Update CSR before expiration with bash script


#1

I have several domains on my server that I service. I am currently using sslforfree.com to generate the certs. And the problem is every three months I have to renew a bunch of certs. I would like to learn how to do this autonomously.

My domain is:
trimwebdesign.com

My web server is (include version):
cpanel / WHM

The operating system my web server runs on is (include version):
Current / uptodate

My hosting provider, if applicable, is:
Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes


#2

Hi @jtrimm007

cpanel has an integrated letsencrypt-client. So it’s the best you don’t use an own client.

Instead, use the cpanel-client.


#3

However, he said he is using GoDaddy as hosting, and GoDaddy does not enable autossl since they are also a paid CA.


#4

If you can login to a root shell, you might choose any of the many available clients.

Let’s Encrypt recommends certbot, the ACME client developed by the EFF.


#5

Oh, thanks. Good to know. And not good, that GoDaddy blocks this. No active support - ok. But if someone wants to use it with cpanel - not good.


#6

But he’ll always need to manually update the certificate in cPanel. Since cPanel… Doesn’t actively allow to use API to update an certificate.

Hi,

I know that might not be an active option, but I personally suggest to use a cheap positive ssl certificate (from Comodo), which normally cost $3~$6 per year (and save you from renew hell since cPanel normally doesn’t allow you to install certificate automatically unless autossl)

P.S. compare to GoDaddy certificate, which cost $60 or more…

P.S.2 buy the certificate from ssls.com (that’s the cheapest options I could found…)

Thank you


#7

Or, consider using a different hosting provider that better supports Let’s Encrypt, including one that provides a similar software stack overall.


#8

I don’t know if a hosting provider could also disable this, but cPanel does have such an API:

https://community.letsencrypt.org/search?q=cpanel%20uapi

It’s natively supported by acme.sh and if I remember correctly @_az has also written some experimental Certbot support for it. So in some hosting environments without AutoSSL, it might still be possible to automate the certificate renewal using cPanel.


#9

The fact the topicstarter uses cPanel, doesn’t mean he can ONLY use cPanel? B/c he can login as root, he might choose to bypass cPanel altogether.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.