API Functions to generate Lets Encrypt Certificate for site

Discussion in 'Feature Requests' started by johannes1985, Nov 23, 2018.

Tags:
  1. johannes1985

    johannes1985 Member HowtoForge Supporter

    API Functions to generate Lets Encrypt Certificate for site
     
  2. johannes1985

    johannes1985 Member HowtoForge Supporter

    I got the ssl generate working with the following, please tell me if this is fine to do?

    done this with the sites_web_domain_update api endpoint.

    First call (Only if it wasn't already enabled):
    Code:
    {'ssl': 'y', 'ssl_letsencrypt': 'y'}
    
    Second call:
    Code:
    { 'ssl_state': 'Example',
    'ssl_locality': 'Example',
    'ssl_organisation': 'Example',
    'ssl_organisation_unit': 'Example',
    'ssl_country': 'DE',
    'ssl_domain': 'example.com',
    'ssl_action': 'create'
    }
    
    Third call (After 'create' is not in ssl_action column anymore):
    Code:
    { 'ssl_action': 'save'}
    
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    What you did should create a self-signed ssl cert and not an LE cert. For an LE cert, it should be sufficient to:

    1) Create the website without SSL in a first call.
    2) then do an update and enable SDSL and let#s encrypt

    {'ssl': 'y', 'ssl_letsencrypt': 'y'}
     
  4. johannes1985

    johannes1985 Member HowtoForge Supporter

    Thank you, I will try it later on today with your method. However in my previous post, it does create a LE certificate, but I will definitely check your method.

    Also, the DKIM keys, I check they are generated via an ajax call. If I do the following, then I get the same result:
    Code:
    openssl genrsa 1024 -out mykey.pem
    openssl rsa -in mykey.pem -pubout -outform PEM
    ^^^ command just needs to be cleaned up ^^^

    However the following give an error when trying to generate a private key with:
    Code:
    openssl rand -out random-data.bin 20480
    
    ^^^ This works fine ^^^, error is when using the .bin file to generate a private key from.
    Can I just strip and adapt the commands used for calling openssl and create my own keys?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Sure, that should be ok.
     

Share This Page