Automate cert installation from cmd on shared hosting


#1

Hello to the whole Letsencrypt Community !

My shared webhosting is providing ssh access (with no root privileges) and no plugin to automate Letsencrypt certificate request, installation and renewal so, the only option is to do all the process manually through cPanel.

The webserver home directory contains an ssl folder with the structure shown in this image, where certificates installed through cPanel will be placed.

My question is: can I automate the whole process using a Letsencrypt client (Certbot, Acme.sh ?) and a cronjob, so that my certificates can be requested/renewed and installed inside the ssl folder structure with no human intervention at all ?


#2

Do not modify that ssl directory. It is not safe and won’t work.

You have to use the uapi SSL::install_ssl command to install certificates to a virtualhost.

One of the side effects of that API call is that it will create files in that ssl directory, but it does a whole bunch of other way more important things too (like actually installing the certificate).

acme.sh provides both the ability to issue certificates as a non-root user AND it comes with a cPanel UAPI installation hook, so you should use it instead of Certbot: https://github.com/Neilpang/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel


#3

We really need to write that cPanel UAPI installer in Certbot someday. :slight_smile:


#4

I tried building an authenticator + installer for the sheer nerd thrill of it today, works surprisingly well and totally non-interactive.

Needs a bunch of tests I guess (Python is not my strong suit), but it’s pretty neat and can handle being run locally or remotely from another server.

The other opportunity here is that it can pretty easily support the DNS challenge as well (most people use cPanel-allocated nameservers when using cPanel), so it could reasonably support wildcards totally non-interactively.


#5

_Az, thank You very much for your answer.

This seems exactly what I was looking for and I’m going to test it asap.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.