Generate LetsEncrypt certificate for external domains

avisonjohn

New member
Joined
Apr 12, 2022
Messages
3
Scenario
I have a scenario where I need users (external users, not any of our hosted customers) to be able to create a subdomain and associated A record (all on their own external domain registrar) and point the A record to one of the IP addresses hosted on our DirectAdmin server.

The users then submit their chosen subdomain to us and they are saved into a database.

I now need to be able to programmatically generate a LetsEncrypt certificate for each of the subdomains in the database, and install it onto our server, so that when somebody visits the subdomain, it is served via HTTPS via our server.
All subdomains will be serving the same single PHP file from the same directory - the PHP file will apply the relevant branding based on the hostname received.

Also, I'll need to be able to programmatically update Apaches config files to server these subdomains, and also point to the corresponding certificate file.

Actual question
Am I able to use the /usr/local/directadmin/scripts/letsencrypt.sh file to generate these certificates, without it affecting any other certificates/domains that are actually hosted on our server?
I also have a feeling that if this is actually possible, will I encounter the error telling me that the domain is not owned by a particular user or not configured on our DirectAdmin instance?

Can anybody offer any insight, or alternative solutions?
 
Not sure about the ssl part, but for getting the domains to work, you would want to add those (sub)domains as a new domain (you can do this automatically via the API from your php code) and then either symlink their public_html to the public_html of your main site, or, if you have administrator permissions, add a custom httpd.conf for the subdomain with the following entry:

|?DOCROOT=/home/admin/domains/yourdomain.com/public_html|

(with the directory adjusted to where your site lives)
 
I'm wondering if it might now be an idea to setup a reseller just for the external domains, and programmatically create a new user (along with their subdomain as their main domain on DirectAdmin) and have a Lets Encrypt certificate generated for that.
Would that be a better idea?
I'd need to create a PHP file to be ran as a cronjob to check the database for a list of submitted subdomains and create a new user or domain for each one. That way the Let's Encrypt certificate can be automatically managed by DirectAdmin, no?
 
you can have directadmin manage the SSL certs if they're all on one user too, I'm not sure if it works if only the subdomain is on your server, though. I would probably just create a cname subdomain on some domain not pointing to your server and try it out
 
Ended up writing a PHP script to pull the list of subdomains from a database, and then used the DirectAdmin API to create new domains under the same user.
Changed the httpd templates slightly so that if the current user is the user which holds all the domains, then rewrite the document root to just one in particular, so that all the new domains serve the same directory.
Once the domains are created, the DirectAdmin API creates the SSL certificate for each of them via LetsEncrypt

Now, I can have external users make a new A Record or CNAME Record on their own external DNS servers or registrars, which point to my server, and their new subdomain automatically gets served from my server without them having to do anything, all complete with SSL.

When the page loads, it's the same document loaded no matter what domain or subdomain is used, and the script detects the the web address and loads the correct branding automatically.

Pretty pleased with it and it works without any issues at all, but could have been made a slight bit easier if the DirectAdmin API can be configured to set particular settings per user and/or domain.
 
Nice to hear that you have solved.
Please share your script so that others can benefit, after all we are here to help each other :)
 
Back
Top