Us administrators eventually come to the realization that when you have a wildcard SSL certificate for 40 subdomains, you can’t practically have separate IPs and cPanel accounts for all of them. If you have a wildcard SSL certificate for all your subdomains, you can easily install the certificate on a single IP address for all the subdomains. For this particular scenario to work:

• All subdomains must be on the same IP and cPanel account
• You must have a wildcard SSL qualifying for *.tld.com

Keep in mind that for a wildcard SSL to work, it really does have to be installed for each subdomain. You can’t install it once and have it automatically work in the fly like wildcard DNS does – Apache just doesn’t work that way.  Luckily, we’ve scripted an easy solution for you.

Create the following files:

• /etc/ssl/certs/tld.crt

This file will contain the actual certificate, and should be named off of your top-level domain. For example, if the certificate is for *.mydomain.com, name the file mydomain.com.crt

• /etc/ssl/certs/tld.cabundle

This file will be the CA bundle for your wildcard certificate, if you have one.  If the certificate is for *.mydomain.com, name the file mydomain.com.cabundle

Now download the install script from here.

This is basically just a bash script that you can use to install a wildcard SSL for a domain. Running it will install the certificate on all subdomains of the domain passed to the script:

chmod 755 wildcardssl.sh

./wildcardssl.sh $domain

After it runs, all you need to do is restart Apache. Please make a copy of /var/cpanel/userdata before running the script for the first time, until you’ve verified that it works on your setup.  Please note that this script would need to be run again if more subdomains are added later on.

I wrote this nice one-liner for a user in the cPanel forums asking how to change all their current default addresses to :fail: -

http://thecpaneladmin.com/files/changedefaultaddr.sh.txt

Before you do anything like this, you should back up /etc/valiases. Keep in mind also that you can change the default address for new accounts in WHM > Tweak Settings.

Ref: http://forums.cpanel.net/f5/force-default-mail-address-all-accounts-158722.html

I wrote this script a while back to fix the permissions of alias files in /etc/valiases when users were having trouble creating forwarders. You can also download the script in plaintext here.

#!/bin/bash
 # Script to fix permissions of valiases
 # Written by: Vanessa Vasile 5/17/10
 # http://thecpaneladmin.com
 
 for domain in `cat /etc/userdomains |awk '{print $1}' | grep -v "*" | cut -d: -f1`
 do

if ! [ -f /etc/valiases/$domain ]; then
 touch /etc/valiases/$domain
 fi
 
 user=$(egrep "^$domain:" /etc/userdomains |awk '{print $2}');
 chown $user:mail /etc/valiases/$domain
 chown $user:mail /etc/vdomainaliases/$domain
 chmod 644 /etc/valiases/$domain
 chmod 644 /etc/vdomainaliases/$domain
 done

Update: cPanel now has a script to allow you to do this:

/scripts/fixvaliases

This is a simple bash script I wrote to fix the permissions and ownership of files within a cpanel account. To use, simply copy the script your server, chmod 755, and pass the usernames as arguments:

./fixperms user1 user2 user3

You can also run a server-wide loop like this:

for i in `ls -A /var/cpanel/users` ; do ./fixperms $i ; done

Below is the script, but I recommend downloading it from here to ensure that the formatting is correct.

#!/bin/bash
# Script to fix permissions of accounts
# Written by: Vanessa Vasile 5/13/10
# http://thecpaneladmin.com

if [ "$#" -lt "1" ];then
echo "Must specify user"
exit;
fi

USER=$@

for user in $USER
do

HOMEDIR=$(egrep ^${user} /etc/passwd | cut -d: -f6)

if [ ! -f /var/cpanel/users/$user ]; then
echo "$user user file missing, likely an invalid user"

elif [ "$HOMEDIR" == "" ];then
echo "Couldn't determine home directory for $user"

else

echo "Setting ownership for user $user"

chown -R $user:$user $HOMEDIR
chmod 711 $HOMEDIR
chown $user:nobody $HOMEDIR/public_html $HOMEDIR/.htpasswds
chown $user:mail $HOMEDIR/etc $HOMEDIR/etc/*/shadow $HOMEDIR/etc/*/passwd

echo "Setting permissions for user $USER"

find $HOMEDIR -type f -exec chmod 644 {} \; -print
find $HOMEDIR -type d -exec chmod 755 {} \; -print
find $HOMEDIR -type d -name cgi-bin -exec chmod 755 {} \; -print
find $HOMEDIR -type f \( -name "*.pl" -o -name "*.perl" \) -exec chmod 755 {} \; -print
fi
done

Cpanel has a lot of supporting software that you may be using on your server. In case something goes amiss, here is a list of scripts that reinstall cpanel-provided software on your system. For most all of these, you can pass a –force as an argument to force a reinstall of the application.

cPanel
/scripts/upcp

MySQL
/scripts/mysqlup

PostgreSQL
/scripts/installpostgres

Roundcube
/usr/local/cpanel/bin/update-roundcube

Horde
/usr/local/cpanel/bin/update-horde

Squirrelmail
/usr/local/cpanel/bin/update-squirrelmail

phpMyAdmin
/usr/local/cpanel/bin/updatephpmyadmin

pureFTP
/scripts/ftpup –force (See: Installing and Configuring pure-FTP)

Exim
/scripts/eximup

Courier IMAP
/scripts/courierup –force (See: Installing/Configuring Courier IMAP)

Dovecot
/scripts/dovecotup –force (See: Installing and Configuring Dovecot)

cpAddons
/scripts/cpaddonsup

NSD/BIND
/scripts/setupnameserver (NSD:/scripts/nsdup)

Apache/PHP
/scripts/easyapache (See: EasyApache)

suPHP
/scripts/suphpup

cPanel Internal PHP
/scripts/makecpphp

FrontPage Extensions
/scripts/fpupgrade

Mailman
/scripts/reinstallmailman (will not remove list data)

cpHulkd
/usr/local/cpanel/bin/hulkdsetup

Ruby
/scripts/installruby

Some time in earlier 2009 cPanel added a new script to their repository to allow cPanel admins to easily install ImageMagick without the hassle of finding compatible RPMs for newer versions, or dealing with the the various issues surrounding Perl Magick on CentOS 5/RHEL 5 servers.

First, check to see if you have existing RPM versions installed on your system:

rpm -qa |grep -i magick

If any packages show up, remove them with rpm -e . Then to reinstall ImageMagick, run:

/scripts/installimagemagick

This may take a bit of time, but it will fully install a functional copy of ImageMagick as well as Perl Magick. When it’s done, you can run the following commands to test it:

convert -v

…will show you ImageMagick is installed, and to what version:

Version: ImageMagick 6.4.8 2010-02-11 Q16 OpenMP http://www.imagemagick.org
Copyright: Copyright (C) 1999-2009 ImageMagick Studio LLC

To test Perl Magick (Image::Magick), run:

/scripts/checkimagemagick

Cpanel 11.24 comes with an Autofixer that allows you to fix common problems that may prevent access to certain parts of your system. The autofixer can be envoked two ways:

/scripts/autorepair <script name>

or in WHM:

https://example.com:2087/scripts2/doautofixer?autofix=test
https://your.server.ip.here:2087/scripts2/autofixer (and enter the name of the script)

The script argument would be the name of the script you are running through the autofixer. You can find a list of autofixer scripts here:

http://httpupdate.cpanel.net/autofixer/

So for instance, if you wanted to repair a broken SSH configuration and you can’t access SSH on your server, there is a script called ‘safesshrestart‘ in the autofixer repository that you can run:

https://example.com:2087/scripts2/doautofixer?autofix=safesshrestart

Alternatively, you can pass the script through /scripts/autorepair.

Commonly used autofixers (taken from the cPanel Documentation)

• test — Test autofixer on your system, nothing gets changed.
• bsdbindfix — Resolve port issue with BIND 9.
• compresszlibfix — Fix for compress zlib error.
• dbdmysql — DBD::mysql fix for older version of Red Hat (i.e. 7.3).
• fpindexfile — Fix for FrontPage index.
• iptablesflush — Flush iptables rules from WHM if you are firewalled from SSH access.
• libxml64fix — Fix for libXML on 64-bit systems.
• resellerresourceacctounts — Fix for reseller resource accounts.
• safesshrestart — Restores SSH Config and restarts SSH, should you be locked out.
• vfilterfix — Restores /etc/vfilters files.
• yumduprpmfix — This script will attempt to locate and resolve any duplicate RPMs.

CPanel has a internal script for using CPAN to install Perl modules. Learn it and love it:

/scripts/perlinstaller

Most common Perl modules can be installed from WHM ~> Install a Perl Module, or from command line. If you don’t know the name of the Perl module you’re installing, you may want to use the WHM installer instead, as it has a search feature and its usage is pretty self-explanatory.

For command line installations, pass the name of the perl module (case-sensitive) to the installer like so:

/scripts/perlinstaller MD5

/scripts/perlinstaller IO::Compress::Base

If the module is already installed and you need to update or reinstall it, pass –force:

/scripts/perlinstaller –force MD5

Since cPanel 11, you can now also allow your users to install their own perl modules locally in /home/$user/perl (which is automatically added to their Perl module path) so they don’t have to bug you when they need a Perl module, nor to they need SSH access.  You can enable this in WHM ~> Module Installers ~> Perl Module [Manage] . You do need to have compilers enabled for users though, which can be done in WHM ~> Security Center ~> Compilers Tweak .