- added installation of certificates into cPanel with the push of a button - no more manual copying and pasting of certificates and keys!
- added password protection for solid security - just open
password.txtthen change the contents to whatever you want! - refractored sections of code for better performance and maintainability
8 Likes
Very nice! 
7 Likes
My trip in cpanel: SSL/TLS ---> Manage SSL Sites.
I get a form like the one below.
Now with certsage.php I get certificate.crt and certificate.key.
The content of certificate.crt consists in three different sections, each one begins with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". If I copy and paste the whole content of certificate.key I get a message telling the certificate is invalid. I experimented anyway everything apparently goes on correctly if I copy and paste just the first of the three sections. Am I supposed to stop at this result? The CA bundle input can be safely left empty?
Besides I just cannot get how the Install Certificate into cPanel could work. What is the connection between that form and the cpanel session like the one I mentioned?
Anyway many many thanks for your work! 
Andrea
P.S. I've just realized about three months ago I had the same problem and Griffin kindly answered. Sorry, Griffin! Instead of removing completely this recent post, I decide to leave it as it is, so that somebody could possibly confirm I acted correctly and because of the second question about the automated cpanel configuration.
3 Likes
Hi Andrea 
- The first certificate in
certificate.crtis your leaf certificate that should go in the certificate box in your screenshot. - The second certificate in
certificate.crtis Let's Encrypt's R3 intermediate certificate that could go in the certificate authority bundle box in your screenshot, but this is unnecessary since cPanel will retrieve a copy of R3 for you if you leave that box blank. - The third certificate in
certificate.crtis Let's Encrypt's ISRG Root X1 intermediate certificate. This certificate is not required for cPanel installation of your leaf certificate.
When you push the Install Certificate into cPanel button...
- CertSage verifies that the password entered into the password box matches the contents of
password.txtin your CertSage folder. Ifpassword.txtdoes not exist when you open CertSage (e.g. when you open CertSage for the first time or have manually removedpassword.txt), CertSage will create a newpassword.txtfor you and fill it with a random, secure password. If you wish to set your own password, you can simply replace the contents ofpassword.txtwith whatever you like then enter that password. - CertSage reads your leaf certificate from
certificate.crtand its private key fromcertificate.key. Both files should be in your CertSage folder. They are automatically saved there when you acquire a production certificate. - CertSage verifies the structure of both your leaf certificate and its private key.
- CertSage verifies that your leaf certificate and its private key match each other.
- CertSage reads the common name (CN) field in your leaf certificate. This common name (CN) field will match the first domain name that you entered into the domain name box in CertSage when you acquired your production certificate, which should be your primary domain name (e.g.
example.com), not a subdomain name (e.g.www.example.com). - CertSage calls an underlying cPanel API function to install your leaf certificate and its private key for the common name (CN) read from your leaf certificate.
- CertSage calls an underlying cPanel API function to enable Force HTTPS Redirect for the common name (CN) read from your leaf certificate.
Essentially, CertSage does the same thing that you would do manually, just much faster.
If you have a more complex setup (e.g. multiple domain names hosted under one cPanel account), a few minor adjustments are needed for CertSage to function properly. Much of what is needed has been thoroughly discussed in the comments of the pages of previous versions of CertSage. If those should prove to be insufficient to help, please feel free to ask your questions here.
7 Likes
12 posts were split to a new topic: Permission problem using CertSage v1.3.0 with Plesk on shared server
Hi @griffin – first of all thank you for making an awesome tool. I'm not a developer or web designer, just a fella helping out a friend with her website – so CertSage has been a godsend.
I've just updated to CertSage 1.3.0 but it only presents a blank screen when I access the URL – https://www.joannemccrumdesign.co.uk/certsage.php. Reverting back to CertSage 1.2.0 works just fine, but 1.3.0 just isn't playing ball for some reason. Appreciate you can't know everyone's set up, but do you have any insight into why 1.3.0 might be failing on my set up? Is there some additional requirement for 1.3.0 that my friend's website might be objecting to? (She's hosted by Tsohost).
Thank you.
3 Likes
Sorry you're running into trouble. We'll try to get to the bottom of this. Do you see a php error log file sitting in the directory where certsage.php is located? If you do, please email it to me (support@griffin.software).
As a side note, I've noticed that the last couple of certificates have not included joannemccrumdesign.co.uk.
See this:
versus this:
When using CertSage, you will want to type these domain names in this exact order, one per line:
joannemccrumdesign.co.uk
www.joannemccrumdesign.co.uk
That will make sure that the certificate installation function, as it is currently implemented (with an update coming soon), will have the best chance of successfully installing the certificate.
7 Likes
The error is because the random_bytes function is not in your PHP version, which should be at least 7. What version are you using? You can find this in cPanel (and upgrade it there too).
6 Likes
@griffin Is the PHP version checkable from within CertSage?
(So that a informational warning could be shown to the use)
6 Likes
It's possible, but that would expose security vulnerabilities. I should probably put a check with a generic error though.
6 Likes
I see the dilemma.
4 Likes
Thanks @griffin – the PHP version is 7.4.
Thanks also for the advice on the domains. I got the certification expiration reminder recently so I've gone back to 1.2.0 to ensure that I can update the certificates.
4 Likes
I'm not sure why your PHP version doesn't have the random_bytes function. It's part of the standard PHP library.
5 Likes
Who knows!
I can still update the certificate using 1.2.0 so all is not lost.
Thanks again for your prompt attention on this.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.