#!/bin/bash # +----+----+----+----+ # | | | | | # Author: Mark David Scott Cunningham | M | D | S | C | # +----+----+----+----+ # Created: 2018-04-29 # Updated: 2018-12-06 # # Purpose: Install SSLs from command line on cPanel using API commands # # Encoding the cert content for use with the API url_encode(){ filename=$1 hexdump -v -e '/1 "%02x"' $filename | sed 's/\(..\)/%\1/g' } # Compare modulus hashes between different parts of the certificate certcheck(){ HASH='md5' case $1 in md5|sha1|sha256|sha512) HASH=$1; echo -e "\nUsing $HASH method\n"; shift;; esac for x in $@; do case $x in *.key) echo $(openssl rsa -noout -modulus -in $x | openssl $HASH | awk '{print $NF}') :: $(basename $x) ;; *.csr) echo $(openssl req -noout -modulus -in $x | openssl $HASH | awk '{print $NF}') :: $(basename $x) ;; *.crt) echo $(openssl x509 -noout -modulus -in $x | openssl $HASH | awk '{print $NF}') :: $(basename $x) ;; esac done } # Decode the cert to determine the domain(s) ssl_decode(){ certfile=$1 subject=$(openssl x509 -infile $1 -noout -subject | sed 's///g' ) sans=$(openssl x509 -infile $1 -noout -text | grep DNS | sed 's/ /\n/g' | awk -F= '{print $2}') } if [[ $single ]]; then domainList="$subject" elif [[ $multi ]]; then domainList="$subject $sans" elif [[ $wildcard ]]; then domainList=$(awk "/ServerName.*$domain/"' && !/ host/{print $2}' /etc/apache2/conf/httpd.conf | sort | uniq) else domainList="$@" fi # Install the parts of the SSL on the given domain(s) for domain in $domainList; do # username=$(awk -F: "/$domain/"'{print $2}' /etc/userdomains) if [[ $service ]]; then for srv in cpanel ftp dovecot exim; do whmapi1 install_service_ssl_certificate service=$srv crt=$(url_encode $certfile) key=$(url_encode $keyfile) cab=$(url_encode $cabundle) done else whmapi1 installssl enable_sni_for_mail=1 domain=$domain crt=$(url_encode $certfile) key=$(url_encode $keyfile) cab=$(url_encode $cabundle) fi done