Request wildcard letsencrypt from cli

dmtinc

Verified User
Joined
May 10, 2008
Messages
43
Location
Chile
Hi Folks,

Do you know how I can request a letsencrypt wildcard from console(including in the cert *.domain.tld and domain.tld)? I want to request around 30 certs and I dont want to go account by account using the GUI...

After check the info, you can request a cert using cli, but only is http-01 validation or the documentation isnt explicit about how to do this for a wildcard or dns-01 validation.

Thanks!
Regards
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
When requesting the cert, you may add *.domain.com to the list like "./letsencrypt.sh request domain.com,*.domain.com". Otherwise just edit /usr/local/directadmin/data/users/username/domains/domain.com.san_config and add DNS:*.domain.com to the last line, then re-run "./letsencrypt.sh request domain.com".
 

dmtinc

Verified User
Joined
May 10, 2008
Messages
43
Location
Chile
Hi,

Thanks, adding the *.domain.tld to the request, didnt work:

Bash:
[root@da scripts]# ./letsencrypt.sh request domain.cl,*.domain.cl
skipping *.domain.cl challenge test failed
Requesting new certificate order...
Processing authorization for domain.cl...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for domain.cl...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/domain/domains/domain.cl.key.new"
Generating RSA private key, 4096 bit long modulus
...................++
........................................................................................................................................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
Certificate for domain.cl has been created successfully!
[root@da scripts]#

But the second way, works ok, I do a little script

Bash:
#!/bin/bash
usuario=$1
dominio=$2
archivo_san=/usr/local/directadmin/data/users/$usuario/domains/$dominio.san_config
#Validar la existencia del archivo.
if [ ! -f "$archivo_san" ]
then
    echo "$0: Archivo '${archivo_san}' no encontrado, no podemos proseguir."
    exit 1
fi
# Validar SanConfig Actual

#Reencribir el sanconfig
sed -i '/subjectAltName/d' $archivo_san
echo "subjectAltName=DNS:$dominio, DNS:*.$dominio" >> $archivo_san
#Solicitar el certificado
/usr/local/directadmin/scripts/letsencrypt.sh request $dominio
if [ $? -eq 0 ]
then
  service litespeed reload
  service exim reload
  service dovecot reload
  service pure-ftpd restart
  echo "action=rewrite&value=mail_sni&domain=$dominio" >> /usr/local/directadmin/data/task.queue
  echo "Certificado Generado e instalado correctamente"
else
  echo $dominio >> /root/error_wildcard_ssl
  echo "Existio un error en la creacion del certificado" >&2
fi
I'm looking for a better "autoSSL", to replace the cpanel generated certificates, the actual script (https://help.directadmin.com/item.php?id=675) is for domains without a certificate, but I'm looking for domains without certificate, domains with certificates generated by cpanel and domains with expired certificates, trying in first for a wildcard and then fallback to http validation based on subdomains if the dns validation fails.
 
Top