Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perl script to automate installing SSL in cPanel #788

Open
JakeQZ opened this issue Nov 26, 2022 · 1 comment
Open

Perl script to automate installing SSL in cPanel #788

JakeQZ opened this issue Nov 26, 2022 · 1 comment

Comments

@JakeQZ
Copy link

JakeQZ commented Nov 26, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
With cPanel hosting, the SSL does not actually get installed. An additional step is required, which can be automated.

Describe the solution you'd like
I'm providing a Perl script which will do this via the RELOAD_CMD setting in the getssl.cfg. I'd like to share this, and hope you would consider including it in the documentation. It works with GoDaddy shared cPanel hosting (GoDaddy do not enable the Let's Encrypt option in WHM/cPanel, probably because they want to sell SSL certificates).

Describe alternatives you've considered
Manually installing the generated certificates in cPanel every couple of months is not practical if you're hosting several websites.

Additional context
The script is below. It works with cPanel hosting only (and requires uapi command line access to be enabled). It has two command line arguments. The first is the domain name (without www., e.g. example.org). The second is the account username, which is needed to locate the home directory (I tried using ~ and found it didn't seem to work). (It is adapted from something I found when using a PHP implementation of ACME - which has been discontinued - which did not have the uapi call, so is probably beyond recognition of that.)

It can be invoked via the RELOAD_CMD setting in a site-specific getssl.cfg file:

RELOAD_CMD="/path/to/script.pl example.org account-username"

where /path/to/script.pl has the following content:

#!/usr/local/cpanel/3rdparty/bin/perl

use strict;
use URI::Escape;

my $dom = $ARGV[0];
my $user = $ARGV[1];

my $certdir = "/home/$user/.getssl/$dom";

my $certfile = "$certdir/$dom.crt";
my $keyfile = "$certdir/$dom.key";
my $cafile =  "$certdir/chain.crt";

my $certdata;
my $keydata;
my $cadata;

open(my $certfh, '<', $certfile) or die "cannot open file $certfile";
{
  local $/;
  $certdata = <$certfh>;
}
close($certfh);

open(my $keyfh, '<', $keyfile) or die "cannot open file $keyfile";
{
  local $/;
  $keydata = <$keyfh>;
}
close($keyfh);

open(my $cafh, '<', $cafile) or die "cannot open file $cafile";
{
  local $/;
  $cadata = <$cafh>;
}
close($cafh);

my $cert = uri_escape($certdata);
my $key = uri_escape($keydata);
my $ca = uri_escape($cadata);

my $result = `uapi SSL install_ssl domain=$dom cert=$cert key=$key cabundle=$ca`;
print $result;

Note: I've added the username command line argument for reusability. In my case it is hardcoded. It's possible I've made a mistake in doing so, but if so, should be easy to fix. It is working for me on two separate GoDaddy shared hosting accounts,
@Nepherim
Copy link

Also refer to: other_scripts/cpanel_cert_upload

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nepherim @JakeQZ