* All subdomains must be on the same IP and cPanel account
* You must have a wildcard SSL qualifying for *.tld.com
Keep in mind that for a wildcard SSL to work, it really does have to be installed for each subdomain. You can’t install it once and have it automatically work in the fly like wildcard DNS does – Apache just doesn’t work that way. Luckily, we’ve scripted an easy solution for you.
Create the following files:
* /etc/ssl/certs/domain-name.crt
This file will contain the actual certificate, and should be named off of your top-level domain.
* /etc/ssl/certs/tld.cabundle
This file will be the CA bundle for your wildcard certificate, if you have one. If the certificate is for *.mydomain.com, name the file mydomain.com.cabundle
Create a file called wildcardssl.sh.
Add the following code.
#!/bin/bash
# Script to install wildcard SSL on a single IP for each subdomain
# usage: <scriptname> <domain>
if [ $# -ne 1 ]
then
echo “Usage: `basename $0` <parent domain>”
exit 1
else
domain=$1
fi
sslfile=”/etc/ssl/certs/$domain.crt”
cafile=”/etc/ssl/certs/$domain.cabundle”
if [[ ! -s $sslfile ]] || [[ ! -s $cafile ]];then
echo “Missing or empty SSL or CA bundle file”
exit 1;
fi
user=$(/scripts/whoowns $domain)
ip=$(cat /etc/domainips | grep $domain |awk ‘{print $1}’ |cut -d: -f1)
olddocroot=$(cat /var/cpanel/userdata/$user/{$domain}_SSL |grep documentroot |awk ‘{print $2}’ | head -1)
if [ ! -f $sslfile ]; then
echo “SSL template file does not exist”
exit 1
elif ! grep $domain /etc/trueuserdomains >/dev/null; then
echo “Domain provided is not a primary domain”
exit 1
fi
sublist=$(cat /etc/userdomains | grep $domain | awk ‘{print $1}’ | cut -d: -f1 | sed “/^\$domain$/d”)
for sub in $sublist
do
userdata=”/var/cpanel/userdata/$user/$sub”
userdatassl=”/var/cpanel/userdata/$user/${sub}_SSL”
if [ ! -f $userdata ];then
echo “Userdata file missing for $sub”
else
docroot=$(cat $userdata |grep documentroot |awk ‘{print $2}’ | head -1)
scp -p /var/cpanel/userdata/$user/{$domain}_SSL $userdatassl
replace USER $user — $userdatassl
replace SUB $sub — $userdatassl
replace DOMAIN $domain — $userdatassl
replace DOCROOT $docroot — $userdatassl
replace IP $ip — $userdatassl
#cat $sslfile | awk -F: -v OFS=: ‘/^documentroot/{$2 = “‘” $docroot”‘”}1’ $userdatassl
#replace “documentroot: $olddocroot” “documentroot: $docroot” — $userdatassl
fi
done
echo “rebuilding httpdconf”
sleep 1
sleep 1
/scripts/rebuildhttpdconf
sleep1
echo “httpdconf rebuilded”
save the file.
sleep1
echo “httpdconf rebuilded”
save the file.
Usage:
chmod 755 wildcardssl.sh
./wildcardssl.sh $domain
Note: After it runs, all you need to do is restart Apache. Please make a copy of /var/cpanel/userdata before running the script for the first time, until you’ve verified that it works on your setup. Please note that this script would need to be run again if more subdomains are added later on.
Cpanel Wildcard SSL Installation Script
