webroot-path /home/$domain/public_html/ -d $domain.com.ar -d www.$domain.com.ar
    Updating letsencrypt and virtual environment dependencies.......
    Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email webmaster@$domain.com.ar --renew-by-default --webroot --webroot-path /home/$domain/public_html/ -d $domain.com.ar -d www.$domain.com.ar
    No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually
    
    root@eh-002 [~/scripts/letsencrypt]# /root/installssl.pl $domain.com.ar
    cannot open file /etc/letsencrypt/live/$domain.com.ar/cert.pem at /root/installssl.pl line 29.
    
    root@eh-002 [~/scripts/letsencrypt]# find /etc/letsencrypt/ -type d
    /etc/letsencrypt/
    /etc/letsencrypt/accounts
    /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org
    /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
    /etc/letsencrypt/live
    /etc/letsencrypt/live/$domain.com.ar
    
    root@eh-002 [~/scripts/letsencrypt]# find /etc/letsencrypt/ -type f
    /etc/letsencrypt/live/bundle.txt
    
    root@eh-002 [~/scripts/letsencrypt]# find . -iname "*$domain*"
    root@eh-002 [~/scripts/letsencrypt]#
    
     
  13. ThomasY

    ThomasY Registered

    Joined:
    Nov 17, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Manchester
    cPanel Access Level:
    Root Administrator
    I'm getting the same error as siriusb.
    It doesn't create the /etc/letsencrypt/ directory, so I tried to create before I could even create bundle.txt it manually but no luck.

    This is on CENTOS 6.7

    Anyone got any ideas?

    Edit: Nevermind, apparently for whatever reason python wasn't installing 2.7 correctly.

    I did the following command and it was still showing only python 2.6

    Code:
    whereis python

    After that I redid this.

    Code:
    yum -y install python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius

    Afterwards I retried running the python script and it worked correctly.
     
    #13 ThomasY, Dec 6, 2015
    Last edited: Dec 6, 2015
  14. pankajsystem

    pankajsystem Registered

    Joined:
    Nov 29, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hey I have followed the given tutorial and installed SSL successfully on the domain http://www.example.in but when I accessed https://www.example.in there is green pad lock appearing there so I have checked this and found that site have

    Insecure <form> call.
    Found on line # 56 in file: http://www.example.in/index.html

    I have checked other forums and they said that your certificate may be using outdated protocols like sha1 or sha2 hence it is not showing that green padlock

    so is this free SSL not so secured ? I'm worried
     
    #14 pankajsystem, Dec 6, 2015
    Last edited by a moderator: Dec 6, 2015
  15. mvirtue

    mvirtue Registered

    Joined:
    Sep 1, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    As instructed above, I removed the python tools...
    Code:
    yum remove python-tools
    Just now I received an email from my WHM server with the subject "An update failure has occured."
    The body of the email included the line...
    I installed python-tools again, and got the same error above:
    So it seems I can either have the ability for WHM/cPanel to update itself, or I can have LetsEncrypt, but not both.

    Any thoughts?
     
  16. Mark. S

    Mark. S Registered

    Joined:
    Dec 8, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Fantastic! Thank you for this :)

    I'm running this now via a PHP script (out on it's own, not web accessible) which I pass the initial arguments to (path, domains.) I'm aiming eventually to have this populate a table with the information of the certificate and when it should be renewed next (doing +60 days) and have only one script run via cron to query this, find out which ones need renewing, and only renew those (rather than multiple cron jobs for each domain.)

    I want to look into doing this with the main service SSL too (dovecot, exim, ftp, cpanel) and using the API here: WHM API 1 Functions - install_service_ssl_certificate - Software Development Kit - cPanel Documentation

    Is this last bit something you would recommend not doing?
     
  17. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    After some additional testing the python27-tools package is not required and this will work without it. Feel free to remove this and reinstall python-tools for cPanel and Mailman. We apologize for any problems this step caused. We have updated the article to remove this.

    Code:
    rpm -e --nodeps python27-tools
    yum -y install python-tools
    
     
    eva2000 likes this.
  18. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    Hi Mark,

    There should be no issue with installing this to the service SSL and I would actually recommend having a signed SSL there. Just make sure you renew this every 90 days. In the event you don't however cPanel should generate self-signed certificates for the servers hostname to avoid any problem with those services ssl certificates.
     
    eva2000 likes this.
  19. procopius560

    procopius560 Registered

    Joined:
    Dec 9, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    The instructions worked with the addition of running sed -i 's/\r//' installssl.pl. I was very pleased to have an SSL site within 20 minutes in my test site! However, I have misgivings about entering the root password into a script. Shouldn't the script run as root anyway? Why is this necessary?
     
  20. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    @procopius560 I am glad to hear this is working for you. The reason the root password needs to be provided is because this actually interacts with the API to install the SSL which requires authentication with WHM/cPanel. If you do now wish to place your password here there are other methods of authenticating which you can find in the Guide to API Authentication,namely connecting with an SSH key / access hash.
     
    eva2000 likes this.
Thread Status:
Not open for further replies.

Share This Page