Issue and install Let's Encrypt certificate with API

[fred_inovagora]

Hi,

I'm trying to issue/install a Let's Encrypt certificate for a single FQDN entirely with the cPanel UAPI and/or the cPanel API2.
Could you point me in the right direction ? (if this is possible)

Thanks a lot

 

[cPanelLauren]

Hello,


Since AutoSSL is installed per account rather than per domain, so long as you have Let's Encrypt selected as your provider you can run the following to check per account:

WHM API 1 Functions - start_autossl_check_for_one_user - Developer Documentation - cPanel Documentation

This will check, provision and install the certificate for a cPanel user, if there are multiple domains on the account and you would not like for them to have an SSL you can exclude them with UAPI Functions - SSL::add_autossl_excluded_domains - Developer Documentation - cPanel Documentation

 

[fred_inovagora]

Thanks Lauren ! I'm going to give it a try.

 

[cPanelLauren]

Hi @fred_inovagora


Great! Let us know how it works out for you!

 

[fred_inovagora]

Hi @cPanelLauren

Sadly this didn't work as I d'ont have AutoSSL enabled on my account (and my hosting provider will not enable it).

I'm trying to find if there are specific API endpoints added by the cPanel Let's Encrypt addon. (cPanel API, not WHM API)

 

[cPanelLauren]

HI @fred_inovagora

I see, if your provider has disabled this (whether or not you're using the Comodo/Sectigo or Let's Encrypt providers) You will not be able to use AutoSSL at all.

 

[fred_inovagora]

I found a partial solution, using a modified version of github.com/analogic/lescript
I then use the cPanel API to place the challenge file and to install the generated certificate, everyting remotely.
It works fine.
The only problem is that it's considered in cPanel as classic SSL certificate and not taken into account in FleetSSL plugin, so there will be no automatic renewal on the cPanel side.

 

[cPanelLauren]

Fleet SSL is a separate 3rd party plugin as well and completely unrelated to cPanel. I am glad to hear you found a solution that worked for you though.