Problem with Certificate Auto Renew Let's Encrypt

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
Good day.

I have much imported accounts on the server. And in every account in "SSL Certificates" part I see selected "Paste a pre-generated certificate and key" or "Use the server's certificate".
But I want to set up "Free & automatic certificate from Let's Encrypt" with "Wildcard".

How does it possible? I can write some script, but don't know, from where I will start?
 

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
Great! Looks like I was looking for this script!

But, if the user already has old certificate? Will this script renew it also?
 

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
I got it Alex, no problem.
Ok, does anybody Know, how we can remove all expired certs and self-signed certs and After that we will set up letsencrypt?

so the domain will not have any bad or expired cert.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
See how the script detects whether a user's domain has a cert:

http://files.directadmin.com/services/all/letsencrypt/autoletsencrypt.sh

Code:
for u in `ls /usr/local/directadmin/data/users`; do{
	  for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
	  {
			if [ ! -e /usr/local/directadmin/data/users/$u/domains/$d.cert ] && [ -s /usr/local/directadmin/data/users/$u/domains/$d.conf ]; then
so you should remove the file /usr/local/directadmin/data/users/$u/domains/$d.cert and run the script again.
 

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
yes, you are right. But this way I will not know what I'm removing. But, may be it is a way - remove all certs and start letsencrypt, if it is impossible to replace old or self-signed certs
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Write a script where with a help of openssl you read a valid date of a cert and remove the cert if it's outdated.
 

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
thank you very much. I thought DA has an option through API to set up letsencrypt for all, to replace invalid certs. If no - so no, have to use this way you mentioned.
Thank you, Alex.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
You are welcome. If someday you write such a script, I'm sure the DirectAdmin developers will be glad to consider adding it into their distributive. As of now I don't know any ready solution for this. ;)
 

shvaber

Verified User
Joined
Aug 9, 2019
Messages
24
You are welcome. If someday you write such a script, I'm sure the DirectAdmin developers will be glad to consider adding it into their distributive. As of now I don't know any ready solution for this. ;)
This day has come!
I had modified autoletsencrypt.sh and added checking date expiration. If cert has been expired today or tomorrow - script will request LE to get the cert.
Here is it: View attachment autoletsencrypt.sh.gz
 
Top