CLI to get the installed wildcard Let’s Encrypt crt and key

t-abraham · October 3, 2018, 7:46pm

I have my hosting (Buyshared) and website all setup for SSL using the official Let’s Encrypt app. The SSL issued and installed for my domain (skynode.link) as a wildcard certificate using dns verification.

Now I use my website to connect to my application server which needs the crt and key files to work. The server is set to retrieve those files from a certain folder located in the hosting public_html folder.

The problem is how can I find the currently installed certificate (crt and key) data (- - - BEGIN …) using cli commands so that I can make a script to copy the data and update the designated file which my external reads every week and updates it installed certificates. This script will be running as a crib job so that every time let’s Encrypt app reissues my website certificates, the new crt and key file data is automatically copied and pasted in the secured folder where only my external server can access and retrieve it.

My domain name is: skynode.link

I don’t have root access but have SSH access

JuergenAuer · October 3, 2018, 7:55pm

Hi @t-abraham

check your webserver configuration file. There are these two files used.

jared.m · October 3, 2018, 7:57pm

Umm, you should absolutely not put your private key file in public_html. This file needs to remain secret. If it is exposed, then the cerfiticate must be revoked.

I think there is likely a bettor way to handle this, if you could give us some more background on this application server and why it can’t obtain its own certificate.

JuergenAuer · October 3, 2018, 8:00pm

The security problem is simple.

If you use Certbot as client, then use

--reuse-key

as option. So you are using always the same private key and you don’t need to copy this file again and again.

t-abraham · October 3, 2018, 8:01pm

hi currently i use this script to retrieve the files and upload it to the other server. but this only gets the latest modified files from the SSL/certs or SSL/keys file which leaves the possibility to get mismatched files

DIR=~/public_html/mikrotik_upload

FILE_crt=$(find ~/ssl/certs -name *.crt | sort -n | tail -1)
FILE_key=$(find ~/ssl/keys -name *.key | sort -n | tail -1)

mkdir -p $DIR
if [ "$(ls -A $DIR)" ]
then
rm -r $DIR/*
fi

if [ -z "$FILE_crt" ]
then
echo "Latest CRT File Directory is empty"
else
echo "Latest CRT File: "$FILE_crt
cp $FILE_crt $DIR/skynode_link.crt
chmod 644 $DIR/skynode_link.crt
fi

if [ -z "$FILE_key" ]
then
echo "Latest KEY File Directory is empty"
else
echo "Latest KEY File: "$FILE_key
cp $FILE_key $DIR/skynode_link.key
chmod 644 $DIR/skynode_link.key
fi

so what i want is to get the exact FILE_crt and FILE_key path for the latest installed SSL for my site

t-abraham · October 3, 2018, 8:07pm

well the external server is a mikrotik cloud host router. so what I do is that i have DNS entries to my hosting pointing to this Mikrotik Server. example cloud,skynode.link:4528 and this mikrotik must use the ssl for the domain cloud.skynode.link (which in my case is *.skynode.link) so since lets encrypt app issues this ssl, i need to extract the crt and key file (the latest one) and put it in a secure folder may b “~/chr/lets_encrypt” with a constant name like “skynode.crt and skynode.key” and then Mikrotik server can connect to that folder using FTP and retrieve those files to install in iteself.

JuergenAuer · October 3, 2018, 8:41pm

It should be simpler to load the configuration file of your webserver.

D:\temp>download https://skynode.link/login/ -h
SSL-Zertifikat is valide
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Alt-Svc: quic=":443"; ma=2592000; v="35,39,43"
Connection: Keep-Alive
Accept-Ranges: bytes
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 03 Oct 2018 20:40:08 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; secure
Server: LiteSpeed
X-Powered-By: PHP/5.5.38

Status: 200 OK

6031,52 milliseconds
6,03 seconds

I don't use Litespeed. But this

looks like there is a static path + filename you can use directly.

t-abraham · October 3, 2018, 9:01pm

Hallo Juergen,

Thank you for your effort. I am a complete noob in terms of website and hosting related issue. I am not sure wether I made my problem clear or I didn’t understood what you explained

I am using the official Let’s Encrypt app for cpanel to generate and install the ssl for my website. Now I need to retrieve the crt and key file which was generated by the app to store in a constant directory under a constant file name. This this two constants should automatically update with the latest crt and key files whenever the Let’s Encrypt app reissues the ssl

Ich denke sie komme aus Deutschland, Wir können auch über Telefon Kontakt mit Ihnen aufnehmen. Sorry, mein Deutsch ist schlecht. Ich lerne die Sprache neben meinem Master-Abschluss

system · November 2, 2018, 9:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CLI to get the installed wildcard Let’s Encrypt crt and key (repost with backgroud process story) Help	12	1185	November 4, 2018
How can I get Private Key and SSL Certificate files Help	3	2207	April 6, 2022
Replace lets encrypt SSL certificate with New Public One Help	10	723	January 15, 2023
How do I start? Help	7	2533	November 6, 2019
Can I get a copy of my SSL certificate so I can just upload it in when? Help	7	3713	June 30, 2019

CLI to get the installed wildcard Let’s Encrypt crt and key

Related topics