I concur with @leader, though I loathe what ZeroSSL became. That’s what motivated me to do exactly as @leader described to create my own web Let’s Encrypt client at freessltools.com/freesslcertificate. If you really are interested in developing, you probably want to check out gethttpsforfree.com as a guided example.
Yes I checked out your website!
It’s really cool in terms of ssl.
But it required extra details that my clients will not be able to tell the site.
Like public key etc.
They should be able to create those things through cPanel, which is why @Osiris’s comment really does offer you the strongest solution (and easiest for your customers) if you can get it configured.
If you’re looking for a prepackaged solution that will just work “off the shelf” with minimal to no effort, that’s unlikely.
Hey I said I m using MOFH, see previous post.
So I don’t have direct access to my cPanel.
Ah. Do you have access to any type of security/ssl tools in your user interface to handle just the basics (generating private keys, generating certificate signing requests, certificate installation)?
My cPanel have options for SSL like CSR generator, but I guess, I am unable to integrate.
That’s why I want external system, not related to my cPanel.
Like my clients will be happy to renew and install it every 90 days by manual method.
I just need to give them a space to generate SSL using sub domain dns method.
When they generate a CSR that usually generates a private key as well. The other piece you need is just a tool/page to install the certificate, which you probably have. With those things, you just need an acme client that will take a CSR, perform challenges, and give you a certificate. The only issue I can forsee you might run into would be rate limits (https://letsencrypt.org/docs/rate-limits) in regards to subdomains.
The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk.
Yes that’s what I am exactly looking for.
Private key and CSR both generated in my cPanel.
I need a webpage to do that stuff using PHP
no not exactly. I dont have.
I may be misunderstanding. Can your cPanel currently do the following?
- Generate CSRs
- Install certificates
Ah. So how are your customers going to install their certificates?
My cPanel has an option to install SSL see the structure.
SSL --> Domain names under the account --> Three boxes
CSR, Private Key and SSL Certificate.
With some buttons like Generate Private Key and CSR and Upload Cert.
See my first post -_- That’s what I was asking for.
And my clients have the option of Cname records only.
I said I have a VPS. Can I utilize it to help here.
I feel like that’s going to be the challenge.
I saw you mentioned PHP. The OpenSSL library built into PHP (https://www.php.net/manual/en/ref.openssl.php) has basically everything you need to do most things like generating CSRs and private keys. The installation part is just configuration changes to the basic platform to use https and point to the certificate and private key. Normally certbot handles this. You can actually use certbot to ONLY handle the configuration and installation for certificates then use a separate client to actually acquire the certificates. Honestly though, you’re probably best off just using a combination of the PHP OpenSSL library and just making calls to certbot from PHP to do the dirty work. No need to implement your own client. Just write a “wrapper” around certbot. Your customers would never know the difference as all you are doing is creating a graphical way to control certbot.
Hmm, seems interesting, I will try and ask for help if later needed.
Well very much thanks for that!
Well any premade client for that?
Not sure honestly. If you build from those tools though, you know it will be solid.
Hmm. Well it’s really interesting.
Well would it be fully compactible with my server?
Well @freessltools.com, can this help me?
Should be. The OpenSSL built into PHP is standard and the basic (non-automated) functions of certbot should not require extra permissions or configuration to use. The biggest challenge you might face is you try to “wrap” certbot would be getting the basic installation image of it together and accessible by your users. You could also just grab a PHP client as others have suggested and just use its features to fill the hole in the functions you need to get the certificates.
Seems to cover the fundamentals and give you an outline of the process. I’m not sure of your permissions for using sudo. That might be the only big issue.
I’m the owner of the VPS. Root/Sudo everything,