My domain is: isbd.co.uk
My web server is (include version): cPanel 94.0.19 on TsoHost
My hosting provider, if applicable, is: TsoHost
I can login to a root shell on my machine (yes or no, or I don't know): no
I'm need to know a little bit more about using CertSage to install certificates on cPanel hosting at TsoHost. I already use LetsEncrypt elsewhere so the basics are OK. I've also successfully installed a certificate using CertSage on one of the add-on domains on the above cPanel. I have about a dozen or so domains on this TsoHost cPanel system.
My questions are:-
1 - Where CertSage asks for "One domain name per line No wildcards (*) allowed" under Acquire Certificate I assume this means only that one can add the names of alias domains at the same time. One surely needs a different certificate for each distinct domain.
2 - I have a number of quite separate domains on this system hosted as 'Add-On' domains but from users/clients point of view they are entirely separate. (e.g. there's isbd.co.uk, oasis41.co.uk, russcreates.com and several others. The way that CertSage works means that there is a single CertSage directory on my hosting account and thus a single password.txt file. This means that I get the same password to use in CertSage on all the different sites, is this right? Is there any way to provide different passwords for the different sites so I can get site users/owners to do their own CertSage renewals?
All my 'add-on' domains are in sub-directories of the 'main' domain.
So, my main domain is at ~/public_html/
The domain isbd.co.uk is at ~/public_html/isbd.co.uk/
The domain russcreates.com is at ~/public_html/russcreates.com/
The domain reshapers.org is at ~/public_html/reshapers.org
... and so on. This is just the way that cPanel organises things, there's nothing I can do about it.
If I install CertSage on any of the above web sites the /CertSage/ directory with password.txt in it will be ~/public_html/CertSage/, the same for every site.
I could edit each copy of certsage.php to use a different directory but that does rather make it less 'automatic'.
Yes! In an earlier thread (May this year) he recommends changing line 18 of certsage.txt from:-
public $dataDirectory = "../CertSage";
to
public $dataDirectory = "../../CertSage";
This at least moves the CertSage directory out of the main web site's /public_html/ where it is visible to anyone. However it doesn't address the problem of all add-on sites sharing the same password.txt file.
You have the right idea about editing that $dataDirectory line. You can point each website's copy of CertSage at its own data directory with its own password if you wish. I realize that this probably isn't the most convenient if you have a lot of addon websites. Unless there's some type of administrative issue (e.g. if you're subhosting for a lot of private parties and you want them to manage their own certificate renewals, which is now fully possible under version 1.3), there's not much benefit to having multiple CertSage directories aside from ensuring parallel, independent certificate acquisition and installation.
All the domain names (SANs) covered by a single certificate need to be aliases of the same content. For cPanel this usually means example.com, www.example.com, and mail.example.com
As indicated above, you can specify a separate data directory for each website's copy of CertSage. Those data directories do not need to be named CertSage, which should make management much easier.
There are certainly a number of approaches that can be taken. Which to consider depends upon the level of access desired for a "user". If the "users" are, for example, WordPress site designers, assigning each designer his/her own CertSage data directory with a preassigned password (or, for more advanced configuration, giving each designer rights to his/her own CertSage data directory) is probably fairly straightforward.
