cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Remove all expired certificates from Security - TLS/SSL - Certificates (CRT)

NetVicious shared this idea 18 months ago
Open Discussion

As a cPanel User, I would like to add a single button to delete all the expired certificates in AutoSSL so that it will simplify the process of updating SSL certificates.


==========


The AutoSSL addon don't deletes older certificates when they expire.

They're laying on the system until you manually deletes they.

We can do it one by one on cPanel / Security / TLS-SSL / Certificates (CRT).


What about a single button to delete all the expired certificates (looking the expiration date of the cert) in a single click?

Comments (1)

photo
2

This is a must and the fact the API lacks the necessary linkage to make it easier is definitely frustrating when you have tons of domains not updating due to expired and were previously installed by Let's Encrypt vs Comodo or vice versa.


Came up with this workaround for now which appears to be working great on my tests.


Check for expired certs:


for cert in $(/usr/local/cpanel/bin/whmapi1 fetch_ssl_vhosts| grep -E 'id: '|sed -e 's/^[ \t]*//' -e 's/id: //g');do cert_epoch=$(echo ${cert} |rev |cut -d_ -f2|rev); primary_domain=$(echo ${cert} |cut -d_ -f1,2|sed 's|_|.|g'); username=$(sudo grep ${primary_domain} /etc/userdomains | sed 's/.*://' |sed -e 's/^[ \t]*//'| sort -u) ; if [[ $(date +%s) -gt ${cert_epoch} ]]; then echo ""; echo "Expired SSL Cert: ${cert}" for user:${username} ; fi ; done


Check for Expired and delete:

for cert in $(/usr/local/cpanel/bin/whmapi1 fetch_ssl_vhosts| grep -E 'id: '|sed -e 's/^[ \t]*//' -e 's/id: //g');do cert_epoch=$(echo ${cert} |rev |cut -d_ -f2|rev); primary_domain=$(echo ${cert} |cut -d_ -f1,2|sed 's|_|.|g'); username=$(sudo grep ${primary_domain} /etc/userdomains | sed 's/.*://' |sed -e 's/^[ \t]*//'| sort -u) ; if [[ $(date +%s) -gt ${cert_epoch} ]]; then echo ""; echo "Expired SSL Cert: ${cert}" for user:${username} ; echo "Deleting SSL Cert."; uapi --user=${username} SSL delete_cert id=${cert} ; fi ; done


This is something if looking at the way the API functions for this doesn't make any sense why it should be this difficult to do as an administrator via API or as the end user in the cPanel.


In the AutoSSL settings where you have the replace expiring or expired is kinda pointless when enabled and its not fixing these till manually removed. this has been confirmed on numerous current v88 centos 7 servers.


https://docs.cpanel.net/whm/ssl-tls/manage-autossl/#allow-autossl-to-replace-invalid-or-expiring-non-autossl-certificates

Reference links:


https://features.cpanel.net/topic/delete-multiple-ssl-hosts

https://forums.cpanel.net/threads/remove-ssl-certificate.541091/


Api why can root not just delete the expired?

https://documentation.cpanel.net/display/DD/UAPI+Functions+-+SSL::delete_cert

Why is there a username requirement? and no automated lookup if you simply provide the explicit cert id to have deleted as root?


[root@cpanel ~]# cert="addondomain1_primarydomain_com_dda9f_47505_1605225599_8c8a54db8ca542aab9f341d71579b87c"; cert_epoch=$(echo ${cert} |rev |cut -d_ -f2|rev) ; if [[ ${cert_epoch} -gt $(date +%s) ]]; then echo "Deleting SSL Cert: ${cert}"; uapi --user=root SSL delete_cert id=${cert} ; fi

Deleting SSL Cert: addondomain1_primarydomain_com_dda9f_47505_1605225599_8c8a54db8ca542aab9f341d71579b87c

--- 

apiversion: 3

func: delete_cert

module: SSL

result: 

  data: ~

  errors: 

    - You do not have the feature "sslmanager".

  messages: ~

  metadata: {}

  status: 0

  warnings: ~

[root@cpanel ~]# 


There's also no whmapi function from what i could find to delete as root either.


Please add these necessary api calls or adjust the system so it works without needing these extra workarounds.


Thanks.

Leave a Comment
 
Attach a file