Automate certificate renewal process on cPanel shared hosting

kabeza · June 14, 2023, 11:46am

Hi

I've begun working with certbot on ElementaryOS Hera (Ubuntu 20.04 based) some months ago, and have noticed certificates are valid only for 90 days.

I execute the following command:

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'beza.com.ar,*.beza.com.ar'

Then, I take the generated certificate, copy the corresponding parts and finally login to cPanel and update manually each certificate and install

The question is: Is there a way to automatize this process and make it renew automatically, let's say through cron or something similar?

My domain is: beza.com.ar
My hosting provider, if applicable, is: Namecheap
I can login to a root shell on my machine (yes or no, or I don't know): NO
I'm using cPanel
The version of my certbot 2.6.0

Thanks a lot in advance for any help/tips you can give

rg305 · June 14, 2023, 12:28pm

Depending on the version of cPanel, it may be able to automatically obtain LE certs for you.

If not, then most things that can be done manually, can be done via script.
That said, adding DNS TXT records automatically can be a bit tedious for difficult DNS systems.
You should look for a DNS plug-in that works with your DSP.
OR you could change DSPs [to one that supports API updates]...
OR change ACME clients [for one that supports your DSP]...
OR not use a wildcard cert [switch to HTTP authentication]...

MikeMcQ · June 14, 2023, 12:38pm

Do you currently run the certbot command on the server with your cpanel

rg305 · June 14, 2023, 12:42pm

What is already in "crontab -l"?
What is already in "systemctl list-timers"?

kabeza · June 14, 2023, 12:44pm

No. I execute the command in my Linux PC and then copy the contents of the cert to cPanel
But as @rg305 states, I guess it will be difficult to automatize the DNS TXT records adding process

kabeza · June 14, 2023, 12:45pm

I cannot get this info from the server as I don't have ssh access to it

MikeMcQ · June 14, 2023, 12:46pm

Yes, it will also be difficult to automate updating your cpanel. You might want to search this forum for an Acme client called certSage it might make this easier

rg305 · June 14, 2023, 12:49pm

This confused me:

I missed:

Sorry.

This is likely your best choice:

petercooperjr · June 14, 2023, 1:22pm

I believe this is the current version of CertSage:

But last I knew it didn't automate on a schedule; so you'd still need to run it every couple months. Might make the process less painful than manually copying from your local system, though.

Certsage also won't get you the wildcard cert, but I'm guessing that you may be able to just use the real subdomains you're using in there as additional names, rather than using a wildcard.

Or, you might want to switch to a hosting provider (or maybe a "better" hosting plan from your current provider?) that has HTTPS built in, since there's really no excuse for providers to make things so difficult.

MikeMcQ · June 14, 2023, 1:24pm

+10

kabeza · June 14, 2023, 3:43pm

Thanks a lot
I'll do some research about certSage

system · July 14, 2023, 3:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.