Wildcard SSL Installation Script

5/5 - (1 vote)

Us administrators eventually come to the realization that when you have a wildcard SSL certificate for 40 subdomains, you can’t practically have separate IPs and cPanel accounts for all of them. If you have a wildcard SSL certificate for all your su

bdomains, you can easily install the certificate on a single IP address for all the subdomains. For this particular scenario to work:

  • All subdomains must be on the same IP and cPanel account
  • You must have a wildcard SSL qualifying for *.tld.com

Keep in mind that for a wildcard SSL to work, it really does have to be installed for each subdomain. You can’t install it once and have it automatically work in the fly like wildcard DNS does – Apache just doesn’t work that way. Luckily, we’ve scripted an easy solution for you.

Create the following files:

  • /etc/ssl/certs/tld.crt

This file will contain the actual certificate, and should be named off of your top-level domain. For example, if the certificate is for *.mydomain.com, name the file mydomain.com.crt

  • /etc/ssl/certs/tld.cabundle

This file will be the CA bundle for your wildcard certificate, if you have one. If the certificate is for *.mydomain.com, name the file mydomain.com.cabundle

Now download the install script from here.

This is basically just a bash script that you can use to install a wildcard SSL for a domain. Running it will install the certificate on all subdomains of the domain passed to the script:

chmod 755 wildcardssl.sh

./wildcardssl.sh $domain

After it runs, all you need to do is restart Apache. Please make a copy of /var/cpanel/userdata before running the script for the first time, until you’ve verified that it works on your setup. Please note that this script would need to be run again if more subdomains are added later on.

17 Comments

  1. John OConnell Reply

    I think there is a typo in the script.

    olddocroot=$(cat $sslfile |grep documentroot |awk ‘{print $2}’ | head -1)

    $sslfile is the crt file; no plain text to grep

  2. John OConnell Reply

    it also has an error here:

    scp -p $sslfile $userdatassl

    it is copying the crt file into
    /var/cpanel/userdata/$user/${sub}_SSL

  3. Marcus Reply

    I’d really like to contact someone about this.

    I got errors trying to utilise this on the cPanel system i manage, and I’d really like to get this going.

    I have 3 sites on my server that have subdomains that require SSL. So far I have only been able to configure 1 site in each for it.

      1. Will Dashwood Reply

        Hi Vanessa,

        Nearly every time I’m search for a solution to a cPanel problem, you’ve already come up with the goods! The only problem is that on the particular server I’m working on, all sub-domains have been created on their own separate cPanel account. Do you know what modifications are required to the script to work around that?

        Thank you,
        Will

        1. Vanessa Vasile Reply

          Hi Will, Thanks for the shoutout 🙂 So if you have all the subdomains on different accounts, you probably made it easier for yourself. Just install the certificates like you would any normal one. If you’re on CentOS 6 or higher, your server would support SNI so you don’t need a dedicated IP for each account. If you want this done automatically for every account created, let me know and I’ll see if I can come up with something.

          1. Andres Tobar

            Hi Vanessa, did you ever get this automated script done? If so I’d love to buy it. I’ve run into this situation at the moment. Have over 100 subdomains all with their own cpanel account that I’d like to add a wildcard SSL certificate to. I put my real email address feel free to email me if you’d like

  4. Dan Reply

    I tried this, it doesn’t work. Even after fixing the bugs to get it to run it then errors with

    “warn [rebuildhttpdconf] Failed to resolve duplicate SSL VirtualHosts:”

    Is there a way to overcome this?

  5. Marci Reply

    Hi there Vanessa – getting errors with your script…

    root@websrv01 [~]# ./wildcardssl.sh ossettacademy.co.uk

    cat: /var/cpanel/userdata/ossettac/{ossettacademy.co.uk}_SSL: No such file or directory
    cp: cannot stat `/var/cpanel/userdata/ossettac/{ossettacademy.co.uk}_SSL’: No such file or directory
    replace: No to-string for last from-string
    cp: cannot stat `/var/cpanel/userdata/ossettac/{ossettacademy.co.uk}_SSL’: No such file or directory
    replace: No to-string for last from-string
    info [rebuildhttpdconf] Skipping SSL VirtualHost for domain ossettacademy.co.uk, missing key file
    info [rebuildhttpdconf] Skipping SSL VirtualHost for domain vtle.ossettacademy.co.uk, missing certificate file
    Built /usr/local/apache/conf/httpd.conf OK

    On restart of Apache, https continues to fail.
    Certs were uploaded to /etc/ssl/certs as ossettacademy.co.uk.crt and ossettacademy.co.uk.cabundle

  6. Dan H Reply

    I had to change these lines

    olddocroot=$(cat /var/cpanel/userdata/$user/{$domain}_SSL |grep documentroot |awk ‘{print $2}’ | head -1)

    to

    olddocroot=$(cat /var/cpanel/userdata/$user/${domain}_SSL |grep documentroot |awk ‘{print $2}’ | head -1)

    and this one too
    scp -p /var/cpanel/userdata/$user/{$domain}_SSL $userdatassl

    scp -p /var/cpanel/userdata/$user/${domain}_SSL $userdatassl
    Now it works like a charm. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

Log in