Last active
April 12, 2018 09:24
-
-
Save kheast/c33a1e4240953a2e43300827783a7e99 to your computer and use it in GitHub Desktop.
Python script to install SSL certificate from Let's Encrypt into Cpanel for a single domain.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2.7 | |
'''This script will install an SSL certificate into Cpanel | |
for a single domain. In my case, the certificate is from | |
Let's Encrypt via 'acme.sh'. The script expects the certificate | |
to be stored in the manner described at | |
http://east.fm/posts/acme-cpanel-a2hosting | |
This script requires a single argument: the domain name. | |
If the script is located in $HOME/bin, this is how it would | |
be used to install a LE cert obtained using acme.sh: | |
$ acme.sh --install-cert -d east.fm \ | |
--certpath $HOME/LE_certs/cert.pem \ | |
--keypath $HOME/LE_certs/key.pem \ | |
--capath $HOME/LE_certs/ca.cer \ | |
--fullchainpath $CDIR/fullchain.crt \ | |
--reloadcmd "$HOME/bin/cpanel_ssl_install.py east.fm" | |
N.B.: The 'uapi' 'install_ssl' command, which this script calls, | |
restarts httpd. | |
This is a single-use script and has zero error checking. | |
''' | |
import os | |
import subprocess | |
import sys | |
domain = sys.argv[1] | |
# Must match location/names used with 'acme.sh --install-cert'. | |
certs_dir = os.path.join(os.environ['HOME'], 'LE_certs') | |
cert = os.path.join(certs_dir, 'cert.pem') | |
key = os.path.join(certs_dir, 'key.pem') | |
cabundle = os.path.join(certs_dir, 'ca.cer') | |
# https://documentation.cpanel.net/display/SDK/UAPI+Functions+-+SSL%3A%3Ainstall_ssl | |
output = subprocess.Popen([ | |
"uapi", | |
"SSL", | |
"install_ssl", | |
"domain=%s" % domain, | |
"cert=%s" % open(cert, 'rb').read(), | |
"key=%s" % open(key, 'rb').read(), | |
"cabundle=%s" % open(cabundle, 'rb').read(), | |
], | |
stdout=subprocess.PIPE).communicate() | |
print output |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment