automating SSL cert renewals

Is it possible to automate the SSL cert setup? Either through scripting or some other method?

We'd like to move to ACME to automate our SSL certs for web and FTP, but I can't seem to find out if this is possible with serv-u.

Find more posts tagged with

acme

ssl

Accepted answers

All comments

calc2014

It's not an inbuilt feature but if you are able to do DNS validation and replace the cert file that Serv-U is pointing to, then it should work.

I haven't attempted this but you could try Certify The Web - simple free certificates for IIS and more, powered by Let's Encrypt and other ACME CAs

It's for IIS but maybe it has a method to do it to a file instead?

Let us know how you get on.

tiagocoelho2

If it's for Windows, there's this pkisharp.github.io/win-acme
It can automate to generate, I created scripts that do the renovation. The method is DNS validation.

calc2014

That looks cool, @blernsball let us know if that works for Serv-U without having to manually replace the cert in the admin panel.

tiagocoelho2

It follows a standard step for script development for Windows.

Step 1. Run wacs.exe
Step 2. Disable configuration file encryption
Step 3. Configuration directory in C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\
Step 4. Create the first certificate with the manual interface.
Step 5. Save created certificates and configuration folder
Step 6. Renew command xxxLocalInst\win-acme\wacs.exe --renew --baseuri "">acme-v02.api.letsencrypt.org/"
Step 7. Create a task to run every 80 days, for example.

For reinstallation, return files and directories to the default location.

Certificates can be copied to the Serv-U directory right after generation.

For security reasons I cannot share my script.

https://www.win-acme.com/manual/getting-started Documentation

calc2014

Nice, looks good! thanks for sharing.

blernsball

I forgot to update the thread, but here is how I did it. It was very easy.

Notes:

I used https://www.win-acme.com/ to fetch certs from https://letsencrypt.org/
basically, win-acme has the ability to produce PEM files that are usable by servu as CRT and KEY files
the renewal process will replace the files in place and servu will pick up the new ones.
win-acme was installed as usual.
Certs for HTTP/IIS were created separately in win-acme. The process below is for the cert for the FTP subdomain only.

win-acme method:

M - Create certificate (full)
2 - Manual input
- ftp.mydomain.com
- Friendly Name : ftp.mydomain.com
4 - Single Certificate
2 - Serve from memory
2 - RSA
2 - PEM
- NOTE: The PEM files are also usable as is, with no renaming needed as crt and key files (which servu needs)
Enter the Path the files will be placed into
- ex C:\SSLCerts (or wherever)
Set the password
1. record this
2. you will need this later in ServU
3 - No additional steps
When specifying the user to run the task, say no
It will run and create the cert in the directory and set up the renewal task (if needed)
To install in servU
1. To install the cert in servU, open the ServU management console and navigate to the domain in question
2. Go to Limits and Settings - Encryption
3. Under SSL Certificate
  1. In the Certificate Path, add ftp.mydomain.com-crt.pem
  2. In the Private Key Path, add ftp.mydomain.com-key.pem
  3. Under password, add the password you set above
  4. Save
4. Under SSH Private Key
  1. In the Private Key Path, add ftp.mydomain.com-key.pem
  2. Under password, add the password you set above
  3. Save
Done

Hope it helps someone.