Problem with Certificate Auto Renew Let's Encrypt

[shvaber]

Good day.

I have much imported accounts on the server. And in every account in "SSL Certificates" part I see selected "Paste a pre-generated certificate and key" or "Use the server's certificate".
But I want to set up "Free & automatic certificate from Let's Encrypt" with "Wildcard".

How does it possible? I can write some script, but don't know, from where I will start?

 

[zEitEr]

[h=4]How to enable LetsEncrypt[/h][h=4]LetsEncrypt wildcards for free *.domain.com SSL certificates[/h]

 

[shvaber]

[h=4]How to enable LetsEncrypt[/h][h=4]LetsEncrypt wildcards for free *.domain.com SSL certificates[/h]

thanks for your post Alex, but I already installed and know it is already working on the server.
But every account on the server Has to open SSL Certificates page and do things manually.

I'm looking for the way How to do it automatically - move to Letsencrypt and wildcard for all.

 

[zEitEr]

Automatically setup LetsEncrypt SSL for *all* domains that do not currently have a certificate

 

[shvaber]

Great! Looks like I was looking for this script!

But, if the user already has old certificate? Will this script renew it also?

 

[zEitEr]

for all domains that do not currently have a certificate

 

[shvaber]

I got it Alex, no problem.
Ok, does anybody Know, how we can remove all expired certs and self-signed certs and After that we will set up letsencrypt?

so the domain will not have any bad or expired cert.

 

[zEitEr]

See how the script detects whether a user's domain has a cert:

http://files.directadmin.com/services/all/letsencrypt/autoletsencrypt.sh

for u in `ls /usr/local/directadmin/data/users`; do{
	  for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
	  {
			if [ ! -e /usr/local/directadmin/data/users/$u/domains/$d.cert ] && [ -s /usr/local/directadmin/data/users/$u/domains/$d.conf ]; then

so you should remove the file /usr/local/directadmin/data/users/$u/domains/$d.cert and run the script again.

 

[shvaber]

yes, you are right. But this way I will not know what I'm removing. But, may be it is a way - remove all certs and start letsencrypt, if it is impossible to replace old or self-signed certs

 

[zEitEr]

Write a script where with a help of openssl you read a valid date of a cert and remove the cert if it's outdated.

 

[shvaber]

thank you very much. I thought DA has an option through API to set up letsencrypt for all, to replace invalid certs. If no - so no, have to use this way you mentioned.
Thank you, Alex.

 

[zEitEr]

You are welcome. If someday you write such a script, I'm sure the DirectAdmin developers will be glad to consider adding it into their distributive. As of now I don't know any ready solution for this.

 

[shvaber]

You are welcome. If someday you write such a script, I'm sure the DirectAdmin developers will be glad to consider adding it into their distributive. As of now I don't know any ready solution for this.

This day has come!
I had modified autoletsencrypt.sh and added checking date expiration. If cert has been expired today or tomorrow - script will request LE to get the cert.
Here is it: View attachment autoletsencrypt.sh.gz