Generate SSL automatically after account is created

epsilon4

Verified User
Joined
Jul 6, 2019
Messages
25
Hello,

Is is possible to generate LetsEncrypt SSL automatically when an account is created?

I have configured:

SSL=1
letsencrypt=1

But, when I created an account from WHMCS, I need to login as a user, and then create SSL cert manually, and after 2 minutes the site can be loaded by using HTTPs.

Thanks
 
At the moment: https://help.directadmin.com/item.php?id=675. Some GUI tool for this might be available soon :)

Hello there! Thank you for your help! :)

I have downloaded that script, and when I run it all works fine.

But, is there a way to do automatically?

For example:

I have create a dir at /home/diradmin, and I download the autoletsencrypt.sh.

Also I chown the dir to diradmin:diradmin.

Later, I create /usr/local/directadmin/scripts/custom/domain_create_post.sh, chmod 700 and chown diradmin:diradmin.

Inside the script I added:

Code:
#!/bin/bash
sh /home/diradmin/autoletsencrypt.sh

But I can't do working that script.

Any idea? Thanks in advance!
 
A cronjob which runs every 5mins or so should be fine :)
 
At the moment: https://help.directadmin.com/item.php?id=675. Some GUI tool for this might be available soon :)

If you create some GUI tool or directadmin.conf setting that will let us automatically get TLS certificate installed when a domain created, then please consider this:

1: After the domain is created, DirectAdmin should wait until multiserver has been given time to sync DNS to the other DNS servers (usually one or two minutes).

2: DirectAdmin should then first check if the created domain has IP address pointed to the server. For example some customer creates domains in DirectAdmin, but do not use our name servers, and will then manually only change IP on A records at their registrar afterwards. If the domain does not resolve on the server IP, the certificate should not be attempted to be installed automatically.

3: Also some TLDs does not resolve immediately after the domain is registered, for example the TLD in my contry: When we register a domain, the registry only reload the zone file about every two hours (it even takes longer time in weekends and during night time), and if that has already happened right before we registered a new domain, it will not resolve until two hours later. Thus this would not work with autoinstallation of certificate in those cases.
 
Last edited:
If you create some GUI tool or directadmin.conf setting that will let us automatically get TLS certificate installed when a domain created, then please consider this:

1: After the domain is created, DirectAdmin should wait until multiserver has been given time to sync DNS to the other DNS servers (usually one or two minutes).

2: DirectAdmin should then first check if the created domain has IP address pointed to the server. For example some customer creates domains in DirectAdmin, but do not use our name servers, and will then manually only change IP on A records at their registrar afterwards. If the domain does not resolve on the server IP, the certificate should not be attempted to be installed automatically.

3: Also some TLDs does not resolve immediately after the domain is registered, for example the TLD in my contry: When we register a domain, the registry only reload the zone file about every two hours (it even takes longer time in weekends and during night time), and if that has already happened right before we registered a new domain, it will not resolve until two hours later. Thus this would not work with autoinstallation of certificate in those cases.
All valid points Ditto.
 
thanks a lot for this good script. Just one question, how to use autoletsencrypt.sh to get certs for domain and its pointers (aliases)?

It doesn't generate cert for domain pointers.
 
ok, I had adjusted autoletsencrypt.sh, for now it is checking current certs on the server for domain's pointers and check cert date end.

View attachment autoletsencrypt.sh.gz - here is updated version. If developers can take a look, it will be fine. I'm using this updated script on my servers for now.
 
View attachment autoletsencrypt.sh.gz - updated version, it checks pointers and subdomains, then include subdomains in domain's cert.

This thing important for the users, who migrates from another system (cpanel) to directadmin, like me. So may be better is to include autoletsencrypt.sh to cpanel_to_da plugin.
 
Back
Top