CertSage ACME client (version 1.2.0) - easy webpage interface, optimized for cPanel, no commands to type, root not required

Client dev
13

Just FYI for anyone using GoDaddy SHARED hosting where you have a parent domain with one IP address for all domains (or anyone else with a similar file structure as below), please note the following to secure your site!

(Thanks to @griffin for answering my questions!)

If your file structure is like this:

  • Root directory for shared hosting user
    • CertSage (this is where the parent domain cert is stored)
    • public_html (webroot for the PARENT domain)
      • childdomain1 (webroot for childdomain1)
      • childdomain2 (webroot for childdomain2)
      • childdomain3 (webroot for childdomain3)
      • childdomain4 (webroot for childdomain4)
      • CertSage (this is where the child domain certs are stored as they're created)

Note that for the child domains, CertSage will create the directory (and associated files) in the webroot of the parent domain, leaving the cert vulnerable and seriously compromising security as all files are readable.

You can secure your site in two ways:

  1. Delete the CertSage directory and its files once your cert install is complete. (When you install a certificate and its private key, cPanel keeps its own copy of them internally (under ssl in the root folder), so there's no need to keep separate copies (or any copies for that matter) of acquired certificates once they're installed into cPanel.)
  2. More complicated way if you want the save your certs and/or eliminate any window for malicious intent:

Before running CertSage, edit the certsage.php files for each child domain thusly:

A) Edit line 18 to change the $dataDirectory variable from " ../CertSage " to " ../../CertSage " . This will cause all of the certsage.php scripts to securely use the same data directory one level below the webroot of the parent domain.
B) If you want to keep copies and not overwrite the certs for your parent domain in the CertSage folder, edit lines 636 and 640 of certsage.php to name the two files as you please.

Example:

  • a.com could write a.com.crt and a.com.key
  • b.net could write b.net.crt and b.net.key
  • c.org could write c.org.crt and c.org.key

The majority of this post is copied and pasted from a reply that @griffin posted on a thread of mine, but I thought I would post it here so anyone else running into this same issue would be able to find it easier! Hope it's acceptable to do so!

Leslie

5 Likes