Trouble using install_ssl via api

[gsusonline]

Hi there, i'm wondering if someone can help?

I have a php web application (run on dedicated server) that requires the creation of databases / subdomains on the fly. We use the cPanel API to create these dbs/users/suddomains, however we also require the each subdomain we create to user our wildcard SSL cert. Currently we have to ask our service providers to add the SSL to our newly created subdomain which is quite annoying.

We currently use a library class to make the calls to the cPanel api - github.com/N1ghteyes/cpanel-UAPI-php-class which covers api1 / api2 / uapi and works great for all the request apart from install SSL, which doesn't work, this is the call we currently make;

$installssl = $capi->uapi->SSL->install_ssl(array(
            'domain'    => $databasename.".".$url,
            'cert'      => '-----BEGIN CERTIFICATE-----
        XXX
        -----END CERTIFICATE-----',
            'key'       => '-----BEGIN RSA PRIVATE KEY-----
        XXX
        -----END RSA PRIVATE KEY-----',
            'cabundle'      => '-----BEGIN CERTIFICATE-----
        XXX
        -----END CERTIFICATE-----',
    ));

This attempt is using the uapi but doesn't do anything - cerficates just show as did their default self-signed. Having tried this multiple times, i wanted to rule out the being an issue with the class, so I walked through the uapi documentation example and used the function they have prepared for this, see below;

public function cPanelSSLInsert(){
        // Log everything during development.
        error_reporting(E_ALL);

        $cpanelusr = 'XXX';
        $cpanelDBUser = 'XXX';
        $cpanelpass = 'XXX';
        $url = 'XXX';
        $capi = new cpanelAPI($cpanelusr, $cpanelpass, $url);
        $databasename = $this->sitenames;
        $databaseuser = $this->username;
        $databasepass = $this->password;

        // Declare your username and password for authentication.
        $username = $cpanelusr;
        $password = $cpanelpass;

        // Define the API call.
        $cpanel_host = 'localhost';
        $request_uri = "[URL]https://$cpanel_host:2083/execute/SSL/install_ssl[/URL]";

        // Set up the payload to send to the server.
        $payload = array(
            'domain' => $databasename.".".$url,
            'cert'   => '-----BEGIN CERTIFICATE-----
                XXX
                -----END CERTIFICATE-----',
            'key'    => '-----BEGIN RSA PRIVATE KEY-----
                XXX
                -----END RSA PRIVATE KEY-----'
        );

        // Set up the cURL request object.
        $ch = curl_init( $request_uri );
        curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
        curl_setopt( $ch, CURLOPT_USERPWD, $username . ':' . $password );
        curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
        curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );

        // Set up a POST request with the payload.
        curl_setopt( $ch, CURLOPT_POST, true );
        curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
        curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );

        // Make the call, and then terminate the cURL caller object.
        $curl_response = curl_exec( $ch );
        curl_close( $ch );

        // Decode and validate output.
        $response = json_decode( $curl_response );
        if( empty( $response ) ) {
            echo "The cURL call did not return valid JSON:\n";
            die( $response );
        } elseif ( !$response->status ) {
            echo "The cURL call returned valid JSON, but reported errors:\n";
            die( $response->errors[0] . "\n" );
        }

        // Print and exit.
        // die( print_r( $response ) );
    }

However this returns the following error;

"The cURL call returned valid JSON, but reported errors: The certificate could not be installed on the domain XXX"

It seems like no matter what i do, i cannot create an SSL certificate via the API. Can anyone help at all?

 

[cPanelMichael]

Hello,

Could you try uploading the CRT and Key files, and then using the path to those files in the PHP script? An example of how to do this is documented at:

Tutorial - Call UAPI's SSL::install_ssl Function in Custom Code - Software Development Kit - cPanel Documentation

Thank you.

 

[gsusonline]

Hi there,

Thanks for your reply. I've tried this and it does not make a difference unfortunately. Please see updated code below;

public function cPanelSSLInsert(){
       // Log everything during development.
       error_reporting(E_ALL);

       $cpanelusr = 'XXX';
       $cpanelDBUser = 'XXX';
       $cpanelpass = 'XXX';
       $url = 'XXX';
       $capi = new cpanelAPI($cpanelusr, $cpanelpass, $url);
       $databasename = $this->sitenames;
       $databaseuser = $this->username;
       $databasepass = $this->password;

       // Declare your username and password for authentication.
       $username = $cpanelusr;
       $password = $cpanelpass;

       // Define the API call.
       $cpanel_host = 'localhost';
       $request_uri = "[URL]https://$cpanel_host:2083/execute/SSL/install_ssl[/URL]";

[INDENT]// Define the SSL certificate and key files.[/INDENT]
        $cert_file = realpath("protected/extensions/cpanel-UAPI-php-class-master/cert.crt");
        $key_file = realpath("protected/extensions/cpanel-UAPI-php-class-master/key.key");
        $ca_file = realpath("protected/extensions/cpanel-UAPI-php-class-master/cabundle.crt");

       // Set up the payload to send to the server.
       $payload = array(
            'domain' => $databasename.".".$url,
            'cert'   => file_get_contents($cert_file),
            'key'    => file_get_contents($key_file),
            'cabundle'    => file_get_contents($ca_file),
       );

       // Set up the cURL request object.
       $ch = curl_init( $request_uri );
       curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
       curl_setopt( $ch, CURLOPT_USERPWD, $username . ':' . $password );
       curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
       curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );

       // Set up a POST request with the payload.
       curl_setopt( $ch, CURLOPT_POST, true );
       curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
       curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );

       // Make the call, and then terminate the cURL caller object.
       $curl_response = curl_exec( $ch );
       curl_close( $ch );

       // Decode and validate output.
       $response = json_decode( $curl_response );
       if( empty( $response ) ) {
           echo "The cURL call did not return valid JSON:\n";
           die( $response );
       } elseif ( !$response->status ) {
           echo "The cURL call returned valid JSON, but reported errors:\n";
           die( $response->errors[0] . "\n" );
       }

       // Print and exit.
       // die( print_r( $response ) );
   }

I've tested the paths to these files are correct and it pulls the correct files. But i still get the following response;

"The cURL call returned valid JSON, but reported errors: The certificate could not be installed on the domain “XXX”."

 

[cPanelMichael]

"The cURL call returned valid JSON, but reported errors: The certificate could not be installed on the domain “XXX”."

This can sometimes happen if you are using the wrong CABundle, or not including the CABundle as part of the certificate installation, however it looks like you are entering a CABundle based on your example. Could you open a support ticket using the link in my signature so we can take a closer look to see what might be causing this error message.

Thank you.

 

[gsusonline]

Hi there, apologies, had completely missed your comment. I tried to open a ticket, but i do not have access to the WHM as root, so i can't open the support ticket wizard - is there a facility to create a support ticket with a WHM user?

 

[gsusonline]

I'll get out server guys to open this ticket as it will take to long otherwise. Thanks, will get this done just now

 

[cPanelMichael]

I'll get out server guys to open this ticket as it will take to long otherwise. Thanks, will get this done just now

Feel free to post the ticket number here once it's opened and we will update this thread with the outcome.

Thanks!