Announcement

Collapse
No announcement yet.

Updated Auto Copy Script for Let's Encrypt to Server's SSL Certs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Updated Auto Copy Script for Let's Encrypt to Server's SSL Certs

    Wouldn't you like to have all your Interworx SSL protected? Mail, Web, FTP, etc? This makes it easy, free and auto-updates.

    I've updated my Let's Encrypt Server Copy Script.

    What this does:

    It copies the auto-renewed Let's Encrypt SSL Certificate in a Siteworx Account to the Server's SSL Certificates. You could add a cronjob to run this everynight so that it always has the latest SSL Certificate.

    Prerequisites:
    1. Tested on Centos 6 or 7. (not tested on other platforms)
    2. Enable the Let's Encrypt Plugin in Interworx under ( Nodeworx > Plugins )
    3. Create a SiteWorx Account that is the same as the primary hostname of the server
    4. Make sure you have an A record that points to the server as well
    5. In Siteworx, generate a Let's Encrypt certificate.
    6. Copy this script to your server /root/copyssh.sh (Note: change the first 3 green values to match your server)

    Code:
    #!/bin/bash
    
    
    ## note: this should be run as the root user on the server
    
    ## user variables
    ## email address of main nodeworx user
    nodeuser="webmaster@yourhostingcompany.com"
    
    ## domain to copy letsencrypt key from
    domain="server.yourhostingcompany.com"
    
    ## unix username of the account
    usr="serveryo"
    
    ## auto set locations for each certificate and key
    key=$(cat "/home/$usr/var/$domain/ssl/$domain.priv.key")
    sslcrt=$(cat "/home/$usr/var/$domain/ssl/$domain.crt")
    chain=$(cat "/home/$usr/var/$domain/ssl/$domain.chain.crt")
    
    ## set the cypher level
    cypher='HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eN ULL:!NULL:!LOW'
    
    ## perform the task (the return in the command is intentional)
    nodeworx -u "$nodeuser" -o pretty -n -v -c Ssl --ssl_ciphersuite $cypher --key "$key" --crt "$sslcrt
    $chain" --restart_now 1 --services all --action updateall
    7. Make it executable: chmod +x copyssh.sh
    8. Add a cron job to run the script: sudo nano /etc/crontab

    Add a line:
    Code:
    35 2 * * * root /root/copyssh.sh
    Close and Save and you are done.
    Run it manually the first time to see if it works:
    Code:
     sh /root/copyssh.sh
    Last edited by marco114; 09-26-2017, 09:12 AM.
    ---
    Marc Pope
    Falcon Internet
    http://www.falconinternet.net/

  • #2
    Hi marco114

    Many thanks for sharing your script.

    This is the third script for nodeworx ssl copy from siteworx but kudos to you

    I hope others will share more of their scripts, not only for ssl

    Many thanks

    John

    Comment


    • #3
      this one is updated, with more directions than the old one I posted in March
      ---
      Marc Pope
      Falcon Internet
      http://www.falconinternet.net/

      Comment


      • #4
        Hi marco114

        Many thanks, and apologies I was only giving credit to those who wrote previous scripts without realising you were one of them.

        I meant no offence

        Many thanks

        John

        Comment


        • #5
          This script doesn't seem to have any provisions for detecting whether or not the SSL certificates are actually brand new and thus, replace the SSL certificates when it's time to do that... aside from a cron job?

          If so, that should probably be integrated so we're not needlessly replacing the SSL certificates based on cron times.
          ★ Ramon Reyes @ EidolonHost
          ★ Shared, Reseller, VPS and Dedicated Servers.
          ★ Need more stuff? Ask us about custom configurations!
          ★ Authorized Blesta and InterWorx License Reseller! See Web Host Licenses

          Comment


          • #6
            Anyone notice the new feature in the SSL area for copying the SSL from a domain? Very cool. Now if we could only get that to auto-update!
            ---
            Marc Pope
            Falcon Internet
            http://www.falconinternet.net/

            Comment


            • #7
              Hi marco114

              I thought it was added so it auto updates but could be wrong sorry

              I do not remember having to manually update the nodeworx ssl when the siteworx ssl auto updated. It could be a symlink to the siteworx ssl but again could be wrong

              Many thanks

              John

              Comment

              Working...
              X