How to change webapp SSL setting via CLI

Support
1

Description

How do I change this “Enable SSL” checkbox in wordpress (webapp) to enabled via the command line (cpcmd or EditDomain)? If I’ve already requested SSL certs via ‘Web->SSL Certificates’ do I even need to check that box?

image

2

I spend ~2 hours digging around on how to do this and cannot figure it out. Post a help thread and find the answer after playing around a little more: It never fails. However, more questions arise.

cpcmd -d domain1.com wordpress_reconfigure domain1.com / [ssl:true]

This worked for me, however I use cloudflare and get:

[root@cpanel ~]# cpcmd -d domain1.com wordpress_reconfigure domain1.com / [ssl:true]
DEBUG : SSL challenge attempt: http (domain1.com)
INFO : 301 redirect encountered to https://domain1.com/.well-known/acme-challenge/acme-test6942e33284ff59.5219444
DEBUG : HTTP: setting lDVCbUg9lV3_YCzzq2ut8_7bviCx1YWsNgm1Kr_QjvI.xWwW5h1Nyl9lsrnjlzWGRd-7wieads19-zeTNS0k' in /tmp/acme/.well-known/acme-challenge/lDVCbUg9lV3_YCzzq2ut8_7bvasdWsNgm1Kr_QjvI’
WARNING: Opcenter\Crypto\Letsencrypt\AcmeDispatcher::solve(): http challenge failed: Challenge failed (response: {“type”:“http-01”,“url”:"https://acme-v02.api.letsencrypt.org/acme/chall/2…

Questions now:

  1. Is there a document that details all of the commands and the parameters needed for cpcmd?
  2. Is there a way to turn off the IP check when turning SSL on using this command?
  3. The work around I do now is manually create the SSL certs with the IP verify unchecked, and then I come into the webapp and enable SSL checkbox, and then it works, but I am looking to automated this via the CLI and looking for the best practice here.

Thank you!

3

Use webapp:reconfigure().

cpcmd -d DOMAIN webapp:reconfigure DOMAIN '' ssl 1

'' parameter is an optional path located under the domain, if it resides elsewhere other than root. webapp:reconfigurables() lists all reconfigurable parameters available for a Web App.

4

Skipped over your follow-up:

  1. API docs will give you information on parameters. cpcmd misc:i MODULE:COMMAND is shorthand for misc:command-info, which provides command introspection.

  2. It’s encoded in preferences under letsencrypt → verify-ip. cpcmd -d DOMAIN common:set-preference letsencrypt.verify-ip false to address this programmatically. It can also be tweaked server-wide using cpcmd config:set letsencrypt verify_ip false. Sites that determine the value explicitly will not inherit this setting.

  3. Disable IP verification or request wildcard SSL for the domain ahead of time. So long as the account is configured to use Cloudflare as its DNS provider, wildcard certificates will automatically include all subdomains on an account without making a separate authorization request.

1 Like