SSL certificate sync to backup server

Operating System & Version
CENTOS 6.10
cPanel & WHM Version
v86.0.8

nyoung

Registered
Mar 2, 2020
4
0
1
US
cPanel Access Level
Root Administrator
We are set up with a primary live server and a backup server that user accounts are synced to. Is it possible to set up the AutoSSL certs to sync and install on the backup server?

The issue is that AutoSSL fails on the backup server because the checks are unable to be completed on hosting that is not currently live. We would like the AutoSSL certs on the primary server to be installed on the backup server automatically. We currently sync the user directory and databases with rsync.

Any suggestions?

Thanks
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
The only way to have AutoSSL working is to have a cPanel server with AutoSSL on live domains.

The domains SSL certificates should be kept in their backups, so that wouldn't be needed on the backup server. When you move to a new server, or restore from a backups new AutoSSL certificates are provisioned for the domains using AutoSSL.
 

nyoung

Registered
Mar 2, 2020
4
0
1
US
cPanel Access Level
Root Administrator
We understand that AutoSSL won't work on the backup server. Do you have a recommendation on transferring and installing the SSL certs from the primary server to the backup server?

It looks like the certificates are stored here: /var/cpanel/ssl/apache_tls/domain.tld/combined

If we sync that directory to the backup server would the cert still need to be installed on the backup server? Thanks
 

ST-Nathan

Member
Jan 13, 2011
11
1
53
We understand that AutoSSL won't work on the backup server. Do you have a recommendation on transferring and installing the SSL certs from the primary server to the backup server?

It looks like the certificates are stored here: /var/cpanel/ssl/apache_tls/domain.tld/combined

If we sync that directory to the backup server would the cert still need to be installed on the backup server? Thanks
Did you try this approach, and did it work? Despite cpanel's lack of interest, obviously when moving traffic to a backup server, you're not going to want an outage while you wait for autossl to run. We're in the same situation, and likewise looking for a way to keep the certs up to date on the secondary server, short of manually copying them over via whm.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
As I indicated previously SSL certificates are backed up with the account. This means when you restore the account the certificate if present should be restored along with the account, should you need to perform a restore.

Users' certificates are stored in /home/$user/ssl but they cannot be installed on a backup server, unless you don't actually mean backup server and instead you mean a failover. In that instance since you wouldn't be able to run autoSSL for the domain on the secondary server you would retrieve the data from /home/$user/ssl/ and use the API to install it, the UAPI function for this can be found here: http://documentation.cpanel.net:8090/display/DD/UAPI+Functions+-+SSL::install_ssl

The tutorial on using UAPI SSL Functions in custom code here will be useful: http://documentation.cpanel.net:809...PI's+SSL::install_ssl+Function+in+Custom+Code
 

nyoung

Registered
Mar 2, 2020
4
0
1
US
cPanel Access Level
Root Administrator
Did you try this approach, and did it work? Despite cpanel's lack of interest, obviously when moving traffic to a backup server, you're not going to want an outage while you wait for autossl to run. We're in the same situation, and likewise looking for a way to keep the certs up to date on the secondary server, short of manually copying them over via whm.
I was able to get the AutoSSL certificates to the backup/failover server successfully using this method. I rsync'd the
/var/cpanel/ssl/apache_tls/domain.tld/combined and
/var/cpanel/ssl/apache_tls/domain.tld/certificate files to the backup server and restarted Apache.

This worked for me. I haven't done more testing to find the best way or if both of these files need to be transferred.