|
|
I run either certbot or win-acme or acme.sh on the server to update
the website certificate.
t's configured to save the certificates to a known location, then it
calls a cgp-update script and finally deletes the saved
certificates.
The cgp-update script then looks like this, feel free to build
upon that:
#!/usr/bin/perl
use CLI;
use strict;
our $login = "postmaster";
our $password = "password"; # TODO: load password from a more secure location
# This directory contains certificate files saved by the acme script
# With names following the pattern subdomain1.key, subdomain1.crt, subdomain1.chain.crt
our $keypath = '/path/to/ssl/certificates';
sub update_cert
{
my ($cli, $domain, $src) = @_;
$src = $domain unless $src;
my $pkeyfile = "$keypath/$src.key";
my $certfile = "$keypath/$src.crt";
my $cafile = "$keypath/$src.chain.crt";
open(PK, $pkeyfile) or die "Can't find $pkeyfile";
my $pk = join("", <PK>);
close PK;
$pk =~ s/-----BEGIN RSA PRIVATE KEY-----//;
$pk =~ s/-----END RSA PRIVATE KEY-----//;
$pk =~ s/[\r\n]//g;
$pk = "[$pk]";
open(PK, $certfile) or die "Can't find $certfile";
my $cert = join("", <PK>);
close PK;
$cert =~ s/-----BEGIN CERTIFICATE-----//;
$cert =~ s/-----END CERTIFICATE-----//;
$cert =~ s/[\r\n]//g;
$cert = "[$cert]";
open(PK, $cafile) or die "Can't find $cafile";
my $ca = join("", <PK>);
close PK;
$ca =~ s/-----BEGIN CERTIFICATE-----//g;
$ca =~ s/-----END CERTIFICATE-----//g;
$ca =~ s/[\r\n]//g;
$ca = "[$ca]";
my $newsettings = {
"PrivateSecureKey" => $pk,
"CAChain" => $ca,
"SecureCertificate" => $cert
};
$cli->UpdateDomainSettings(domain=>$domain, settings=>$newsettings) || die "can't update settings: " . $cli->getErrMessage;
}
my $cli = new CGP::CLI( { PeerAddr => "127.0.0.1",
PeerPort => 106,
login => $login,
password => $password
} )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";
update_cert($cli, "subdomain1.com");
update_cert($cli, "subdomain2.com");
update_cert($cli, "subdomain3.com");
$cli->Logout;
Best regards,
Nicolas Hatier
Hi Sérgio
I know there was a plan to introduce
Letsencrypt / ACME in 6.4.
Obviously company
structures have changed and therefore dev plans.
I don’t know of any existing script.
It would not be hard to make such a script,
but there’s still enough time and I hope we’ll have a native
solution till 2029.
Regards
Ralf
Greetings,
As you might already know, CA/B Forum decided to reduce the validity
of SSL certificates, and their corresponding DCV domain
validation. After March 15th 2029, certificates will be
valid for 47 days, and the DCV validation will be valid for
10 days.
Manual installation of SSL certificates must be
discontinued.
How can I integrate CommuniGate Pro, Certbot
(or other ACME compatible tool) and Let's
Encrypt SSL certificates to automatically renew and
install SSL certificates on CommuniGate Pro?
Is there a script available that I can use?
Thanks in advance,
--
Sérgio Araújo
Partner | CTO
3GNTW | IT - Technology Infrastructure
sergio@3gnt.net | +351
252 377 120
Cloud | Consultancy | Datacenter | Domains | eCommerce |
High Availability | Internet | IP Telephony | Messaging |
Mobility | Networking | Newsletters | Online Shops |
Security | Storage | System Administration |
Virtualization | VoIP | Web Hosting | Websites
Follow me at sergioaraujo.pt! Follow 3GNTW
at 3gnt.net,
on Facebook, LinkedIn, Twitter
and YouTube.
|
|