Using cPanel generated SSL certs with stunnel

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
I'm trying to configure stunnel, and need to provide a cert and key (see below)

cert = /etc/example/fullchain.pem
key = /etc/example/privkey.pem

I'd like to use the existing certificates generated by cPanel under /var/cpanel/ssl/domain_tls/subdomain.example.com

certificates
certificates.cache
combined
combined.cache

Would I need the configuration to be;

cert = /var/cpanel/ssl/domain_tls/subdomain.example.com/certificates
key = not sure what to use?

Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
I managed to get this working, using the command line tool 'uapi', then parsing the output YAML in perl to extract the private key and then save it to a file.
 
  • Like
Reactions: cPanelLauren

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
Just stuck with another issue.
If I generate a cert with letsencrypt and run the command below it generates a bundle.pem file which works well with the application

cat /etc/letsencrypt/live/domain.example.com/fullchain.pem /etc/letsencrypt/live/domain.example.com/privkey.pem > /etc/certs/bundle.pem

I'm trying to work out how to do this with the data returned from the cpanel application "uapi"
The data returned is
- cabundle
- certificate
- key

I've tried writing out cabundle followed by key, but the bundle.pem wasn't valid.

Appreciate any help.

Thanks
 

BassTeQ

Well-Known Member
Aug 31, 2008
55
5
58
Well, the cabundle for all of let's encrypt certificates would be the same. What is it you're trying to do with this?
I'm trying to use the certificate for an icecast server.
Update: I've managed to get it working now, found a bug in my script which was causing an issue.

On another note, is there a way I can run a custom script after a cPanel SSL cert has been updated for a particular sub-domain?

Thanks
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Yep, cPanel's maintenance includes checking for SSL certificates. But upcp wouldn't be the only instance in which this occurs, adding a domain, or creating an account also trigger an autossl run for the account.
 

techguide

Active Member
Aug 29, 2012
29
4
53
cPanel Access Level
Reseller Owner
The following should get you this information: https://documentation.cpanel.net/display/DD/UAPI+Functions+-+SSL::fetch_cert_info certificate details are stored in /home/$user/ssl/
How to you find what the "friendly name" (or "ID" ) of the certificate is to use in the uapi code? I've tried various combinations of the domain name but get the error "no certificates match that search term". Looking at the files in the /home/$user/ssl directory doesn't seem to offer any clues. Thanks!
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
@techguide - this call will show the friendly name for the certificate:


Let me know if that helps!