Announcement

Collapse
No announcement yet.

Server SSL Certificate via LetsEncrypt

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Careful I think you have an error in your script with a space in !eN ULL which should be !eNULL. *** Funny, it displays ok in edit mode but when I read the post it show a space that appear in the copy paste as well.
    /** cypher='HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eN ULL:!NULL:!LOW' **/


    Originally posted by marco114 View Post
    Here's a bash script I just completed to copy the siteworx SSL certificates to nodeworx SSL and update all the services automatically. It would be nice if it ran right after the renewal process :)

    #!/bin/bash


    user="INSERT__NODEWORX_EMAIL__HERE"
    domain="INSERT__DOMAIN_HERE__INLOWERCASE"

    key=$(cat "/home/server/var/$domain/ssl/$domain.priv.key")
    sslcrt=$(cat "/home/server/var/$domain/ssl/$domain.crt")
    chain=$(cat "/home/server/var/$domain/ssl/$domain.chain.crt")


    cypher='HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eN ULL:!NULL:!LOW'


    nodeworx -u "$user" -o pretty -n -v -c Ssl --ssl_ciphersuite $cypher --key "$key" --crt "$sslcrt
    $chain" --restart_now 1 --services all --action updateall



    This assumes you already have a siteworx account with the same domain name as your control panel on the same server. It will work with LetsEncrypt.
    Note that RETURN is intentional so that it creates the CHAIN in the next line down.

    Enjoy!

    Comment


    • #17
      Hi toordog

      Welcome to Iw forums

      Good catch, must be my old eyes as not spotted

      Many thanks

      John

      Comment


      • #18
        I've implemented this on my servers and so far seems to be working well, but I did make a few tweaks mainly just the paths to the Let's Encrypt SSL certs. I'm running CentOS so that might make a difference.

        Code:
        #!/bin/bash
        # Copies Let's Encrypt certificates from SiteWorx account to the server SSL certs
        
        interworxUser="INSERT__NODEWORX_EMAIL__HERE"
        siteworxDomain="INSERT__DOMAIN_HERE__INLOWERCASE"
        
        key=$(cat "/etc/letsencrypt/live/$siteworxDomain/privkey.pem")
        sslcrt=$(cat "/etc/letsencrypt/live/$siteworxDomain/cert.pem")
        chain=$(cat "/etc/letsencrypt/live/$siteworxDomain/chain.pem" "/etc/letsencrypt/live/$siteworxDomain/fullchain.pem")
        
        cypher='HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW'
        
        # this needs to be 2 lines
        nodeworx -u "$interworxUser" -o pretty -n -v -c Ssl --ssl_ciphersuite $cypher --key "$key" --crt "$sslcrt 
        $chain" --restart_now 1 --services all --action updateall
        Thanks for doing the hard work!

        Comment


        • #19
          LE is only on siteworx accounts, and not on nodeworx

          Comment


          • #20
            Hi bestellen

            I hope your well

            Sorry, the code written copies the siteworx LE certificate to nodeworx SSL and keeps recopying so it never is outdated

            So if you setup a siteworx account which matches your nodeworx domain, then use LE to create SSL, this is then copied to nodeworx SSL

            Good idea and kudos to them for writing/sharing

            It would be lovely if every user shared

            Many thanks

            John

            Comment

            Working...
            X