Autorenew ssl Centos Web Panel

ssl certs

Instructions:

  • Make sure all your SSL’s have been set up in the SSL Cert Manager and are working
  • Access your server as Root user using your preferred method
  • Run the below command whereby (/home/folder-name/public_html is your DocumentRoot & your-domain.com is your domain). I circled where you can find your DocumentRoot in red (in image below) in your SSL Cert Manager.
Code: [Select]
acme.sh  --issue  -d your-domain.com -w /home/folder-name/public_html
  • Copy the issued certs to your default cert folders using the below command
Code: [Select]
acme.sh --install-cert -d your-domain.com --cert-file /etc/pki/tls/certs/your-domain.com.cert --key-file  /etc/pki/tls/private/your-domain.com.key --fullchain-file /etc/pki/tls/certs/your-domain.com.bundle 
  • Make sure the cron job is set up in Server Settings > CronTab. If it isn’t you can auto create it by running the below command
Code: [Select]
acme.sh --install-cronjob
  • Test the cron job is working using the below code (You should see all of your SSL certs successfully renew to 89 days).
Code: [Select]
acme.sh --cron

You should now have successfully set up CWP/CentOS to auto renew all your SSL’s via the cron job. The below image illustrates that the cron job auto renewed them on my server at 04:51:00.

Hoping this helps someone faced with the same issue and be nice if our admins sees and incorporates a fix in CWP  :)

Some tips:

– If you receive an (Accessing .well-known/acme-challenge/…) error, delete and recreate the .well-known folder ensuring it has the right permissions.
– If you need to do more than 5 auths or issues on the same domain while you’re sorting something out include (–staging) in the command to prevent getting locked out after 5 attempts (this points the request to the Let’s Encrypt sandbox).

– Forced renewal of all certs can be done with this command:

Code: [Select]
/root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --cron --force

or single domain

Code: [Select]
/root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d www.domain.com --force

***Please note: This work around is good with both my servers (CWP6 & CWP7) however as SSL failures can result in complete loss of site access  I strongly advise you to have a working backup that you can simply revert back to if it’s not right for you.

0938.54.84.99