Using cPanel generated SSL certs with stunnel

BassTeQ

Active Member
Aug 31, 2008
43
3
58
I'm trying to configure stunnel, and need to provide a cert and key (see below)

cert = /etc/example/fullchain.pem
key = /etc/example/privkey.pem

I'd like to use the existing certificates generated by cPanel under /var/cpanel/ssl/domain_tls/subdomain.example.com

certificates
certificates.cache
combined
combined.cache

Would I need the configuration to be;

cert = /var/cpanel/ssl/domain_tls/subdomain.example.com/certificates
key = not sure what to use?

Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston

BassTeQ

Active Member
Aug 31, 2008
43
3
58

BassTeQ

Active Member
Aug 31, 2008
43
3
58
I managed to get this working, using the command line tool 'uapi', then parsing the output YAML in perl to extract the private key and then save it to a file.
 
  • Like
Reactions: cPanelLauren

BassTeQ

Active Member
Aug 31, 2008
43
3
58
Just stuck with another issue.
If I generate a cert with letsencrypt and run the command below it generates a bundle.pem file which works well with the application

cat /etc/letsencrypt/live/domain.example.com/fullchain.pem /etc/letsencrypt/live/domain.example.com/privkey.pem > /etc/certs/bundle.pem

I'm trying to work out how to do this with the data returned from the cpanel application "uapi"
The data returned is
- cabundle
- certificate
- key

I've tried writing out cabundle followed by key, but the bundle.pem wasn't valid.

Appreciate any help.

Thanks
 

BassTeQ

Active Member
Aug 31, 2008
43
3
58
Well, the cabundle for all of let's encrypt certificates would be the same. What is it you're trying to do with this?
I'm trying to use the certificate for an icecast server.
Update: I've managed to get it working now, found a bug in my script which was causing an issue.

On another note, is there a way I can run a custom script after a cPanel SSL cert has been updated for a particular sub-domain?

Thanks
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Yep, cPanel's maintenance includes checking for SSL certificates. But upcp wouldn't be the only instance in which this occurs, adding a domain, or creating an account also trigger an autossl run for the account.