Update CSR before expiration with bash script

jtrimm007 · July 10, 2018, 6:01pm

I have several domains on my server that I service. I am currently using sslforfree.com to generate the certs. And the problem is every three months I have to renew a bunch of certs. I would like to learn how to do this autonomously.

My domain is:
trimwebdesign.com

My web server is (include version):
cpanel / WHM

The operating system my web server runs on is (include version):
Current / uptodate

My hosting provider, if applicable, is:
Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes

JuergenAuer · July 10, 2018, 6:08pm

Hi @jtrimm007

cpanel has an integrated letsencrypt-client. So it's the best you don't use an own client.

Instead, use the cpanel-client.

stevenzhu · July 10, 2018, 6:27pm

However, he said he is using GoDaddy as hosting, and GoDaddy does not enable autossl since they are also a paid CA.

Osiris · July 10, 2018, 6:31pm

If you can login to a root shell, you might choose any of the many available clients.

Let's Encrypt recommends certbot, the ACME client developed by the EFF.

JuergenAuer · July 10, 2018, 8:11pm

Oh, thanks. Good to know. And not good, that GoDaddy blocks this. No active support - ok. But if someone wants to use it with cpanel - not good.

stevenzhu · July 10, 2018, 10:57pm

But he'll always need to manually update the certificate in cPanel. Since cPanel... Doesn't actively allow to use API to update an certificate.

Hi,

I know that might not be an active option, but I personally suggest to use a cheap positive ssl certificate (from Comodo), which normally cost $3~$6 per year (and save you from renew hell since cPanel normally doesn't allow you to install certificate automatically unless autossl)

P.S. compare to GoDaddy certificate, which cost $60 or more....

P.S.2 buy the certificate from ssls.com (that's the cheapest options I could found....)

Thank you

schoen · July 11, 2018, 12:11am

Or, consider using a different hosting provider that better supports Let's Encrypt, including one that provides a similar software stack overall.

schoen · July 11, 2018, 12:13am

I don't know if a hosting provider could also disable this, but cPanel does have such an API:

https://community.letsencrypt.org/search?q=cpanel%20uapi

It's natively supported by acme.sh and if I remember correctly @_az has also written some experimental Certbot support for it. So in some hosting environments without AutoSSL, it might still be possible to automate the certificate renewal using cPanel.

Osiris · July 11, 2018, 5:19am

The fact the topicstarter uses cPanel, doesn't mean he can ONLY use cPanel? B/c he can login as root, he might choose to bypass cPanel altogether.

system · August 10, 2018, 5:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.